@celilo/cli 0.5.0-alpha.6 → 0.5.0-alpha.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@celilo/cli",
-  "version": "0.5.0-alpha.6",
+  "version": "0.5.0-alpha.7",
   "description": "Celilo — home lab orchestration CLI",
   "type": "module",
   "bin": {
@@ -54,7 +54,7 @@
     "@aws-sdk/client-s3": "^3.1024.0",
     "@celilo/capabilities": "^0.4.2",
     "@celilo/cli-display": "^0.1.9",
-    "@celilo/event-bus": "^0.1.7",
+    "@celilo/event-bus": "^0.1.6",
     "@clack/prompts": "^1.1.0",
     "ajv": "^8.18.0",
     "drizzle-orm": "^0.36.4",

package/src/api-clients/proxmox.test.ts

@@ -1,5 +1,12 @@
 import { describe, expect, test } from 'bun:test';
-import { findNodeForVmid } from './proxmox';
+import {
+  buildCloudImageVolid,
+  filterVmTemplates,
+  findNodeForVmid,
+  pollTaskUntilDone,
+  selectFreeVmid,
+  selectIsoStorage,
+} from './proxmox';
 
 describe('findNodeForVmid (ISS-0090 — Proxmox is source of truth for current location)', () => {
   // A trimmed /cluster/resources payload: guest rows carry a vmid; node/storage
@@ -28,3 +35,118 @@ describe('findNodeForVmid (ISS-0090 — Proxmox is source of truth for current l
     expect(findNodeForVmid([], 200)).toBeNull();
   });
 });
+
+describe('filterVmTemplates — extract VM templates from a /nodes/{node}/qemu listing', () => {
+  test('keeps only guests flagged template===1 and projects to {vmid, name}', () => {
+    const guests = [
+      { vmid: 100, name: 'running-vm' }, // no template flag → a live VM
+      { vmid: 9000, name: 'ubuntu-2404-cloudinit', template: 1 },
+      { vmid: 201, name: 'another-vm', template: 0 }, // explicitly not a template
+      { vmid: 9001, name: 'ubuntu-2204-cloudinit', template: 1 },
+    ];
+    expect(filterVmTemplates(guests)).toEqual([
+      { vmid: 9000, name: 'ubuntu-2404-cloudinit' },
+      { vmid: 9001, name: 'ubuntu-2204-cloudinit' },
+    ]);
+  });
+
+  test('returns an empty array when no guests are templates', () => {
+    expect(filterVmTemplates([{ vmid: 100, name: 'vm', template: 0 }])).toEqual([]);
+  });
+
+  test('returns an empty array for an empty listing', () => {
+    expect(filterVmTemplates([])).toEqual([]);
+  });
+});
+
+describe('selectIsoStorage — pick a storage that accepts iso content', () => {
+  test('returns the first active, enabled storage whose content includes iso', () => {
+    const storages = [
+      { storage: 'local-lvm', content: 'images,rootdir', active: 1, enabled: 1 },
+      { storage: 'local', content: 'iso,vztmpl,backup', active: 1, enabled: 1 },
+    ];
+    expect(selectIsoStorage(storages)).toBe('local');
+  });
+
+  test('skips an iso-capable storage that is inactive', () => {
+    const storages = [
+      { storage: 'cold', content: 'iso', active: 0, enabled: 1 },
+      { storage: 'local', content: 'iso', active: 1, enabled: 1 },
+    ];
+    expect(selectIsoStorage(storages)).toBe('local');
+  });
+
+  test('skips an iso-capable storage that is disabled', () => {
+    const storages = [
+      { storage: 'off', content: 'iso', active: 1, enabled: 0 },
+      { storage: 'local', content: 'iso', active: 1, enabled: 1 },
+    ];
+    expect(selectIsoStorage(storages)).toBe('local');
+  });
+
+  test('returns null when no storage accepts iso content', () => {
+    const storages = [{ storage: 'local-lvm', content: 'images,rootdir', active: 1, enabled: 1 }];
+    expect(selectIsoStorage(storages)).toBeNull();
+  });
+
+  test('returns null for an empty storage list', () => {
+    expect(selectIsoStorage([])).toBeNull();
+  });
+});
+
+describe('selectFreeVmid — first free VMID >= minVmid (template hygiene)', () => {
+  test('returns the default minimum (9000) when nothing is in use', () => {
+    expect(selectFreeVmid([])).toBe(9000);
+  });
+
+  test('returns 9000 when only low (IPAM-range) VMIDs are used', () => {
+    expect(selectFreeVmid([200, 201, 202])).toBe(9000);
+  });
+
+  test('skips a contiguous block of used template VMIDs', () => {
+    expect(selectFreeVmid([9000, 9001, 9002])).toBe(9003);
+  });
+
+  test('finds a gap inside the used set', () => {
+    // 9000 used, 9001 free → returns 9001
+    expect(selectFreeVmid([9000, 9002, 9003])).toBe(9001);
+  });
+
+  test('honors a custom minVmid floor', () => {
+    expect(selectFreeVmid([9000], 9500)).toBe(9500);
+  });
+
+  test('never returns a VMID below the floor even if low ones are free', () => {
+    // 100/101 are free but below the 9000 floor — must stay out of the IPAM range
+    expect(selectFreeVmid([9000])).toBe(9001);
+  });
+});
+
+describe('buildCloudImageVolid — volid for a cloud image on iso storage', () => {
+  test('places the filename under the storage iso/ namespace', () => {
+    expect(buildCloudImageVolid('local', 'noble-server-cloudimg-amd64.img')).toBe(
+      'local:iso/noble-server-cloudimg-amd64.img',
+    );
+  });
+
+  test('works with an arbitrary storage name', () => {
+    expect(buildCloudImageVolid('nas-iso', 'jammy.img')).toBe('nas-iso:iso/jammy.img');
+  });
+});
+
+describe('pollTaskUntilDone — synchronous-task guard (null/empty UPID)', () => {
+  const creds = {
+    api_url: 'https://proxmox.invalid:8006/api2/json',
+    api_token_id: 'root@pam!test',
+    api_token_secret: 'unused',
+  };
+
+  test('resolves to OK immediately for an empty UPID without hitting the network', async () => {
+    // An empty UPID means the API call completed synchronously (e.g. converting
+    // a diskless VM to a template returns null data, not a worker UPID). The
+    // guard must short-circuit BEFORE any task-status lookup — proxmox.invalid
+    // would otherwise throw a DNS/connection error, so a clean 'OK' proves it
+    // never tried to poll.
+    expect(await pollTaskUntilDone(creds, 'pve', '')).toBe('OK');
+  });
+});

