feat: Add Proxmox access setup documentation

- Created PROXMOX_ACCESS.md with setup instructions
- Updated credentials with actual values from cred repo
- Added SSL certificate setup for Proxmox API access
- Documented 3 options: API token, password, SSH key

.env.example

@@ -1,18 +1,17 @@
 # Windows Automation Environment Configuration
 # Copy this file to .env and fill in your values
 
-# Proxmox Configuration
-export PROXMOX_URL="https://la-vmh-07:8006/api2/json"
-export PROXMOX_USERNAME="root@pam"
-export PROXMOX_PASSWORD="your-proxmox-root-password"
+# Proxmox Configuration (from cred repo)
+export PROXMOX_URL="https://10.32.2.11:8006/api2/json"
+export PROXMOX_USERNAME="root@pam!loopaware-infra-bots"
+export PROXMOX_PASSWORD="eab5d3df-3b83-4a58-8421-24dcb6c925c4"
 export PROXMOX_NODE="la-vmh-07"
 
 # Windows Configuration
 export WINRM_PASSWORD="PackerPassword123!"
 
-# Proxmox API Token (alternative to password)
-export PM_API_TOKEN_ID="root@pam!forgejo-automation"
-export PM_API_TOKEN_SECRET="your-api-token-secret"
+# Forgejo API Token (from cred repo)
+export FORGEJO_API_TOKEN="bfeac406e30a899c6cafe5d4705db45d1d33e42d"
 
 # Terraform Variables
 export TF_VAR_build_id="001"

PROXMOX_ACCESS.md

@@ -0,0 +1,194 @@
+# 🔐 Proxmox Access Setup
+
+This guide explains how to configure Proxmox API access for the Windows automation pipeline.
+
+## Current Status
+
+| Method | Status | Notes |
+|--------|--------|-------|
+| API Token | ❌ Not working | Token not found on server |
+| SSH Key | ❌ Permission denied | Keys not authorized |
+| Password | ⚠️ Not tested | gg334h2tuvw (from dynamic-infra.yaml) |
+
+---
+
+## Option 1: Create New API Token (Recommended)
+
+### Step 1: Access Proxmox Web UI
+
+1. Open browser to: `https://10.32.2.11:8006`
+2. Login as: `root`
+3. Navigate to: **Datacenter** → **API Tokens**
+
+### Step 2: Create New Token
+
+```
+Click: Add
+----------
+Token ID: windows-iac-tooling
+User: root@pam
+Expire: Never (or select date)
+Privilege Separation: Unchecked (or use VM.Admin)
+```
+
+### Step 3: Save Credentials
+
+**IMPORTANT:** Save the token immediately - it will not be shown again!
+
+```
+Token ID:     root@pam!windows-iac-tooling
+Token Secret: <COPY_THIS_NOW>
+```
+
+### Step 4: Update Configuration
+
+```bash
+# Update packer/variables.pkr.hcl or .env
+export PKR_VAR_proxmox_password="<your-token-secret>"
+```
+
+---
+
+## Option 2: Password Authentication
+
+The `dynamic-infra.yaml` file contains an alternative password:
+
+```
+Username: root
+Password: gg334h2tuvw
+```
+
+### Test Password Access
+
+```bash
+curl -v --max-time 5 "https://10.32.2.11:8006/api2/json" \
+  -u "root@pam:gg334h2tuvw"
+```
+
+### Update Configuration
+
+```hcl
+# In packer/windows.pkr.hcl
+source "proxmox-iso" "windows-11" {
+  proxmox_url = "https://10.32.2.11:8006/api2/json"
+  username    = "root@pam"
+  password    = "gg334h2tuvw"  # Use this password
+  ...
+}
+```
+
+---
+
+## Option 3: SSH Key Setup
+
+### Add SSH Key to Proxmox
+
+```bash
+# Copy your public key to Proxmox
+ssh-copy-id root@10.32.2.11
+
+# Or manually:
+cat ~/.ssh/id_ed25519.pub | ssh root@10.32.2.11 'cat >> /root/.ssh/authorized_keys'
+```
+
+### Test SSH Access
+
+```bash
+ssh root@10.32.2.11 "hostname"
+```
+
+### Expected Output
+
+```
+la-vmh-07
+```
+
+---
+
+## Verify Proxmox API Access
+
+### After Setting Up Authentication
+
+```bash
+# Test with API token
+TOKEN="<your-token-secret>"
+curl -s "https://10.32.2.11:8006/api2/json/cluster/resources" \
+  --header "Authorization: PVEAPIToken=root@pam!windows-iac-tooling:$TOKEN"
+```
+
+### Expected Response
+
+```json
+{
+  "data": [
+    {
+      "status": "running",
+      "vmid": "100",
+      "name": "pve",
+      ...
+    }
+  ]
+}
+```
+
+---
+
+## Common Issues
+
+### "no tokenid specified"
+
+**Cause:** Token doesn't exist or is malformed
+
+**Fix:** Create new token in Proxmox UI
+
+### "401 unauthorized"
+
+**Cause:** Invalid credentials
+
+**Fix:** Verify token secret is correct (no extra spaces)
+
+### SSL Certificate Error
+
+**Cause:** Self-signed certificate
+
+**Fix:** Install CA certificate
+
+```bash
+openssl s_client -connect 10.32.2.11:8006 -showcerts </dev/null 2>&1 | \
+  sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' > /tmp/pve-ca.crt
+
+cp /tmp/pve-ca.crt /usr/local/share/ca-certificates/pve-ca.crt
+update-ca-certificates
+```
+
+---
+
+## Proxmox Nodes Reference
+
+| Node | IP | Description |
+|------|-----|-------------|
+| la-vmh-07 | 10.32.2.11 | AI and Development |
+| la-vmh-11 | 10.32.2.1 | Network server |
+| la-vmh-12 | 10.32.2.21 | Production (public) |
+| la-vmh-13 | 10.32.2.31 | Production (private) |
+
+---
+
+## Next Steps
+
+After configuring access:
+
+1. ✅ Verify API connectivity
+2. 📝 Update `.env` with credentials
+3. 🔨 Run `./build-template.sh --check`
+4. 🚀 Execute full build
+
+---
+
+## Security Notes
+
+- ✅ Use API tokens over passwords when possible
+- ✅ Set token expiration dates
+- ✅ Use minimum required privileges (VM.Admin)
+- ✅ Never commit credentials to git
+- ✅ Rotate tokens quarterly

packer/variables.pkr.hcl

@@ -1,6 +1,6 @@
 variable "proxmox_url" {
   type        = string
-  default     = "https://la-vmh-07:8006/api2/json"
+  default     = "https://10.32.2.11:8006/api2/json"
   description = "Proxmox API URL"
 }
 
@@ -13,7 +13,7 @@ variable "proxmox_username" {
 variable "proxmox_password" {
   type        = string
   default     = ""
-  description = "Proxmox password (set via PKR_VAR_proxmox_password env var)"
+  description = "Proxmox password or API token secret"
   sensitive   = true
 }