feat: initial commit

docs/PLAN.md

@@ -0,0 +1,48 @@
+# Wazuh on Proxmox - Plan
+
+## Goal
+Provision one VM on local Proxmox using Terraform and install Wazuh all-in-one
+automatically.
+
+## Current Assets
+- Ready single-VM Proxmox Terraform baseline in `sources/iac-test/main.tf`.
+- Ready multi-VM reference in `sources/multi-vm-iac/main.tf`.
+- Known working Proxmox params from existing code:
+  - endpoint `https://10.0.50.110:8006/`
+  - node `rbmk2`
+  - template VM ID `169`
+  - bridge `vmbr0`
+  - cloud-init user `devops`
+
+## Selected Base
+Use `iac-test` as base because target is one VM for Wazuh.
+
+## Work Plan
+1. Create clean Terraform project structure from single-VM base:
+   - `main.tf`, `variables.tf`, `outputs.tf`, `versions.tf`
+   - `terraform.tfvars.example`
+2. Parameterize all environment-specific values:
+   - Proxmox endpoint/token file path/node/template/datastore/bridge
+   - VM name, CPU, RAM, disk, IP, gateway, SSH key, SSH port
+3. Add cloud-init/user-data provisioning for Wazuh:
+   - OS packages and prerequisites
+   - run `wazuh-install.sh -a`
+   - ensure services are enabled and started
+4. Add post-deploy validation outputs:
+   - VM IP
+   - dashboard URL
+   - quick health commands
+5. Add runbook (`README.md`) with exact operator commands:
+   - `terraform init`
+   - `terraform plan -var-file=...`
+   - `terraform apply -var-file=...`
+   - access + agent enrollment steps
+6. Optional hardening pass:
+   - split Wazuh install from VM creation (null_resource/ansible)
+   - add destroy safeguards and tags
+
+## Open Inputs Needed Before Apply
+- Final static IP for Wazuh VM in LAN.
+- Whether to keep default Wazuh ports (443, 1514, 1515) exposed as-is.
+- Template `169` confirmation (cloud-init enabled and qemu-guest-agent present).
+