Added README.md with installation snippet to be run in Proxmox

README.md

@@ -0,0 +1,21 @@
+# NixOS Proxmox LXC Container Configuration
+
+Quickly configure a NixOS LXC container in Proxmox with custom IP address and SSH key settings.
+
+## One-Line Installation
+
+```bash
+curl -sSf https://git.jeirslab.xyz/jeirmeister/NixOS-PVE-LXC/raw/branch/main/config-lxc.sh | bash
+```
+
+The script will:
+- Prompt for container ID (100-999)
+- Request your SSH public key
+- Ask for IP address and gateway
+- Configure the container with these settings
+- Apply the configuration automatically
+
+**Note**: Always verify scripts before running them with curl. You can inspect the source at the repository first.
+
+Citations:
+[1] https://git.jeirslab.xyz/jeirmeister/NixOS-PVE-LXC/raw/branch/main/configuration.nix

config-lxc.sh

@@ -0,0 +1,144 @@
+#!/bin/bash
+
+# Function to validate IP address format
+validate_ip() {
+    if [[ $1 =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+        return 0
+    fi
+    return 1
+}
+
+# Function to generate NixOS configuration
+generate_nixos_config() {
+    local ssh_key="$1"
+    local ip_addr="$2"
+    local gateway="$3"
+
+    cat << 'EOF'
+{ modulesPath, config, pkgs, ... }:
+{
+  imports = 
+    [ 
+      "${modulesPath}/virtualisation/lxc-container.nix"
+    ];
+  boot.isContainer = true;
+
+  systemd.suppressedSystemUnits = [
+    "dev-mqueue.mount"
+    "sys-kernel-debug.mount"
+    "sys-fs-fuse-connections.mount"
+  ];
+
+  environment.systemPackages = with pkgs; [
+    openssh
+    binutils
+    man
+    git
+  ];
+
+  users.users.admin = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = [
+EOF
+    echo "      \"$ssh_key\""
+    cat << 'EOF'
+    ];
+  };
+
+  security.sudo.wheelNeedsPassword = true;
+
+  programs.nix-ld.enable = true;
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      AllowUsers = ["admin"];
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+    };
+  };
+
+  networking = {
+    dhcpcd.enable = false;
+    useDHCP = false;
+    useHostResolvConf = false;
+EOF
+    echo "    defaultGateway = \"$gateway\";"
+    echo "    interfaces.eth0.ipv4.addresses = [{"
+    echo "      address = \"$ip_addr\";"
+    cat << 'EOF'
+      prefixLength = 24;
+    }];
+  };
+
+  system.stateVersion = "24.05";
+}
+EOF
+}
+
+# Get Container ID
+echo "Enter Container ID (100-999):"
+read CTID
+while ! [[ "$CTID" =~ ^[1-9][0-9]{2}$ ]]; do
+    echo "Invalid Container ID. Please enter a number between 100-999:"
+    read CTID
+done
+
+# Get SSH Key
+echo "Enter SSH public key:"
+read SSH_KEY
+while [ -z "$SSH_KEY" ]; do
+    echo "SSH key cannot be empty. Please enter your SSH public key:"
+    read SSH_KEY
+done
+
+# Get IP Address
+echo "Enter IP Address:"
+read IP_ADDRESS
+while ! validate_ip "$IP_ADDRESS"; do
+    echo "Invalid IP Address. Please enter a valid IP (e.g., 192.168.1.100):"
+    read IP_ADDRESS
+done
+
+# Get Gateway
+echo "Enter Gateway IP:"
+read GATEWAY
+while ! validate_ip "$GATEWAY"; do
+    echo "Invalid Gateway IP. Please enter a valid IP (e.g., 192.168.1.1):"
+    read GATEWAY
+done
+
+# Confirm settings
+echo -e "\nPlease confirm these settings:"
+echo "Container ID: $CTID"
+echo "IP Address: $IP_ADDRESS"
+echo "Gateway: $GATEWAY"
+echo "SSH Key: $SSH_KEY"
+echo -e "\nProceed with these settings? (y/n)"
+read CONFIRM
+
+if [ "$CONFIRM" != "y" ]; then
+    echo "Configuration cancelled"
+    exit 1
+fi
+
+# Generate configuration
+CONFIG_CONTENT=$(generate_nixos_config "$SSH_KEY" "$IP_ADDRESS" "$GATEWAY")
+
+# Wait for container to be ready
+pct start ${CTID}
+sleep 10
+
+# Execute all commands in a single session
+pct enter ${CTID} << EOF
+/run/current-system/sw/bin/bash << 'INNEREOF'
+mkdir -p /etc/nixos
+cat > /etc/nixos/configuration.nix << 'CONFIGEOF'
+${CONFIG_CONTENT}
+CONFIGEOF
+nixos-rebuild switch
+INNEREOF
+EOF
+
+echo "Configuration applied successfully!"

configuration.nix

@@ -38,8 +38,8 @@
     enable = true;
     settings = {
       AllowUsers = ["admin"]; # everyone
-      PasswordAuthentication = true; # this is just a sandbox
-      PermitRootLogin = "yes";
+      PasswordAuthentication = true;
+      PermitRootLogin = "no";
     };
   };