From 190dc2e09563f6b4ab95c114ab8331356cf71cff Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Mon, 2 Mar 2026 22:30:38 +0000
Subject: [PATCH 1/2] fix: restore compatibility with older nixos-rebuild sudo
 flag

Use --use-remote-sudo in rebuild script since the runner's nixos-rebuild does not support --sudo yet.
---
 nixos/kubeadm/scripts/rebuild-and-bootstrap.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh b/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh
index 1b60dbc..ff873cc 100755
--- a/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh
+++ b/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh
@@ -164,7 +164,7 @@ rebuild_node() {
   timeout "$REBUILD_TIMEOUT" nixos-rebuild switch \
     --flake "$FLAKE_DIR#$node_name" \
     --target-host "$ACTIVE_SSH_USER@$node_ip" \
-    --sudo
+    --use-remote-sudo
 }
 
 rebuild_node_with_retry() {

From 880bbcceca084780b681d4e4a781cea5492aca5c Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Mon, 2 Mar 2026 22:32:10 +0000
Subject: [PATCH 2/2] ci: speed up Terraform plan by skipping refresh in
 pipelines

Use terraform plan -refresh=false in plan/apply workflows to avoid slow Proxmox state refresh on every push. This keeps CI fast while preserving apply behavior from the generated plan.
---
 .gitea/workflows/terraform-apply.yml | 2 +-
 .gitea/workflows/terraform-plan.yml  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/terraform-apply.yml b/.gitea/workflows/terraform-apply.yml
index 43ab4b5..0095094 100644
--- a/.gitea/workflows/terraform-apply.yml
+++ b/.gitea/workflows/terraform-apply.yml
@@ -57,7 +57,7 @@ jobs:
           set -euo pipefail
           for attempt in 1 2; do
             echo "Terraform plan attempt $attempt/2"
-            if timeout 20m terraform plan -parallelism=1 -out=tfplan; then
+            if timeout 20m terraform plan -refresh=false -parallelism=1 -out=tfplan; then
               exit 0
             fi
             if [ "$attempt" -eq 1 ]; then
diff --git a/.gitea/workflows/terraform-plan.yml b/.gitea/workflows/terraform-plan.yml
index eee7cf2..0701861 100644
--- a/.gitea/workflows/terraform-plan.yml
+++ b/.gitea/workflows/terraform-plan.yml
@@ -71,7 +71,7 @@ jobs:
           set -euo pipefail
           for attempt in 1 2; do
             echo "Terraform plan attempt $attempt/2"
-            if timeout 20m terraform plan -parallelism=1 -out=tfplan; then
+            if timeout 20m terraform plan -refresh=false -parallelism=1 -out=tfplan; then
               exit 0
             fi
             if [ "$attempt" -eq 1 ]; then