xavier/nixos-infra
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Refactored parameters handling. Removed useless SSH password parameter.

Browse Source
This commit is contained in:
Xavier Lagraula
2026-05-01 16:00:02 +02:00
parent ff60f331fd
commit 6e0e86b17a
1 changed files with 79 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nixos-infra/scripts/create-lxc-nixos.sh
+79 -45
View File
@@ -35,9 +35,13 @@ Options:
--pve-host HOST Proxmox host (e.g. pve). --pve-host HOST Proxmox host (e.g. pve).
--pve-user USER Proxmox user (default: admin). --pve-user USER Proxmox user (default: admin).
--pve-port PORT SSH port for Proxmox (default: 22). --pve-port PORT SSH port for Proxmox (default: 22).
--pve-password PASSWORD Password for SSH authentication on Proxmox.
--pve-ssh-key KEY SSH key file for authentication. --pve-ssh-key KEY SSH key file for authentication.
--dry-run Simulate container creation without execution. --dry-run Simulate container creation without execution.
Optional configuration files:
/etc/nixos-infra/hosts/config
\${XDG_CONFIG_HOME}/nixos-infra/hosts/config
./config
" "
# --- Default Parameters (Environment Variables) --- # --- Default Parameters (Environment Variables) ---
@@ -45,7 +49,6 @@ Options:
PVE_HOST="${PVE_HOST:-}" PVE_HOST="${PVE_HOST:-}"
PVE_USER="${PVE_USER:-admin}" PVE_USER="${PVE_USER:-admin}"
PVE_PORT="${PVE_PORT:-22}" PVE_PORT="${PVE_PORT:-22}"
PVE_PASSWORD="${PVE_PASSWORD:-}"
PVE_SSH_KEY="${PVE_SSH_KEY:-}" PVE_SSH_KEY="${PVE_SSH_KEY:-}"
DRY_RUN="${DRY_RUN:-false}" DRY_RUN="${DRY_RUN:-false}"
@@ -65,69 +68,100 @@ CMODE="${CMODE:-console}"
TAGS="${TAGS:-}" TAGS="${TAGS:-}"
SSH_PUBLIC_KEYS="${SSH_PUBLIC_KEYS:-}" SSH_PUBLIC_KEYS="${SSH_PUBLIC_KEYS:-}"
# --- Parse Arguments with docopts (Lowest Priority) --- # --- Parse Arguments with docopts (Highest priority) ---
# set +e is to prevent set -e from eating the error message from docopts.
# This is to prevent set -e from eating the error message from docopts # This code is up here to prevent useless error messages to be printed
# in case the "-h" or "--help" argument is used.
set +e set +e
args=$(docopts -h "$usage" : "$@") args=$(docopts -h "$usage" : "$@")
eval "$args" eval "$args"
set -e set -e
# --- Override with /etc/nixos-infra/hosts/<short_name> (Medium Priority) # --- Apply Configuration Files (by increasing priority) ---
if [ -f "/etc/nixos-infra/hosts/$Short_name" ]; then XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-$HOME/.config}"
echo "📄 Applying parameters from /etc/nixos-infra/hosts/$SHORT_NAME..." CONFIG_FILES=(\
set -a "/etc/nixos-infra/hosts/config" \
source "/etc/nixos-infra/hosts/$SHORT_NAME" "$XDG_CONFIG_HOME/nixos-infra/hosts/config" \
set +a "./config")
fi for conffile in ${CONFIG_FILES[*]}; do
if [ -f "$conffile" ]; then
echo "📄 Applying parameters from $conffile..."
set -a
source "$conffile"
set +a
else
echo "$conffile not found."
fi
done
# --- Override with ./<short_name> (Medium Priority) --- # Proxmox Server
if [ -f "./$SHORT_NAME" ]; then PVE_HOST="${pve_host:-$PVE_HOST}"
echo "📄 Applying parameters from ./$SHORT_NAME..." PVE_USER="${pve_user:-$PVE_USER}"
set -a PVE_PORT="${pve_port:-$PVE_PORT}"
source "./$SHORT_NAME" PVE_SSH_KEY="${pve_ssh_key:-$PVE_SSH_KEY}"
set +a DRY_RUN="${dry_run:-$DRY_RUN}"
fi
# --- Apply Command-Line Arguments (Highest Priority) --- # LXC Container
eval "$args" TEMPLATE="${template:-$TEMPLATE}"
ROOTFS_SIZE="${rootfs_size:-$ROOTFS_SIZE}"
CORES="${cores:-$CORES}"
MEMORY="${memory:-$MEMORY}"
SWAP="${swap:-$SWAP}"
PASSWORD="${password:-$PASSWORD}"
BRIDGE="${bridge:-$BRIDGE}"
VLAN="${vlan:-$VLAN}"
DOMAIN="${domain:-$DOMAIN}"
UNPRIVILEGED="${unprivileged:-$UNPRIVILEGED}"
IP="${ip:-$IP}"
CMODE="${cmode:-$CMODE}"