package/src/api-clients/proxmox.ts

@@ -558,12 +558,11 @@ export async function listAvailableTemplates(
 }
 
 /**
- * Make an authenticated POST request to the Proxmox API.
- * Shares connection/auth handling with makeProxmoxRequest; the only differences
- * are the verb and the form-encoded body.
+ * Make an authenticated form-encoded request (POST or PUT) to the Proxmox API.
  */
-async function makeProxmoxPost<T>(
+async function makeProxmoxFormRequest<T>(
   credentials: ProxmoxCredentials,
+  method: 'POST' | 'PUT',
   path: string,
   params: Record<string, string>,
 ): Promise<ProxmoxResult<T>> {
@@ -576,7 +575,7 @@ async function makeProxmoxPost<T>(
       const postData = new URLSearchParams(params).toString();
 
       if (process.env.DEBUG) {
-        console.log(`[Proxmox] POST: ${fullUrl}`);
+        console.log(`[Proxmox] ${method}: ${fullUrl}`);
         console.log(`[Proxmox] Body: ${postData}`);
       }
 
@@ -587,7 +586,7 @@ async function makeProxmoxPost<T>(
           hostname: url.hostname,
           port: url.port || 443,
           path: url.pathname,
-          method: 'POST',
+          method,
           headers: {
             Authorization: authHeader,
             'Content-Type': 'application/x-www-form-urlencoded',
@@ -605,7 +604,7 @@ async function makeProxmoxPost<T>(
 
             if (statusCode < 200 || statusCode >= 300) {
               if (process.env.DEBUG || statusCode >= 400) {
-                console.error(`[Proxmox] POST ${path} failed (${statusCode}): ${body}`);
+                console.error(`[Proxmox] ${method} ${path} failed (${statusCode}): ${body}`);
               }
               resolve({
                 success: false,
@@ -649,6 +648,14 @@ async function makeProxmoxPost<T>(
   });
 }
 
