feat(images): support optional Talos image ID overrides

Add talos_image_id_x86 and talos_image_id_arm as optional inputs.

When set, the module skips hcloud image selector lookups and uses
provided image IDs directly.

When unset, existing os=talos most_recent behavior remains.

Architecture disable flags remain authoritative, so explicit IDs are
ignored when that architecture is disabled.

README usage now documents the optional image-ID path.

Closes: #371

Author: mrclrchtr

README.md

@@ -147,7 +147,11 @@ This repository contains a Terraform module for creating a Kubernetes cluster wi
 
 ## Usage
 
-### 1. Build Talos Images with Packer
+### 1. Build Talos Images with Packer (Optional)
+
+> [!TIP]
+> You can also use official Hetzner Talos images directly by setting `talos_image_id_x86` and/or `talos_image_id_arm`.
+> Check the Hetzner changelog for current Talos image IDs: https://docs.hetzner.cloud/changelog
 
 Before deploying with Terraform, you need Talos OS images (snapshots) available in your Hetzner Cloud project. This module provides Packer configurations to build these images.
 
@@ -184,6 +188,10 @@ module "talos" {
 
   talos_version = "v1.12.2" # The version of talos features to use in generated machine configurations
 
+  # Optional: use official Hetzner Talos image IDs (no custom Packer image required)
+  # talos_image_id_x86 = "<x86-image-id>"
+  # talos_image_id_arm = "<arm-image-id>"
+
   hcloud_token            = "your-hcloud-token"
   # If true, the current IP address will be used as the source for the firewall rules.
   # ATTENTION: to determine the current IP, a request to a public service (https://ipv4.icanhazip.com) is made.

server.tf

@@ -1,12 +1,12 @@
 data "hcloud_image" "arm" {
-  count             = var.disable_arm ? 0 : 1
+  count             = var.disable_arm || var.talos_image_id_arm != null ? 0 : 1
   with_selector     = "os=talos"
   with_architecture = "arm"
   most_recent       = true
 }
 
 data "hcloud_image" "x86" {
-  count             = var.disable_x86 ? 0 : 1
+  count             = var.disable_x86 || var.talos_image_id_x86 != null ? 0 : 1
   with_selector     = "os=talos"
   with_architecture = "x86"
   most_recent       = true
@@ -15,6 +15,16 @@ data "hcloud_image" "x86" {
 locals {
   cluster_prefix = var.cluster_prefix ? "${var.cluster_name}-" : ""
 
+  arm_image_id = (
+    var.talos_image_id_arm != null ? var.talos_image_id_arm :
+    (var.disable_arm || length(data.hcloud_image.arm) == 0 ? null : data.hcloud_image.arm[0].id)
+  )
+
+  x86_image_id = (
+    var.talos_image_id_x86 != null ? var.talos_image_id_x86 :
+    (var.disable_x86 || length(data.hcloud_image.x86) == 0 ? null : data.hcloud_image.x86[0].id)
+  )
+
   control_plane_count = length(var.control_plane_nodes)
   worker_count        = length(var.worker_nodes)
 
@@ -28,8 +38,8 @@ locals {
       server_type = local.control_plane_nodes_by_id[i].type
       image_id = (
         substr(local.control_plane_nodes_by_id[i].type, 0, 3) == "cax" ?
-        (var.disable_arm ? null : data.hcloud_image.arm[0].id) :
-        (var.disable_x86 ? null : data.hcloud_image.x86[0].id)
+        local.arm_image_id :
+        local.x86_image_id
       )
       ipv4_public        = local.control_plane_public_ipv4_list[i - 1]
       ipv6_public        = var.enable_ipv6 ? local.control_plane_public_ipv6_list[i - 1] : null
@@ -47,8 +57,8 @@ locals {
       server_type = local.worker_nodes_by_id[i].type
       image_id = (
         substr(local.worker_nodes_by_id[i].type, 0, 3) == "cax" ?
-        (var.disable_arm ? null : data.hcloud_image.arm[0].id) :
-        (var.disable_x86 ? null : data.hcloud_image.x86[0].id)
+        local.arm_image_id :
+        local.x86_image_id
       )
       ipv4_public        = local.worker_public_ipv4_list[i - 1]
       ipv6_public        = var.enable_ipv6 ? local.worker_public_ipv6_list[i - 1] : null

variables.tf

@@ -437,6 +437,32 @@ variable "disable_arm" {
   description = "If true, arm images will not be used."
 }
 
+variable "talos_image_id_x86" {
+  type        = string
+  default     = null
+  description = <<EOF
+    Optional Hetzner Cloud image ID for x86_64 architecture.
+    If set, this ID is used directly and the module skips the "os=talos" image selector lookup.
+  EOF
+  validation {
+    condition     = var.talos_image_id_x86 == null || can(regex("^[0-9]+$", var.talos_image_id_x86))
+    error_message = "talos_image_id_x86 must be a numeric image ID string (for example: \"122630\") or null."
+  }
+}
+
+variable "talos_image_id_arm" {
+  type        = string
+  default     = null
+  description = <<EOF
+    Optional Hetzner Cloud image ID for arm64 architecture.
+    If set, this ID is used directly and the module skips the "os=talos" image selector lookup.
+  EOF
+  validation {
+    condition     = var.talos_image_id_arm == null || can(regex("^[0-9]+$", var.talos_image_id_arm))
+    error_message = "talos_image_id_arm must be a numeric image ID string (for example: \"122629\") or null."
+  }
+}
+
 # Talos
 variable "kubelet_extra_args" {
   type        = map(string)