TAGS="${tags:-$TAGS}"
SSH_PUBLIC_KEYS="${ssh_public_keys:-$SSH_PUBLIC_KEYS}"
# --- SSH Key Default Logic --- # --- SSH Key Default Logic ---
if [ "$PVE_SSH_KEY" = "default" ]; then if [ "$PVE_SSH_KEY" = "default" ]; then
PVE_SSH_KEY="${HOME}/.ssh/id_${PVE_USER}" PVE_SSH_KEY="${HOME}/.ssh/id_${PVE_USER}"
elif [ -z "$PVE_SSH_KEY" ] && [ -z "$PVE_PASSWORD" ]; then
PVE_SSH_KEY="${HOME}/.ssh/id_${PVE_USER}"
fi fi
# --- Critical Parameters Validation --- # --- Critical Parameters Validation ---
if [ -z "$TEMPLATE" ] || [ -z "$ROOTFS_SIZE" ] || [ -z "$CORES" ] || \ mandatory_params=(
[ -z "$MEMORY" ] || [ -z "$SWAP" ] || [ -z "$PASSWORD" ] || \ "TEMPLATE" \
[ -z "$BRIDGE" ] || [ -z "$DOMAIN" ] || [ -z "$UNPRIVILEGED" ] || \ "ROOTFS_SIZE" \
[ -z "$CMODE" ] || [ -z "$SSH_PUBLIC_KEYS" ] || \ "CORES" \
[ -z "$PVE_HOST" ] || [ -z "$PVE_USER" ] || [ -z "$PVE_PORT" ]; then "MEMORY" \
echo "❌ Error: One or more critical parameters are missing." >&2 "SWAP" \
"PASSWORD" \
"BRIDGE" \
"DOMAIN" \
"UNPRIVILEGED" \
"CMODE" \
"SSH_PUBLIC_KEYS" \
"PVE_HOST" \
"PVE_USER" \
"PVE_PORT"
)
missing_params=()
for param in ${mandatory_params[*]}; do
if [ -z "${!param}" ]; then missing_params+=("$param"); fi
done
if [ ${#missing_params[@]} -gt 0 ]; then
echo "❌ Error: The following necessary parameters are missing: ${missing_params[*]}" >&2
echo "❌ Error: Plesase provide them through one the proposed config file or the command line." >&2
exit 1 exit 1
fi fi
# Authentication Validation # Authentication Validation
if [ -z "$PVE_PASSWORD" ]; then if [ ! -f "$PVE_SSH_KEY" ]; then
if [ -z "$PVE_SSH_KEY" ]; then echo "❌ Error: SSH key file '$PVE_SSH_KEY' does not exist." >&2
echo "❌ Error: No authentication parameter is defined." >&2 exit 1
exit 1
elif [ ! -f "$PVE_SSH_KEY" ]; then
echo "❌ Error: SSH key file '$PVE_SSH_KEY' does not exist." >&2
exit 1
fi
fi fi
# --- SSH Connection to Proxmox Server --- # --- SSH Connection to Proxmox Server ---
run_proxmox() { run_proxmox() {
local ssh_cmd="ssh -p $PVE_PORT" local ssh_cmd="ssh -p $PVE_PORT"
if [ -n "$PVE_SSH_KEY" ] && [ -f "$PVE_SSH_KEY" ]; then if [ -n "$PVE_SSH_KEY" ] && [ -f "$PVE_SSH_KEY" ]; then
ssh_cmd="$ssh_cmd -i $PVE_SSH_KEY" ssh_cmd="$ssh_cmd -i $PVE_SSH_KEY "
else else
ssh_cmd="$ssh_cmd -o PreferredAuthentications=password \ ssh_cmd="$ssh_cmd -o PreferredAuthentications=password "
-o StrictHostKeyChecking=no"
fi fi
$ssh_cmd "$PVE_USER@$PVE_HOST" "$1" $ssh_cmd "$PVE_USER@$PVE_HOST" "$1"
} }
@@ -140,13 +174,13 @@ fi
if [ -n "$IP" ]; then if [ -n "$IP" ]; then
NET_OPTS="$NET_OPTS,ip=$IP" NET_OPTS="$NET_OPTS,ip=$IP"
fi fi
set -x
# --- Container Creation --- # --- Container Creation ---
echo "🚀 Creating LXC container $SHORT_NAME on $PVE_HOST..." echo "🚀 Creating LXC container $short_name on $PVE_HOST..."
CREATE_CMD="pct create $ROOTFS_SIZE $TEMPLATE --cores $CORES \ CREATE_CMD="pct create $ROOTFS_SIZE $TEMPLATE --cores $CORES \
--memory $MEMORY --swap $SWAP --hostname $SHORT_NAME.$DOMAIN \ --memory $MEMORY --swap $SWAP --hostname $short_name.$DOMAIN \
--password $PASSWORD --unprivileged $UNPRIVILEGED --net0 $NET_OPTS \ --password $PASSWORD --unprivileged $UNPRIVILEGED --net0 $NET_OPTS \
--onboot 1 --cmode $CMODE --ssh-public-keys $SSH_PUBLIC_KEYS" --onboot 0 --cmode $CMODE --ssh-public-keys $SSH_PUBLIC_KEYS"
if [ -n "$TAGS" ]; then if [ -n "$TAGS" ]; then
CREATE_CMD="$CREATE_CMD --tags $TAGS" CREATE_CMD="$CREATE_CMD --tags $TAGS"
fi fi
@@ -165,5 +199,5 @@ else
echo "❌ Error: Failed to create the container." >&2 echo "❌ Error: Failed to create the container." >&2
exit 1 exit 1
fi fi
echo "✅ LXC container $SHORT_NAME created successfully (ID: $LXC_ID)." echo "✅ LXC container $short_name created successfully (ID: $LXC_ID)."
fi fi