diff --git a/terraform/bikeshed/high-sea.tf b/terraform/bikeshed/high-sea.tf
new file mode 100644
index 0000000..4918dff
--- /dev/null
+++ b/terraform/bikeshed/high-sea.tf
@@ -0,0 +1,50 @@
+provider "proxmox" {
+    # url is the hostname (FQDN if you have one) for the proxmox host you'd like to connect to to issue the commands.
+    pm_api_url = "https://192.168.1.230:8006/api2/json"
+    pm_api_token_id = var.PM_API_TOKEN_ID
+    pm_api_token_secret = var.PM_API_TOKEN_SECRET
+    pm_tls_insecure = true
+}
+
+resource "proxmox_vm_qemu" "high-sea" {
+    name = "high-sea" 
+    target_node = var.high-sea-host
+    clone = var.template_name
+    # basic VM settings here. agent refers to guest agent
+    agent = 1
+    os_type = "debian"
+    cores = 2
+    sockets = 1
+    cpu = "host"
+    memory = 4096
+    scsihw = "virtio-scsi-pci"
+    bootdisk = "scsi0"
+    disk {
+        slot = 0
+        # set disk size here. leave it small for testing because expanding the disk takes time.
+        size = "20G"
+        type = "scsi"
+        storage = "sainthood-cifs"
+        iothread = 0
+    }
+    
+    # if you want two NICs, just copy this whole network section and duplicate it
+    network {
+        model = "virtio"
+        bridge = "vmbr0"
+    }
+    # not sure exactly what this is for. presumably something about MAC addresses and ignore network changes during the life of the VM
+    lifecycle {
+        ignore_changes = [
+            network,
+        ]
+    }
+    
+    ipconfig0 = "ip=10.10.1.10/24,gw=10.98.1.1"
+    
+    # sshkeys set using variables. the variable contains the text of the key.
+}
+
+# Configure DO DNS after VM is build. A record to point to machine?
+
+
diff --git a/terraform/bikeshed/provider.tf b/terraform/bikeshed/provider.tf
new file mode 100644
index 0000000..003ded8
--- /dev/null
+++ b/terraform/bikeshed/provider.tf
@@ -0,0 +1,31 @@
+terraform {
+    required_providers {
+	proxmox = {
+	    source = "telmate/proxmox"
+	    version = "2.7.4"
+	    }
+	digitalocean = {
+	    source = "digitalocean/digitalocean"
+	    version = "~> 2.29.0"
+	    }
+    }
+    backend "s3" {
+        key      = "bikeshed/terraform.tfstate"
+        bucket   = "deploy-state"
+        region   = "us-west-2"
+        endpoint = "https://sfo2.digitaloceanspaces.com"
+        skip_region_validation      = true
+        skip_credentials_validation = true
+        skip_metadata_api_check     = true
+
+        # This is actually not needed, but declaring it here helps me remember where its supposed to live.	
+        # You gotta comment these out when initing the terraform backend? for some reason.
+        shared_credentials_files = ["~/.aws/credentials"]
+        shared_config_files = ["~/.aws/config"]    	
+    }
+}
+
+
+provider "digitalocean" {
+    token = var.DO_PAT
+}
\ No newline at end of file
diff --git a/terraform/bikeshed/vars.tf b/terraform/bikeshed/vars.tf
index e596fd7..e8e88b2 100644
--- a/terraform/bikeshed/vars.tf
+++ b/terraform/bikeshed/vars.tf
@@ -1,8 +1,13 @@
 variable "proxmox_host" {
     default = "demiurge"
 }
+
 variable "template_name" {
-    default = "debian-template"
+    default = "debian-template-cifs"
+}
+
+variable "high-sea-host" {
+    default = "seraph"
 }
 
 variable "PM_API_TOKEN_ID" {
@@ -11,7 +16,13 @@ variable "PM_API_TOKEN_ID" {
     sensitive   = true
 }
 variable "PM_API_TOKEN_SECRET" {
-    description = "Secret for prooxmox management."
+    description = "Secret for proxmox management."
     type        = string
     sensitive   = true    
 }
+
+variable "DO_PAT" {
+    description = "Personal access token for managing DO infra."
+    type        = string
+    sensitive   = true
+}