diff --git a/README.md b/README.md new file mode 100644 index 0000000..41097cf --- /dev/null +++ b/README.md @@ -0,0 +1,21 @@ +# NixOS Proxmox LXC Container Configuration + +Quickly configure a NixOS LXC container in Proxmox with custom IP address and SSH key settings. + +## One-Line Installation + +```bash +curl -sSf https://git.jeirslab.xyz/jeirmeister/NixOS-PVE-LXC/raw/branch/main/config-lxc.sh | bash +``` + +The script will: +- Prompt for container ID (100-999) +- Request your SSH public key +- Ask for IP address and gateway +- Configure the container with these settings +- Apply the configuration automatically + +**Note**: Always verify scripts before running them with curl. You can inspect the source at the repository first. + +Citations: +[1] https://git.jeirslab.xyz/jeirmeister/NixOS-PVE-LXC/raw/branch/main/configuration.nix \ No newline at end of file diff --git a/config-lxc.sh b/config-lxc.sh new file mode 100644 index 0000000..500b8f2 --- /dev/null +++ b/config-lxc.sh @@ -0,0 +1,144 @@ +#!/bin/bash + +# Function to validate IP address format +validate_ip() { + if [[ $1 =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then + return 0 + fi + return 1 +} + +# Function to generate NixOS configuration +generate_nixos_config() { + local ssh_key="$1" + local ip_addr="$2" + local gateway="$3" + + cat << 'EOF' +{ modulesPath, config, pkgs, ... }: +{ + imports = + [ + "${modulesPath}/virtualisation/lxc-container.nix" + ]; + boot.isContainer = true; + + systemd.suppressedSystemUnits = [ + "dev-mqueue.mount" + "sys-kernel-debug.mount" + "sys-fs-fuse-connections.mount" + ]; + + environment.systemPackages = with pkgs; [ + openssh + binutils + man + git + ]; + + users.users.admin = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ +EOF + echo " \"$ssh_key\"" + cat << 'EOF' + ]; + }; + + security.sudo.wheelNeedsPassword = true; + + programs.nix-ld.enable = true; + + services.openssh = { + enable = true; + settings = { + AllowUsers = ["admin"]; + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; + }; + + networking = { + dhcpcd.enable = false; + useDHCP = false; + useHostResolvConf = false; +EOF + echo " defaultGateway = \"$gateway\";" + echo " interfaces.eth0.ipv4.addresses = [{" + echo " address = \"$ip_addr\";" + cat << 'EOF' + prefixLength = 24; + }]; + }; + + system.stateVersion = "24.05"; +} +EOF +} + +# Get Container ID +echo "Enter Container ID (100-999):" +read CTID +while ! [[ "$CTID" =~ ^[1-9][0-9]{2}$ ]]; do + echo "Invalid Container ID. Please enter a number between 100-999:" + read CTID +done + +# Get SSH Key +echo "Enter SSH public key:" +read SSH_KEY +while [ -z "$SSH_KEY" ]; do + echo "SSH key cannot be empty. Please enter your SSH public key:" + read SSH_KEY +done + +# Get IP Address +echo "Enter IP Address:" +read IP_ADDRESS +while ! validate_ip "$IP_ADDRESS"; do + echo "Invalid IP Address. Please enter a valid IP (e.g., 192.168.1.100):" + read IP_ADDRESS +done + +# Get Gateway +echo "Enter Gateway IP:" +read GATEWAY +while ! validate_ip "$GATEWAY"; do + echo "Invalid Gateway IP. Please enter a valid IP (e.g., 192.168.1.1):" + read GATEWAY +done + +# Confirm settings +echo -e "\nPlease confirm these settings:" +echo "Container ID: $CTID" +echo "IP Address: $IP_ADDRESS" +echo "Gateway: $GATEWAY" +echo "SSH Key: $SSH_KEY" +echo -e "\nProceed with these settings? (y/n)" +read CONFIRM + +if [ "$CONFIRM" != "y" ]; then + echo "Configuration cancelled" + exit 1 +fi + +# Generate configuration +CONFIG_CONTENT=$(generate_nixos_config "$SSH_KEY" "$IP_ADDRESS" "$GATEWAY") + +# Wait for container to be ready +pct start ${CTID} +sleep 10 + +# Execute all commands in a single session +pct enter ${CTID} << EOF +/run/current-system/sw/bin/bash << 'INNEREOF' +mkdir -p /etc/nixos +cat > /etc/nixos/configuration.nix << 'CONFIGEOF' +${CONFIG_CONTENT} +CONFIGEOF +nixos-rebuild switch +INNEREOF +EOF + +echo "Configuration applied successfully!" \ No newline at end of file diff --git a/configuration.nix b/configuration.nix index 5871a26..e6b15d3 100644 --- a/configuration.nix +++ b/configuration.nix @@ -38,8 +38,8 @@ enable = true; settings = { AllowUsers = ["admin"]; # everyone - PasswordAuthentication = true; # this is just a sandbox - PermitRootLogin = "yes"; + PasswordAuthentication = true; + PermitRootLogin = "no"; }; };