+async function makeProxmoxPost<T>(
+  credentials: ProxmoxCredentials,
+  path: string,
+  params: Record<string, string>,
+): Promise<ProxmoxResult<T>> {
+  return makeProxmoxFormRequest(credentials, 'POST', path, params);
+}
+
 /**
  * Entry from Proxmox's appliance catalog (`pveam available`). The `template`
  * field is the canonical filename (revision included) that should be passed to
@@ -742,3 +749,281 @@ export function buildTemplatePath(storageName: string, templateFilename: string)
 export function buildProxmoxApiUrl(ipAddress: string, port = 8006): string {
   return `https://${ipAddress}:${port}/api2/json`;
 }
+
+// ── VM template build API ─────────────────────────────────────────────────────
+// Used by proxmox-vm-template-build.ts to build a cloud-init template via the
+// Proxmox API (no SSH to the node required).
+//
+// Version requirements (the build needs the HIGHER of the two — i.e. PVE 8.0+):
+//   - the storage `download-url` endpoint (downloadCloudImage)      → PVE 7.2+
+//   - `import-from=` on a disk in the VM-create call                → PVE 8.0+
+// On PVE 7.x the create call rejects `import-from`; the older two-step
+// `qm importdisk` flow would be needed there (not implemented — 8.x is current).
+// @psbanka - 2026-06: revisit only if a 7.x node must be supported.
+
+export interface ProxmoxVmTemplate {
+  vmid: number;
+  name: string;
+}
+
+/** Raw `/nodes/{node}/qemu` guest row (only the fields we read). */
+interface ProxmoxQemuGuestRow {
+  vmid: number;
+  name: string;
+  template?: number;
+}
+
+/**
+ * Extract VM templates (guests with `template === 1`) from a `/nodes/{node}/qemu`
+ * listing. Pure filtering logic, split from the network call for testability
+ * (Rule 10) — mirrors findNodeForVmid.
+ */
+export function filterVmTemplates(guests: ProxmoxQemuGuestRow[]): ProxmoxVmTemplate[] {
+  return guests.filter((vm) => vm.template === 1).map((vm) => ({ vmid: vm.vmid, name: vm.name }));
+}
+
+/** List existing VM templates on a node. */
+export async function listVmTemplates(
+  credentials: ProxmoxCredentials,
+  nodeName: string,
+): Promise<ProxmoxResult<ProxmoxVmTemplate[]>> {
+  const result = await makeProxmoxRequest<ProxmoxQemuGuestRow[]>(
+    credentials,
+    `/nodes/${nodeName}/qemu`,
+  );
+  if (!result.success) return result;
+  return { success: true, data: filterVmTemplates(result.data) };
+}
+
+/** Storage row shape (subset) used when picking ISO-capable storage. */
+type ProxmoxStorageRow = { storage: string; content: string; active: number; enabled: number };
+
+/**
+ * Pick the first active, enabled storage that accepts `iso` content. Pure
+ * selection logic, split from the network call for testability (Rule 10).
+ * Returns the storage name, or null when none qualifies.
+ */
+export function selectIsoStorage(storages: ProxmoxStorageRow[]): string | null {
+  const iso = storages.find((s) => s.active && s.enabled && s.content.includes('iso'));
+  return iso?.storage ?? null;
+}
+
+/**
+ * Find a storage on the node that accepts `iso` content (for downloading cloud
+ * images). Returns the storage name, or null if none found.
+ */
+export async function findIsoStorage(
+  credentials: ProxmoxCredentials,
+  nodeName: string,
+): Promise<ProxmoxResult<string | null>> {
+  const result = await listNodeStorage(credentials, nodeName);
+  if (!result.success) return result;
+  return { success: true, data: selectIsoStorage(result.data) };
+}
+
+/**
+ * Pick the first free VMID >= minVmid given the set of in-use VMIDs. Pure
+ * selection logic, split from the network call for testability (Rule 10).
+ * Template VMIDs must stay outside celilo's IPAM range (200+) so they can
+ * never collide with deployed systems — hence minVmid defaults to 9000.
+ */
+export function selectFreeVmid(usedVmids: Iterable<number>, minVmid = 9000): number {
+  const used = new Set(usedVmids);
+  let candidate = minVmid;
+  while (used.has(candidate)) {
+    candidate++;
+  }
+  return candidate;
+}
+
+/**
+ * Find a free VMID >= minVmid (default 9000) across the cluster.
+ * Template VMIDs must stay outside celilo's IPAM range (200+) so they can
+ * never collide with deployed systems.
+ */
+export async function findFreeTemplateVmid(
+  credentials: ProxmoxCredentials,
+  _nodeName: string,
+  minVmid = 9000,
+): Promise<ProxmoxResult<number>> {
+  const result = await makeProxmoxRequest<Array<{ vmid?: number }>>(
+    credentials,
+    '/cluster/resources',
+  );
+  if (!result.success) return result;
+  const usedVmids = result.data
+    .map((r) => r.vmid)
+    .filter((vmid): vmid is number => typeof vmid === 'number');
+  return { success: true, data: selectFreeVmid(usedVmids, minVmid) };
+}
+
+/**
+ * Download a cloud image URL to ISO storage on the node. Returns a UPID for
+ * status polling. Requires PVE 7.2+ (`download-url` endpoint).
+ */
+export async function downloadCloudImage(
+  credentials: ProxmoxCredentials,
+  nodeName: string,
+  isoStorage: string,
+  url: string,
+  filename: string,
+): Promise<ProxmoxResult<string>> {
+  return makeProxmoxPost<string>(
+    credentials,
+    `/nodes/${nodeName}/storage/${isoStorage}/download-url`,
+    { url, filename, content: 'iso' },
+  );
+}
+
+/**
+ * Poll a task UPID until it reaches `stopped` status. Resolves with the
+ * exitstatus string (typically `'OK'` on success). Throws on timeout or a
+ * non-OK exitstatus.
+ *
+ * An empty/missing UPID means the API call completed synchronously (some PVE
