dump

ansible/books/tasks/terraform-user.yml

@@ -0,0 +1,13 @@
+- name: Create Terraform user
+  ansible.builtin.command: pveum user add terraform@pve --password {{ terraform_password }}
+  args:
+    creates: "/etc/pve/user.cfg" # Prevent re-run errors
+
+- name: Add TerraformProvisioner role
+  ansible.builtin.command: >
+    pveum role add TerraformProvisioner -privs "VM.Allocate VM.Config.CloudInit VM.Config.Disk VM.Config.Network VM.PowerMgmt VM.Console Datastore.AllocateSpace"
+  ignore_errors: true # Might already exist
+
+- name: Assign role to user
+  ansible.builtin.command: >
+    pveum aclmod / -user terraform@pve -role TerraformProvisioner