From 6e0e86b17a17e4ff7e9c7925eadcaea1f0229d4a Mon Sep 17 00:00:00 2001
From: Xavier Lagraula <xavier.lagraula@proton.me>
Date: Fri, 1 May 2026 16:00:02 +0200
Subject: [PATCH] Refactored parameters handling. Removed useless SSH password
 parameter.

---
 nixos-infra/scripts/create-lxc-nixos.sh | 124 +++++++++++++++---------
 1 file changed, 79 insertions(+), 45 deletions(-)

diff --git a/nixos-infra/scripts/create-lxc-nixos.sh b/nixos-infra/scripts/create-lxc-nixos.sh
index 5a283d4..09332bc 100755
--- a/nixos-infra/scripts/create-lxc-nixos.sh
+++ b/nixos-infra/scripts/create-lxc-nixos.sh
@@ -35,9 +35,13 @@ Options:
   --pve-host HOST           Proxmox host (e.g. pve).
   --pve-user USER           Proxmox user (default: admin).
   --pve-port PORT           SSH port for Proxmox (default: 22).
-  --pve-password PASSWORD  Password for SSH authentication on Proxmox.
   --pve-ssh-key KEY         SSH key file for authentication.
   --dry-run                 Simulate container creation without execution.
+
+Optional configuration files:
+  /etc/nixos-infra/hosts/config
+  \${XDG_CONFIG_HOME}/nixos-infra/hosts/config
+  ./config
 "
 
 # --- Default Parameters (Environment Variables) ---
@@ -45,7 +49,6 @@ Options:
 PVE_HOST="${PVE_HOST:-}"
 PVE_USER="${PVE_USER:-admin}"
 PVE_PORT="${PVE_PORT:-22}"
-PVE_PASSWORD="${PVE_PASSWORD:-}"
 PVE_SSH_KEY="${PVE_SSH_KEY:-}"
 DRY_RUN="${DRY_RUN:-false}"
 
@@ -65,69 +68,100 @@ CMODE="${CMODE:-console}"
 TAGS="${TAGS:-}"
 SSH_PUBLIC_KEYS="${SSH_PUBLIC_KEYS:-}"
 
-# --- Parse Arguments with docopts (Lowest Priority) ---
-
-# This is to prevent set -e from eating the error message from docopts
+# --- Parse Arguments with docopts (Highest priority) ---
+# set +e is to prevent set -e from eating the error message from docopts.
+# This code is up here to prevent useless error messages to be printed
+# in case the "-h" or "--help" argument is used.
 set +e
 args=$(docopts -h "$usage" : "$@")
 eval "$args"
 set -e
 
-# --- Override with /etc/nixos-infra/hosts/<short_name> (Medium Priority)
-if [ -f "/etc/nixos-infra/hosts/$Short_name" ]; then
-  echo "📄 Applying parameters from /etc/nixos-infra/hosts/$SHORT_NAME..."
-  set -a
-  source "/etc/nixos-infra/hosts/$SHORT_NAME"
-  set +a
-fi
+# --- Apply Configuration Files (by increasing priority) ---
+XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-$HOME/.config}"
+CONFIG_FILES=(\
+ "/etc/nixos-infra/hosts/config" \
+ "$XDG_CONFIG_HOME/nixos-infra/hosts/config" \
+ "./config")
+for conffile in ${CONFIG_FILES[*]}; do
+  if [ -f "$conffile" ]; then
+    echo "📄 Applying parameters from $conffile..."
+    set -a
+    source "$conffile"
+    set +a
+  else
+    echo "❌ $conffile not found."
+  fi
+done
 
-# --- Override with ./<short_name> (Medium Priority) ---
-if [ -f "./$SHORT_NAME" ]; then
-  echo "📄 Applying parameters from ./$SHORT_NAME..."
-  set -a
-  source "./$SHORT_NAME"
-  set +a
-fi
+# Proxmox Server
+PVE_HOST="${pve_host:-$PVE_HOST}"
+PVE_USER="${pve_user:-$PVE_USER}"
+PVE_PORT="${pve_port:-$PVE_PORT}"
+PVE_SSH_KEY="${pve_ssh_key:-$PVE_SSH_KEY}"
+DRY_RUN="${dry_run:-$DRY_RUN}"
 
-# --- Apply Command-Line Arguments (Highest Priority) ---
-eval "$args"
+# LXC Container
+TEMPLATE="${template:-$TEMPLATE}"
+ROOTFS_SIZE="${rootfs_size:-$ROOTFS_SIZE}"
+CORES="${cores:-$CORES}"
+MEMORY="${memory:-$MEMORY}"
+SWAP="${swap:-$SWAP}"
+PASSWORD="${password:-$PASSWORD}"
+BRIDGE="${bridge:-$BRIDGE}"
+VLAN="${vlan:-$VLAN}"
+DOMAIN="${domain:-$DOMAIN}"
+UNPRIVILEGED="${unprivileged:-$UNPRIVILEGED}"
+IP="${ip:-$IP}"
+CMODE="${cmode:-$CMODE}"
+TAGS="${tags:-$TAGS}"
+SSH_PUBLIC_KEYS="${ssh_public_keys:-$SSH_PUBLIC_KEYS}"
 
