#!/bin/bash
# =============================================================================
# PVE Security Scanner VM - Creation Script
# Run this on the Proxmox host
# =============================================================================
set -euo pipefail

# --- Configuration (modify these) ---
VMID=200
VM_NAME="security-scanner"
STORAGE="local-lvm"          # PVE storage pool
ISO_PATH="local:iso/debian-12-amd64-netinst.iso"  # Debian 12 ISO
BRIDGE="vmbr0"               # Network bridge
CORES=4
MEMORY=8192                  # MB
DISK_SIZE="80G"
VLAN_TAG=""                  # Set VLAN tag if needed, e.g., "10"

# --- Guard: check if VM already exists ---
if qm status "${VMID}" &>/dev/null; then
    echo "[!] VM ${VMID} already exists. Skipping creation."
    exit 0
fi

# --- Create VM ---
echo "[+] Creating VM ${VMID} (${VM_NAME})..."

# VLAN_TAG conditional: appends ,tag=<N> only when VLAN_TAG is set
qm create "${VMID}" \
  --name "${VM_NAME}" \
  --ostype l26 \
  --cores "${CORES}" \
  --memory "${MEMORY}" \
  --cpu cputype=host \
  --scsihw virtio-scsi-single \
  --scsi0 "${STORAGE}:${DISK_SIZE}" \
  --ide2 "${ISO_PATH},media=cdrom" \
  --net0 "virtio,bridge=${BRIDGE}${VLAN_TAG:+,tag=${VLAN_TAG}}" \
  --boot "order=ide2;scsi0" \
  --agent enabled=1 \
  --onboot 1 \
  --protection 0 \
  --description "Internal network security scanner. Restricted network access."

echo "[+] VM ${VMID} created successfully."
echo "[+] Start the VM and install Debian 12, then run the vm/ scripts."
echo ""
echo "    qm start ${VMID}"