+ * endpoints — e.g. converting a diskless VM to a template — return `null` data
+ * instead of a worker UPID). There is nothing to poll, so treat it as an
+ * immediate success rather than encoding the empty string and 404-ing on the
+ * task-status lookup.
+ */
+export async function pollTaskUntilDone(
+  credentials: ProxmoxCredentials,
+  nodeName: string,
+  upid: string,
+  timeoutMs = 600_000,
+): Promise<string> {
+  if (!upid) return 'OK';
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() < deadline) {
+    await new Promise<void>((r) => setTimeout(r, 3_000));
+    const status = await checkTaskStatus(credentials, nodeName, upid);
+    if (!status.success) throw new Error(`Task poll failed: ${status.message}`);
+    if (status.data.status === 'stopped') {
+      const exit = status.data.exitstatus ?? 'unknown';
+      if (exit !== 'OK') throw new Error(`Task ${upid} failed with exitstatus: ${exit}`);
+      return exit;
+    }
+  }
+  throw new Error(`Task ${upid} timed out after ${timeoutMs / 1000}s`);
+}
+
+/**
+ * Build the volid for a cloud image downloaded to ISO storage. Pure path
+ * construction, split out for testability (Rule 10) — mirrors buildTemplatePath.
+ * Proxmox's `download-url` with `content=iso` stores the `.img` under the
+ * storage's `iso/` namespace, so the volid is `<storage>:iso/<filename>`.
+ */
+export function buildCloudImageVolid(isoStorage: string, filename: string): string {
+  return `${isoStorage}:iso/${filename}`;
+}
+
+export interface CreateVmFromCloudImageParams {
+  credentials: ProxmoxCredentials;
+  nodeName: string;
+  vmid: number;
+  name: string;
+  /** Volume ID of the downloaded cloud image, e.g. `local:iso/noble-server-cloudimg-amd64.img` */
+  isoVolid: string;
+  /** Storage for the imported VM disk and the cloud-init drive */
+  diskStorage: string;
+}
+
+/**
+ * Create a VM and import the cloud image as its boot disk in one API call.
+ * Also attaches the cloud-init CDROM drive so terraform can inject credentials
+ * at clone time. Returns a UPID — poll with pollTaskUntilDone.
+ *
+ * `import-from=` in the disk spec requires PVE 8.0+ (see the version note at the
+ * top of this section). The `net0` bridge is hardcoded to `vmbr0` (the Proxmox
+ * default); it only governs the template's own NIC, which terraform overrides
+ * with `$system:network.bridge` at clone time — so it never reaches a deployed
+ * guest. @psbanka - 2026-06: parameterize if a non-vmbr0 node ever blocks the
+ * template build itself.
+ */
+export async function createVmFromCloudImage(
+  params: CreateVmFromCloudImageParams,
+): Promise<ProxmoxResult<string>> {
+  const { credentials, nodeName, vmid, name, isoVolid, diskStorage } = params;
+  return makeProxmoxPost<string>(credentials, `/nodes/${nodeName}/qemu`, {
+    vmid: String(vmid),
+    name,
+    memory: '2048',
+    cores: '2',
+    scsihw: 'virtio-scsi-pci',
+    net0: 'virtio,bridge=vmbr0',
+    agent: 'enabled=1',
+    serial0: 'socket',
+    vga: 'serial0',
+    boot: 'order=scsi0',
+    scsi0: `${diskStorage}:0,import-from=${isoVolid}`,
+    ide2: `${diskStorage}:cloudinit`,
+  });
+}
+
+/**
+ * Convert an existing VM to a template. Returns a UPID — the VM must be
+ * powered off. Poll with pollTaskUntilDone.
+ */
+export async function convertVmToTemplate(
+  credentials: ProxmoxCredentials,
+  nodeName: string,
+  vmid: number,
+): Promise<ProxmoxResult<string>> {
+  return makeProxmoxPost<string>(credentials, `/nodes/${nodeName}/qemu/${vmid}/template`, {});
+}
+
+/**
+ * Delete a VM (cleanup on build failure). Returns a UPID.
+ * Passes `purge=1` so storage volumes are also removed.
+ */
+export async function deleteVm(
+  credentials: ProxmoxCredentials,
+  nodeName: string,
+  vmid: number,
+): Promise<ProxmoxResult<string>> {
+  return new Promise((resolve) => {
+    try {
+      const { api_url, api_token_id, api_token_secret } = credentials;
+      const authHeader = `PVEAPIToken=${api_token_id}=${api_token_secret}`;
+      const fullUrl = `${api_url}/nodes/${nodeName}/qemu/${vmid}`;
+      const url = new URL(fullUrl);
+      const agent = new https.Agent({ rejectUnauthorized: false });
+      const req = https.request(
+        {
+          hostname: url.hostname,
+          port: url.port || 443,
+          path: `${url.pathname}?purge=1`,
+          method: 'DELETE',
+          headers: { Authorization: authHeader },
+          agent,
+        },
+        (res) => {
+          let body = '';
+          res.on('data', (chunk) => {
+            body += chunk;
+          });
+          res.on('end', () => {
+            const statusCode = res.statusCode || 0;
+            if (statusCode < 200 || statusCode >= 300) {
+              resolve({
+                success: false,
+                message: `Delete failed with status ${statusCode}: ${body}`,
+              });
+              return;
+            }
+            try {
+              const data = JSON.parse(body) as ProxmoxApiResponse<string>;
+              resolve({ success: true, data: data.data });
+            } catch {
+              resolve({ success: true, data: '' });
+            }
+          });
+        },
+      );
+      req.on('error', (error) => resolve({ success: false, message: error.message }));
+      req.end();
+    } catch (error) {
+      resolve({ success: false, message: error instanceof Error ? error.message : String(error) });
+    }
+  });
+}

