apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-opentofu
spec:
  package: xpkg.upbound.io/upbound/provider-opentofu:v0

---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: proxmox-secret
spec:
  secretStoreRef:
    name: vault
    kind: ClusterSecretStore
  target:
    name: proxmox-secret
  data:
    - secretKey: pm_api_url
      remoteRef:
        key: kv/crossplane/proxmox
        property: pm_api_url
    - secretKey: pm_password
      remoteRef:
        key: kv/crossplane/proxmox
        property: pm_password
    - secretKey: pm_user
      remoteRef:
        key: kv/crossplane/proxmox
        property: pm_user

---
apiVersion: opentofu.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: default
spec:
  #credentials:
  #  - filename: gcp-credentials.json
  #    source: Secret
  #    secretRef:
  #      namespace: upbound-system
  #      name: opentofu-gcp-creds
  #      key: credentials
  configuration: |

    // Modules _must_ use remote state. The provider does not persist state.
    terraform {
      backend "kubernetes" {
        secret_suffix     = "providerconfig-default"
        namespace         = "crossplane"
        in_cluster_config = true
      }
      required_providers {
        proxmox = {
          source  = "Telmate/proxmox"
          version = "3.0.1-rc9"
        }
      }
    }