Adding --ssh-public-keys parameter to secure initial deployment.

nixos-infra/scripts/create-lxc-nixos.sh

@@ -30,6 +30,7 @@ Options:
   -i, --ip IP               Static IP (e.g. 192.168.1.100/24).
   -C, --cmode CMODE         Console mode (console or tty). Default: console.
   -T, --tags TAGS           Tags for the container (optional).
+  -k, --ssh-public-keys KEYS SSH public keys for the container.
   --pve-host HOST           Proxmox host (e.g. pve).
   --pve-user USER           Proxmox user (default: admin).
   --pve-port PORT           SSH port for Proxmox (default: 22).
@@ -61,6 +62,7 @@ UNPRIVILEGED="${UNPRIVILEGED:-0}"
 IP="${IP:-}"
 CMODE="${CMODE:-console}"
 TAGS="${TAGS:-}"
+SSH_PUBLIC_KEYS="${SSH_PUBLIC_KEYS:-}"
 
 # --- Parse Arguments with docopts (Lowest Priority) ---
 args=$(docopts -h "$usage" : "$@")
@@ -104,8 +106,8 @@ fi
 if [ -z "$TEMPLATE" ] || [ -z "$ROOTFS_SIZE" ] || [ -z "$CORES" ] || \
    [ -z "$MEMORY" ] || [ -z "$SWAP" ] || [ -z "$PASSWORD" ] || \
    [ -z "$BRIDGE" ] || [ -z "$DOMAIN" ] || [ -z "$UNPRIVILEGED" ] || \
-   [ -z "$CMODE" ] || [ -z "$PVE_HOST" ] || [ -z "$PVE_USER" ] || \
-   [ -z "$PVE_PORT" ]; then
+   [ -z "$CMODE" ] || [ -z "$SSH_PUBLIC_KEYS" ] || \
+   [ -z "$PVE_HOST" ] || [ -z "$PVE_USER" ] || [ -z "$PVE_PORT" ]; then
   echo "❌ Error: One or more critical parameters are missing." >&2
   exit 1
 fi
@@ -147,7 +149,7 @@ echo "🚀 Creating LXC container $SHORT_NAME on $PVE_HOST..."
 CREATE_CMD="pct create $ROOTFS_SIZE $TEMPLATE --cores $CORES \
 --memory $MEMORY --swap $SWAP --hostname $SHORT_NAME.$DOMAIN \
 --password $PASSWORD --unprivileged $UNPRIVILEGED --net0 $NET_OPTS \
---onboot 1 --cmode $CMODE"
+--onboot 1 --cmode $CMODE --ssh-public-keys $SSH_PUBLIC_KEYS"
 if [ -n "$TAGS" ]; then
   CREATE_CMD="$CREATE_CMD --tags $TAGS"
 fi