package/src/cli/commands/proxmox-vm-template-build.ts

@@ -0,0 +1,164 @@
+/**
+ * Build a cloud-init Ubuntu VM template on Proxmox via the API (no SSH needed).
+ * Called from service-add-proxmox when the operator opts in.
+ *
+ * Steps:
+ *   1. Find ISO-capable storage on the target node.
+ *   2. Find a free template VMID (>= 9000, outside celilo's IPAM range).
+ *   3. Download Ubuntu 24.04 cloud image to ISO storage. (~2–5 min)
+ *   4. Create a VM with the cloud image imported as its boot disk + a cloud-init
+ *      CDROM drive. (~30s)
+ *   5. Convert the VM to a template. (~5s)
+ *
+ * The finished template is a blank cloud-init base — no credentials, IP, or SSH
+ * keys baked in. celilo's terraform sets those at clone time (ipconfig0, sshkeys,
+ * ciuser, nameserver). Requires PVE 8.0+ (the storage download-url endpoint is
+ * 7.2+, but importing the disk via `import-from` in the VM-create call is 8.0+,
+ * so the build as a whole needs 8.0+).
+ */
+
+import type { ProxmoxCredentials, ProxmoxVmTemplate } from '../../api-clients/proxmox';
+import {
+  buildCloudImageVolid,
+  convertVmToTemplate,
+  createVmFromCloudImage,
+  deleteVm,
+  downloadCloudImage,
+  findFreeTemplateVmid,
+  findIsoStorage,
+  listVmTemplates,
+  pollTaskUntilDone,
+} from '../../api-clients/proxmox';
+import { FuelGauge } from '../fuel-gauge';
+
+const UBUNTU_2404_AMD64_URL =
+  'https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img';
+const UBUNTU_2404_AMD64_FILENAME = 'noble-server-cloudimg-amd64.img';
+const DEFAULT_TEMPLATE_NAME = 'ubuntu-2404-cloudinit';
+
+export interface VmTemplateBuildParams {
+  credentials: ProxmoxCredentials;
+  nodeName: string;
+  diskStorage: string;
+}
+
+/**
+ * List existing VM templates on the node. Returns an empty array (not an error)
+ * if the API call fails — the caller treats failure as "no templates found".
+ */
+export async function detectExistingVmTemplates(
+  credentials: ProxmoxCredentials,
+  nodeName: string,
+): Promise<ProxmoxVmTemplate[]> {
+  const result = await listVmTemplates(credentials, nodeName);
+  return result.success ? result.data : [];
+}
+
+/**
+ * Build a cloud-init Ubuntu 24.04 VM template on the Proxmox node.
+ * Shows a FuelGauge progress indicator — takes 2–10 min depending on the
+ * operator's internet connection (image download is ~600 MB).
+ * Returns the template name (e.g. "ubuntu-2404-cloudinit").
+ * Cleans up the VM on failure so the operator isn't left with a partial guest.
+ */
+export async function buildCloudInitTemplate(params: VmTemplateBuildParams): Promise<string> {
+  const { credentials, nodeName, diskStorage } = params;
+  const gauge = new FuelGauge('Building cloud-init VM template');
+  gauge.start();
+
+  let vmid: number | null = null;
+
+  try {
+    // Step 1: find ISO storage
+    gauge.addOutput('Finding ISO-capable storage on the node…');
+    const isoStorageResult = await findIsoStorage(credentials, nodeName);
+    if (!isoStorageResult.success) {
+      throw new Error(`Could not list node storage: ${isoStorageResult.message}`);
+    }
+    const isoStorage = isoStorageResult.data;
+    if (!isoStorage) {
+      throw new Error(
+        'No ISO-capable storage found on the node. ' +
+          "Enable 'iso' content on a storage (typically 'local') in the Proxmox UI: " +
+          'Datacenter → Storage → Edit → Content.',
+      );
+    }
+    gauge.addOutput(`ISO storage: ${isoStorage}`);
+
+    // Step 2: find a free template VMID
+    gauge.addOutput('Finding a free template VMID (>= 9000)…');
+    const vmidResult = await findFreeTemplateVmid(credentials, nodeName);
+    if (!vmidResult.success) throw new Error(`VMID lookup failed: ${vmidResult.message}`);
+    vmid = vmidResult.data;
+    gauge.addOutput(`Using VMID ${vmid}`);
+
+    // Step 3: download cloud image to ISO storage
+    gauge.addOutput(
+      `Downloading Ubuntu 24.04 cloud image to '${isoStorage}' (~600 MB, may take several minutes)…`,
+    );
+    const downloadResult = await downloadCloudImage(
+      credentials,
+      nodeName,
+      isoStorage,
+      UBUNTU_2404_AMD64_URL,
+      UBUNTU_2404_AMD64_FILENAME,
+    );
+    if (!downloadResult.success) {
+      if (downloadResult.message.includes('403') || downloadResult.message.includes('not found')) {
+        throw new Error(
+          `Proxmox storage download-url endpoint rejected the request. This endpoint requires Proxmox VE 7.2+. Error: ${downloadResult.message}`,
+        );
+      }
+      throw new Error(`Cloud image download failed: ${downloadResult.message}`);
+    }
+    gauge.addOutput('Waiting for download to complete…');
+    await pollTaskUntilDone(credentials, nodeName, downloadResult.data, 600_000);
+    gauge.addOutput('Cloud image downloaded');
+
+    // Step 4: create VM from cloud image
+    const isoVolid = buildCloudImageVolid(isoStorage, UBUNTU_2404_AMD64_FILENAME);
+    gauge.addOutput(`Creating VM ${vmid} '${DEFAULT_TEMPLATE_NAME}' (importing disk)…`);
+    const createResult = await createVmFromCloudImage({
+      credentials,
+      nodeName,
+      vmid,
+      name: DEFAULT_TEMPLATE_NAME,
+      isoVolid,
+      diskStorage,
+    });
+    if (!createResult.success) {
+      throw new Error(`VM creation failed: ${createResult.message}`);
+    }
+    gauge.addOutput('Waiting for disk import to complete…');
+    await pollTaskUntilDone(credentials, nodeName, createResult.data, 120_000);
+    gauge.addOutput('VM created');
+
+    // Step 5: convert to template
+    gauge.addOutput(`Converting VM ${vmid} to a template…`);
+    const templateResult = await convertVmToTemplate(credentials, nodeName, vmid);
+    if (!templateResult.success) {
+      throw new Error(`Convert-to-template failed: ${templateResult.message}`);
+    }
+    await pollTaskUntilDone(credentials, nodeName, templateResult.data, 60_000);
+
+    gauge.stop(true);
+    return DEFAULT_TEMPLATE_NAME;
+  } catch (error) {
+    gauge.stop(false);
+
+    // Best-effort cleanup — remove the partially-created VM so the operator
+    // isn't left with a stranded guest.
+    if (vmid !== null) {
+      try {
+        const del = await deleteVm(credentials, nodeName, vmid);
+        if (del.success) {
+          console.log(`✗ Cleaned up VM ${vmid} after build failure`);
+        }
+      } catch {
+        console.log(`⚠ Could not clean up VM ${vmid} — delete it manually in the Proxmox UI`);
+      }
+    }
+
+    throw error;
+  }
+}