 # --- SSH Key Default Logic ---
 if [ "$PVE_SSH_KEY" = "default" ]; then
   PVE_SSH_KEY="${HOME}/.ssh/id_${PVE_USER}"
-elif [ -z "$PVE_SSH_KEY" ] && [ -z "$PVE_PASSWORD" ]; then
-  PVE_SSH_KEY="${HOME}/.ssh/id_${PVE_USER}"
 fi
 
 # --- Critical Parameters Validation ---
-if [ -z "$TEMPLATE" ] || [ -z "$ROOTFS_SIZE" ] || [ -z "$CORES" ] || \
-   [ -z "$MEMORY" ] || [ -z "$SWAP" ] || [ -z "$PASSWORD" ] || \
-   [ -z "$BRIDGE" ] || [ -z "$DOMAIN" ] || [ -z "$UNPRIVILEGED" ] || \
-   [ -z "$CMODE" ] || [ -z "$SSH_PUBLIC_KEYS" ] || \
-   [ -z "$PVE_HOST" ] || [ -z "$PVE_USER" ] || [ -z "$PVE_PORT" ]; then
-  echo "❌ Error: One or more critical parameters are missing." >&2
+mandatory_params=(
+  "TEMPLATE" \
+  "ROOTFS_SIZE" \
+  "CORES" \
+  "MEMORY" \
+  "SWAP" \
+  "PASSWORD" \
+  "BRIDGE" \
+  "DOMAIN" \
+  "UNPRIVILEGED" \
+  "CMODE" \
+  "SSH_PUBLIC_KEYS" \
+  "PVE_HOST" \
+  "PVE_USER" \
+  "PVE_PORT"
+)
+missing_params=()
+for param in ${mandatory_params[*]}; do
+  if [ -z "${!param}" ]; then missing_params+=("$param"); fi
+done
+if [ ${#missing_params[@]} -gt 0 ]; then
+  echo "❌ Error: The following necessary parameters are missing: ${missing_params[*]}" >&2
+  echo "❌ Error: Plesase provide them through one the proposed config file or the command line." >&2
   exit 1
 fi
 
 # Authentication Validation
-if [ -z "$PVE_PASSWORD" ]; then
-  if [ -z "$PVE_SSH_KEY" ]; then
-    echo "❌ Error: No authentication parameter is defined." >&2
-    exit 1
-  elif [ ! -f "$PVE_SSH_KEY" ]; then
-    echo "❌ Error: SSH key file '$PVE_SSH_KEY' does not exist." >&2
-    exit 1
-  fi
+if [ ! -f "$PVE_SSH_KEY" ]; then
+  echo "❌ Error: SSH key file '$PVE_SSH_KEY' does not exist." >&2
+  exit 1
 fi
 
 # --- SSH Connection to Proxmox Server ---
 run_proxmox() {
   local ssh_cmd="ssh -p $PVE_PORT"
   if [ -n "$PVE_SSH_KEY" ] && [ -f "$PVE_SSH_KEY" ]; then
-    ssh_cmd="$ssh_cmd -i $PVE_SSH_KEY"
+    ssh_cmd="$ssh_cmd -i $PVE_SSH_KEY "
   else
-    ssh_cmd="$ssh_cmd -o PreferredAuthentications=password \
-             -o StrictHostKeyChecking=no"
+    ssh_cmd="$ssh_cmd -o PreferredAuthentications=password "
   fi
   $ssh_cmd "$PVE_USER@$PVE_HOST" "$1"
 }
@@ -140,13 +174,13 @@ fi
 if [ -n "$IP" ]; then
   NET_OPTS="$NET_OPTS,ip=$IP"
 fi
-
+set -x
 # --- Container Creation ---
-echo "🚀 Creating LXC container $SHORT_NAME on $PVE_HOST..."
+echo "🚀 Creating LXC container $short_name on $PVE_HOST..."
 CREATE_CMD="pct create $ROOTFS_SIZE $TEMPLATE --cores $CORES \
---memory $MEMORY --swap $SWAP --hostname $SHORT_NAME.$DOMAIN \
+--memory $MEMORY --swap $SWAP --hostname $short_name.$DOMAIN \
 --password $PASSWORD --unprivileged $UNPRIVILEGED --net0 $NET_OPTS \
---onboot 1 --cmode $CMODE --ssh-public-keys $SSH_PUBLIC_KEYS"
+--onboot 0 --cmode $CMODE --ssh-public-keys $SSH_PUBLIC_KEYS"
 if [ -n "$TAGS" ]; then
   CREATE_CMD="$CREATE_CMD --tags $TAGS"
 fi
@@ -165,5 +199,5 @@ else
     echo "❌ Error: Failed to create the container." >&2
     exit 1
   fi
-  echo "✅ LXC container $SHORT_NAME created successfully (ID: $LXC_ID)."
+  echo "✅ LXC container $short_name created successfully (ID: $LXC_ID)."
 fi
\ No newline at end of file