From 57e9163f33c019130efc2202d897ac914fdd18f8 Mon Sep 17 00:00:00 2001 From: krakenhavoc Date: Tue, 17 Mar 2026 11:37:13 -0400 Subject: [PATCH 1/4] feat: add win vm to lab --- .../deployments/lab/env/lab/terraform.tfvars | 9 ++ terraform/deployments/lab/main.tf | 89 +++++++++++++++++++ terraform/deployments/lab/variables.tf | 17 +++- 3 files changed, 114 insertions(+), 1 deletion(-) diff --git a/terraform/deployments/lab/env/lab/terraform.tfvars b/terraform/deployments/lab/env/lab/terraform.tfvars index 20c406a..b9c4b8c 100644 --- a/terraform/deployments/lab/env/lab/terraform.tfvars +++ b/terraform/deployments/lab/env/lab/terraform.tfvars @@ -30,3 +30,12 @@ pwnbox = { vlan_id = 200 admin_username = "krkn" } +windows11 = { + name_prefix = "win11" + description = "Windows 11 - Managed by Terraform" + tags = ["windows"] + cpu_cores = 4 + memory_mb = 16384 + os_disk_size = 64 + network_bridge = "vmbr0" +} diff --git a/terraform/deployments/lab/main.tf b/terraform/deployments/lab/main.tf index b0861d2..61cd472 100644 --- a/terraform/deployments/lab/main.tf +++ b/terraform/deployments/lab/main.tf @@ -67,3 +67,92 @@ module "pwnbox" { vm_network_bridge = var.pwnbox.network_bridge vm_vlan_id = var.pwnbox.vlan_id } + +# ----------------------------------------------------------------------------- +# Windows 11 VM +# ----------------------------------------------------------------------------- +# Uses a raw resource instead of the cloud-init module since Windows requires +# ISO-based installation with UEFI, TPM 2.0, and VirtIO driver loading. +# Post-apply steps: +# 1. Attach virtio-win.iso as a second CD-ROM via Proxmox UI (Hardware > Add > CD/DVD) +# 2. Boot the VM and install Windows via the Proxmox console +# 3. During disk selection, load driver: vioscsi\w11\amd64 from the VirtIO CD +# 4. After install, run virtio-win-gt-x64.msi from the VirtIO CD for all drivers + QEMU Guest Agent + +resource "proxmox_virtual_environment_vm" "windows11" { + provider = pve + + name = var.windows11.name_prefix + node_name = var.pve.host + description = var.windows11.description + tags = sort(concat(["terraform"], var.windows11.tags)) + on_boot = false + bios = "ovmf" + machine = "q35" + + operating_system { + type = "win11" + } + + cpu { + type = "host" + cores = var.windows11.cpu_cores + sockets = 1 + } + + memory { + dedicated = var.windows11.memory_mb + floating = 0 + } + + tpm_state { + version = "v2.0" + datastore_id = var.vm_disk_datastore_id + } + + efi_disk { + datastore_id = var.vm_disk_datastore_id + file_format = "raw" + type = "4m" + pre_enrolled_keys = true + } + + # OS disk — VirtIO SCSI for best performance + disk { + interface = "scsi0" + datastore_id = var.vm_disk_datastore_id + size = var.windows11.os_disk_size + file_format = "raw" + cache = "writeback" + discard = "on" + iothread = true + ssd = true + } + + scsi_hardware = "virtio-scsi-single" + + # Windows 11 installation ISO + cdrom { + file_id = "local:iso/win11-latest.iso" + interface = "ide0" + } + + agent { + enabled = true + type = "virtio" + trim = true + } + + network_device { + model = "virtio" + bridge = var.windows11.network_bridge + vlan_id = var.windows11.vlan_id + } + + vga { + type = "virtio" + memory = 64 + } + + stop_on_destroy = true +} diff --git a/terraform/deployments/lab/variables.tf b/terraform/deployments/lab/variables.tf index 5cb87f8..3508704 100644 --- a/terraform/deployments/lab/variables.tf +++ b/terraform/deployments/lab/variables.tf @@ -48,7 +48,7 @@ variable "pwnbox" { tags = optional(list(string), ["ctf"]) bios = optional(string, "ovmf") cpu_cores = optional(number, 4) - memory_mb = optional(number, 8192) + memory_mb = optional(number, 16384) os_disk_size = optional(number, 50) disk_interface = optional(string, "virtio0") network_bridge = optional(string, "vmbr0") @@ -57,3 +57,18 @@ variable "pwnbox" { }) default = {} } + +variable "windows11" { + description = "Object containing the Windows 11 VM configuration" + type = object({ + name_prefix = optional(string, "win11") + description = optional(string, "Windows 11 - Managed by Terraform") + tags = optional(list(string), ["windows"]) + cpu_cores = optional(number, 4) + memory_mb = optional(number, 8192) + os_disk_size = optional(number, 64) + network_bridge = optional(string, "vmbr0") + vlan_id = optional(number, null) + }) + default = {} +} From ccb50fb18ad53e63bc50eaf81d6434b9cedef47a Mon Sep 17 00:00:00 2001 From: krakenhavoc Date: Wed, 18 Mar 2026 08:39:51 -0400 Subject: [PATCH 2/4] fix: add nested virt --- terraform/deployments/lab/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/deployments/lab/main.tf b/terraform/deployments/lab/main.tf index 61cd472..cd70b80 100644 --- a/terraform/deployments/lab/main.tf +++ b/terraform/deployments/lab/main.tf @@ -98,6 +98,7 @@ resource "proxmox_virtual_environment_vm" "windows11" { type = "host" cores = var.windows11.cpu_cores sockets = 1 + flags = ["+vmx"] } memory { From d0864fc7b4b1d3d692c06b3dddd1b034bdb75ec9 Mon Sep 17 00:00:00 2001 From: krakenhavoc Date: Wed, 18 Mar 2026 09:07:35 -0400 Subject: [PATCH 3/4] fix: nested virt --- terraform/deployments/lab/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/deployments/lab/main.tf b/terraform/deployments/lab/main.tf index cd70b80..e2d2ea6 100644 --- a/terraform/deployments/lab/main.tf +++ b/terraform/deployments/lab/main.tf @@ -98,7 +98,7 @@ resource "proxmox_virtual_environment_vm" "windows11" { type = "host" cores = var.windows11.cpu_cores sockets = 1 - flags = ["+vmx"] + flags = ["+nested-virt"] } memory { From 32f5877f10bd588c644ff47ac03a89b1d277d61b Mon Sep 17 00:00:00 2001 From: krakenhavoc Date: Wed, 18 Mar 2026 09:24:32 -0400 Subject: [PATCH 4/4] fix: vlan id --- terraform/deployments/lab/env/lab/terraform.tfvars | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/deployments/lab/env/lab/terraform.tfvars b/terraform/deployments/lab/env/lab/terraform.tfvars index b9c4b8c..ea9fd63 100644 --- a/terraform/deployments/lab/env/lab/terraform.tfvars +++ b/terraform/deployments/lab/env/lab/terraform.tfvars @@ -38,4 +38,5 @@ windows11 = { memory_mb = 16384 os_disk_size = 64 network_bridge = "vmbr0" + vlan_id = 99 }