package/src/cli/commands/service-add-proxmox.ts

@@ -23,6 +23,7 @@ import {
   runApplianceDownload,
   selectUbuntuApplianceFromCatalog,
 } from './proxmox-template-selection';
+import { buildCloudInitTemplate, detectExistingVmTemplates } from './proxmox-vm-template-build';
 
 /**
  * Handle service add proxmox command
@@ -122,22 +123,71 @@ export async function handleServiceAddProxmox(
       validate: validateRequired('Storage'),
     });
 
-    // VM template name for `requires.system.type: vm` modules. Optional —
-    // skip if you only deploy LXC modules. See v2/PROXMOX_VM_TEMPLATE.md.
-    const vmTemplateInput = await promptText({
-      message: 'VM template name (optional — for VM-type modules):',
-      placeholder: 'e.g., ubuntu-2404-cloud-init-9000',
-    });
-    const vmTemplate = vmTemplateInput?.trim() || undefined;
-
-    // Find storage that supports vztmpl content. We do this BEFORE prompting
-    // for a template so the user only ever sees one storage in subsequent
-    // messages, and so the saved volid uses the right storage.
+    // Build credentials here — needed for VM template detection below and
+    // for LXC template catalog lookup further down.
     const credentials = {
       api_url: apiUrl,
       api_token_id: apiTokenId,
       api_token_secret: apiTokenSecret,
     };
+
+    // VM template for `requires.system.type: vm` modules.
+    // Auto-detect existing templates on the node; offer to build if none found.
+    // See v2/PROXMOX_VM_TEMPLATE.md.
+    let vmTemplate: string | undefined;
+    const existingTemplates = await detectExistingVmTemplates(credentials, targetNode);
+    if (existingTemplates.length > 0) {
+      const templateChoice = await p.select({
+        message: 'VM template for VM-type modules:',
+        options: [
+          ...existingTemplates.map((t) => ({
+            value: t.name,
+            label: `${t.name} (VMID ${t.vmid})`,
+          })),
+          { value: '__build__', label: 'Build a new Ubuntu 24.04 cloud-init template now' },
+          { value: '__skip__', label: 'Skip — I only need LXC modules' },
+        ],
+      });
+      if (p.isCancel(templateChoice)) {
+        p.cancel('Operation cancelled');
+        return { success: false, error: 'Cancelled by user' };
+      }
+      if (templateChoice === '__build__') {
+        vmTemplate = await buildCloudInitTemplate({
+          credentials,
+          nodeName: targetNode,
+          diskStorage: storage,
+        });
+      } else if (templateChoice !== '__skip__') {
+        vmTemplate = templateChoice;
+      }
+    } else {
+      const shouldBuild = await p.confirm({
+        message: 'No VM templates found. Build a Ubuntu 24.04 cloud-init template now? (~2–10 min)',
+        initialValue: false,
+      });
+      if (p.isCancel(shouldBuild)) {
+        p.cancel('Operation cancelled');
+        return { success: false, error: 'Cancelled by user' };
+      }
+      if (shouldBuild) {
+        vmTemplate = await buildCloudInitTemplate({
+          credentials,
+          nodeName: targetNode,
+          diskStorage: storage,
+        });
+      } else {
+        const manualEntry = await promptText({
+          message: 'VM template name (optional — leave blank to skip):',
+          placeholder: 'e.g., ubuntu-2404-cloudinit',
+        });
+        vmTemplate = manualEntry?.trim() || undefined;
+      }
+    }
+
+    // Find storage that supports vztmpl content. We do this BEFORE prompting
+    // for a template so the user only ever sees one storage in subsequent
+    // messages, and so the saved volid uses the right storage.
     console.log('\nFinding storage for templates...');
     const storageListResult = await listNodeStorage(credentials, targetNode);
 

