Terraform is quite severely lacking in anything related to networks(or hardware in general). Ansible has a lot bigger selection and has modules for all the big 3 vendors. and a lot of the smaller ones too. and in a pinch you can write your own. As long as the machine supports SSH, ansible can manage it, from decades old factory automation to elevators to modern Cisco switches.
You’re unfortunately in for a world of hurt if you intend to use terraform.
Depends what you want to do, there are a few alternatives for luks. TPM, nbde server, dropbear-ssh, usb key, yubikey.
You can use any combination of the above with password being a fallback.