From 63145188f8f93da95494f969c15bc91eb163e141 Mon Sep 17 00:00:00 2001
From: Sebastian Serfling <serfling@itdata-gera.de>
Date: Fri, 8 May 2026 14:50:21 +0200
Subject: [PATCH] feat: root password setup + ssh timeout fix

---
 .gitea/workflows/staging.yml |  3 ++-
 terraform/main.tf            | 10 ++++++++++
 terraform/variables.tf       |  6 ++++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/staging.yml b/.gitea/workflows/staging.yml
index aede92a..b96b20e 100644
--- a/.gitea/workflows/staging.yml
+++ b/.gitea/workflows/staging.yml
@@ -32,7 +32,8 @@ jobs:
             -var="staging_ip=${{ secrets.STAGING_IP }}" \
             -var="staging_gw=${{ secrets.STAGING_GW }}" \
             -var="ssh_public_key=${{ secrets.DEPLOY_SSH_PUBKEY }}" \
-            -var="ssh_private_key=${{ secrets.DEPLOY_SSH_KEY }}"
+            -var="ssh_private_key=${{ secrets.DEPLOY_SSH_KEY }}" \
+            -var="root_password=${{ secrets.ROOT_PASSWORD }}"
         env:
           TF_IN_AUTOMATION: "true"
 
diff --git a/terraform/main.tf b/terraform/main.tf
index c4703f2..51799f9 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -48,15 +48,23 @@ resource "proxmox_lxc" "staging" {
 
   provisioner "remote-exec" {
     inline = [
+      # Root Password setzen
+      "echo 'root:${var.root_password}' | chpasswd",
+
+      # System Setup
       "apt-get update -qq",
       "apt-get install -y hugo nginx git rsync curl",
       "systemctl enable --now nginx",
+
+      # Deploy User mit SSH Key
       "useradd -m -s /bin/bash deploy || true",
       "mkdir -p /home/deploy/.ssh",
       "chmod 700 /home/deploy/.ssh",
       "echo '${var.ssh_public_key}' >> /home/deploy/.ssh/authorized_keys",
       "chmod 600 /home/deploy/.ssh/authorized_keys",
       "chown -R deploy:deploy /home/deploy/.ssh",
+
+      # Web Root
       "mkdir -p /var/www/html",
       "chown -R deploy:deploy /var/www/html"
     ]
@@ -65,6 +73,8 @@ resource "proxmox_lxc" "staging" {
       user        = "root"
       private_key = var.ssh_private_key
       host        = self.network[0].ip
+      timeout     = "10m"
+      agent       = false
     }
   }
 
diff --git a/terraform/variables.tf b/terraform/variables.tf
index a70dba9..8102316 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -58,3 +58,9 @@ variable "ssh_private_key" {
   type        = string
   sensitive   = true
 }
+
+variable "root_password" {
+  description = "Root Password für Staging VM"
+  type        = string
+  sensitive   = true
+}