package/src/cli/commands/service-reconfigure.test.ts

@@ -0,0 +1,115 @@
+import { describe, expect, test } from 'bun:test';
+import {
+  type ProxmoxProviderConfig,
+  buildVmTemplateChoices,
+  resolveReconfiguredProviderConfig,
+} from './service-reconfigure';
+
+describe('buildVmTemplateChoices — VM-template reconfigure menu', () => {
+  const templates = [
+    { vmid: 9000, name: 'ubuntu-2404-cloudinit' },
+    { vmid: 9001, name: 'ubuntu-2204-cloudinit' },
+  ];
+
+  test('current set + detected templates: keep first, others (current deduped), build, clear', () => {
+    const choices = buildVmTemplateChoices('ubuntu-2404-cloudinit', templates);
+    expect(choices.map((c) => c.value)).toEqual([
+      '__keep__',
+      'ubuntu-2204-cloudinit', // the other detected template — current is not re-listed
+      '__build__',
+      '__clear__',
+    ]);
+    expect(choices[0].label).toBe('Keep current (ubuntu-2404-cloudinit)');
+  });
+
+  test('current unset: no keep/clear; detected templates, build, then skip', () => {
+    const choices = buildVmTemplateChoices(undefined, templates);
+    expect(choices.map((c) => c.value)).toEqual([
+      'ubuntu-2404-cloudinit',
+      'ubuntu-2204-cloudinit',
+      '__build__',
+      '__skip__',
+    ]);
+  });
+
+  test('current set, no templates detected: keep, build, clear', () => {
+    const choices = buildVmTemplateChoices('ubuntu-2404-cloudinit', []);
+    expect(choices.map((c) => c.value)).toEqual(['__keep__', '__build__', '__clear__']);
+  });
+
+  test('current unset, no templates detected: build, skip', () => {
+    const choices = buildVmTemplateChoices(undefined, []);
+    expect(choices.map((c) => c.value)).toEqual(['__build__', '__skip__']);
+  });
+
+  test('a detected template carries its VMID in the label', () => {
+    const choices = buildVmTemplateChoices(undefined, [{ vmid: 9002, name: 'debian-12' }]);
+    expect(choices[0]).toEqual({ value: 'debian-12', label: 'debian-12 (VMID 9002)' });
+  });
+});
+
+describe('resolveReconfiguredProviderConfig — drop-bug guard (ISS-0128)', () => {
+  const current: ProxmoxProviderConfig = {
+    default_target_node: 'pve',
+    lxc_template: 'local:vztmpl/ubuntu-24.04.tar.zst',
+    storage: 'local-lvm',
+    vm_template: 'ubuntu-2404-cloudinit',
+  };
+
+  test('keeping the VM template (edit echoes current) preserves it while applying other edits', () => {
+    const result = resolveReconfiguredProviderConfig({
+      default_target_node: 'pve2',
+      lxc_template: 'local:vztmpl/ubuntu-24.04-2.tar.zst',
+      storage: 'fast-lvm',
+      vm_template: 'ubuntu-2404-cloudinit', // VM_KEEP resolves to the current value
+    });
+    expect(result).toEqual({
+      default_target_node: 'pve2',
+      lxc_template: 'local:vztmpl/ubuntu-24.04-2.tar.zst',
+      storage: 'fast-lvm',
+      vm_template: 'ubuntu-2404-cloudinit',
+    });
+  });
+
+  test('the pre-fix behavior would have dropped vm_template — guard against regressing', () => {
+    // Reconfiguring only the LXC fields must NOT lose the VM template: the
+    // handler threads currentConfig.vm_template through as the edit value.
+    const result = resolveReconfiguredProviderConfig({
+      default_target_node: current.default_target_node,
+      lxc_template: 'local:vztmpl/new.tar.zst',
+      storage: current.storage,
+      vm_template: current.vm_template,
+    });
+    expect(result.vm_template).toBe('ubuntu-2404-cloudinit');
+  });
+
+  test('clearing (undefined edit) removes the field entirely, not sets it undefined', () => {
+    const result = resolveReconfiguredProviderConfig({
+      default_target_node: 'pve',
+      lxc_template: current.lxc_template,
+      storage: current.storage,
+      vm_template: undefined,
+    });
+    expect('vm_template' in result).toBe(false);
+  });
+
+  test('setting a new template overwrites the old', () => {
+    const result = resolveReconfiguredProviderConfig({
+      default_target_node: 'pve',
+      lxc_template: current.lxc_template,
+      storage: current.storage,
+      vm_template: 'debian-12-cloudinit',
+    });
+    expect(result.vm_template).toBe('debian-12-cloudinit');
+  });
+
+  test('no VM template edit leaves it absent', () => {
+    const result = resolveReconfiguredProviderConfig({
+      default_target_node: 'pve',
+      lxc_template: 'local:vztmpl/x.tar.zst',
+      storage: 'local-lvm',
+      vm_template: undefined,
+    });
+    expect('vm_template' in result).toBe(false);
+  });
+});

package/src/cli/commands/service-reconfigure.ts

@@ -6,6 +6,7 @@
 import * as p from '@clack/prompts';
 import {
   type ProxmoxCredentials,
+  type ProxmoxVmTemplate,
   buildTemplatePath,
   extractTemplateFilename,
   listAvailableTemplates,
@@ -23,11 +24,84 @@ import {
   runApplianceDownload,
   selectUbuntuApplianceFromCatalog,
 } from './proxmox-template-selection';
+import { buildCloudInitTemplate, detectExistingVmTemplates } from './proxmox-vm-template-build';
 
-interface ProxmoxProviderConfig {
+// A `type` (not `interface`) so it carries an implicit index signature and is
+// assignable to the loose `Record<string, unknown>` providerConfig column.
+export type ProxmoxProviderConfig = {
   default_target_node: string;
   lxc_template: string;
   storage: string;
+  // VM template to clone for `requires.system.type: vm` modules. Optional —
+  // a service may only ever host LXC modules. MUST be carried through a
+  // reconfigure (ISS-0128): updateServiceProviderConfig replaces the whole
+  // column, so dropping it here silently deletes the operator's template.
+  vm_template?: string;
+};
+
+// Sentinel choices for the VM-template reconfigure step (non-template values
+// returned by the select). Any other value is an existing template name.
+const VM_KEEP = '__keep__';
+const VM_BUILD = '__build__';
+const VM_CLEAR = '__clear__';
+const VM_SKIP = '__skip__';
+
+export interface VmTemplateChoice {
+  value: string;
+  label: string;
+}
+
+/**
+ * Build the select options for the VM-template reconfigure step, given the
+ * current value and the templates detected on the node. Pure — no I/O — so the
+ * menu is unit-testable and a headless caller (ISS-0127) can resolve a choice
+ * without a prompt.
+ */
+export function buildVmTemplateChoices(
+  current: string | undefined,
+  existing: ProxmoxVmTemplate[],
+): VmTemplateChoice[] {
+  const choices: VmTemplateChoice[] = [];
+  if (current) {
+    choices.push({ value: VM_KEEP, label: `Keep current (${current})` });
+  }
+  for (const template of existing) {
+    if (template.name === current) continue;
+    choices.push({ value: template.name, label: `${template.name} (VMID ${template.vmid})` });
+  }
+  choices.push({ value: VM_BUILD, label: 'Build a new Ubuntu 24.04 cloud-init template now' });
+  choices.push(
+    current
+      ? { value: VM_CLEAR, label: 'Clear — remove the VM template' }
+      : { value: VM_SKIP, label: 'Skip — no VM template' },
+  );
+  return choices;
+}
+
+/**
+ * Resolve the full providerConfig to persist from the reconfigure interview's
+ * resolved values. The caller seeds every field from the current config (via the
+ * prompt defaults and the VM-template choice), so the result is a function of
+ * `edits` alone. vm_template is included only when set — a falsy value clears it
+ * rather than persisting an undefined key. This is the guard for the
+ * wholesale-replace drop bug (ISS-0128): vm_template is a first-class edit, not
+ * an afterthought that gets omitted from the written object.
+ */
+export function resolveReconfiguredProviderConfig(edits: {
+  default_target_node: string;
+  lxc_template: string;
+  storage: string;
+  vm_template: string | undefined;
+}): ProxmoxProviderConfig {
+  const config: ProxmoxProviderConfig = {
+    default_target_node: edits.default_target_node,
+    lxc_template: edits.lxc_template,
+    storage: edits.storage,
+  };
+  if (edits.vm_template) {
+    config.vm_template = edits.vm_template;
+  }
+  return config;
 }
 
 export async function handleServiceReconfigure(
@@ -64,7 +138,8 @@ export async function handleServiceReconfigure(
     console.log('Current configuration:');
     console.log(`  Target node: ${currentConfig.default_target_node}`);
     console.log(`  Storage: ${currentConfig.storage}`);
-    console.log(`  Template: ${currentConfig.lxc_template}`);
+    console.log(`  LXC template: ${currentConfig.lxc_template}`);
+    console.log(`  VM template: ${currentConfig.vm_template ?? '(none)'}`);
     console.log('');
 
     // Re-prompt for configurable fields with current values as defaults
@@ -159,18 +234,48 @@ export async function handleServiceReconfigure(
       console.log(`✓ Template '${templateFilename}' found`);
     }
 
-    // Update service configuration
-    await updateServiceProviderConfig(service.id, {
+    // VM template (for `requires.system.type: vm` modules). Keep the current
+    // value, swap to another detected template, build a new one, or clear it.
+    // Without this step a reconfigure would silently drop vm_template (ISS-0128).
+    let vmTemplate = currentConfig.vm_template;
+    const existingTemplates = await detectExistingVmTemplates(credentials, targetNode);
+    const vmChoice = await p.select({
+      message: 'VM template for VM-type modules:',
+      options: buildVmTemplateChoices(currentConfig.vm_template, existingTemplates),
+    });
+    if (p.isCancel(vmChoice)) {
+      p.cancel('Operation cancelled');
+      return { success: false, error: 'Cancelled by user' };
+    }
+    if (vmChoice === VM_BUILD) {
+      vmTemplate = await buildCloudInitTemplate({
+        credentials,
+        nodeName: targetNode,
+        diskStorage: storage,
+      });
+    } else if (vmChoice === VM_CLEAR || vmChoice === VM_SKIP) {
+      vmTemplate = undefined;
+    } else if (vmChoice !== VM_KEEP) {
+      vmTemplate = vmChoice; // an existing template name
+    }
+    // VM_KEEP leaves vmTemplate at currentConfig.vm_template.
+
+    // Update service configuration. resolveReconfiguredProviderConfig preserves
+    // every existing key and carries vm_template forward (ISS-0128 drop guard).
+    const newConfig = resolveReconfiguredProviderConfig({
       default_target_node: targetNode,
       lxc_template: lxcTemplate,
       storage,
+      vm_template: vmTemplate,
     });
+    await updateServiceProviderConfig(service.id, newConfig);
 
     celiloOutro(
       `Service '${serviceId}' reconfigured successfully!\n\n` +
         `  Target node: ${targetNode}\n` +
         `  Storage: ${storage}\n` +
-        `  Template: ${lxcTemplate}\n\n` +
+        `  LXC template: ${lxcTemplate}\n` +
+        `  VM template: ${vmTemplate ?? '(none)'}\n\n` +
         `Next steps:\n  - Verify: celilo service verify ${serviceId}\n  - Deploy: celilo module deploy <module-id>`,
     );