From c6eabfca8be16c05e354f8c0aad901b903a18e5f Mon Sep 17 00:00:00 2001
From: root <root@Echo.Base>
Date: Sat, 18 Jan 2025 18:54:58 -1000
Subject: [PATCH] Modified the get-latest to correctly download LXC, made
 nixos-pve-config properly set permissions and created a deploy-lxc script to
 automatically create the container.

---
 scripts/deploy-lxc.sh    | 105 +++++++++++++++++++++++++++++++++++++++
 scripts/get-latest.sh    |  57 ++++++++++++++-------
 scripts/nixos-pve-config |  10 ++--
 3 files changed, 152 insertions(+), 20 deletions(-)
 create mode 100755 scripts/deploy-lxc.sh

diff --git a/scripts/deploy-lxc.sh b/scripts/deploy-lxc.sh
new file mode 100755
index 0000000..a9a6a5e
--- /dev/null
+++ b/scripts/deploy-lxc.sh
@@ -0,0 +1,105 @@
+#!/bin/bash
+
+# Default values
+DEFAULT_CORES=2
+DEFAULT_RAM=2048
+DEFAULT_SWAP=512
+DEFAULT_STORAGE=8
+DEFAULT_TEMPLATE="/var/lib/vz/template/cache/nixos_proxmox_lxc.tar.xz"
+
+# Function to display usage
+usage() {
+    echo "Usage: $0 -n HOSTNAME_CONTAINER [-c CORES] [-m RAM] [-s SWAP] [-d STORAGE] [-i IP/DHCP]"
+    echo "Options:"
+    echo "  -n HOSTNAME_CONTAINER    Container hostname (required)"
+    echo "  -c CORES      Number of CPU cores (default: $DEFAULT_CORES)"
+    echo "  -m RAM        RAM in MB (default: $DEFAULT_RAM)"
+    echo "  -s SWAP       Swap size in MB (default: $DEFAULT_SWAP)"
+    echo "  -d STORAGE    Root filesystem size in GB (default: $DEFAULT_STORAGE)"
+    echo "  -i IP         IP address in CIDR format or 'dhcp' (default: dhcp)"
+    exit 1
+}
+
+# Check if running as root
+if [ "$EUID" -ne 0 ]; then 
+    echo "Please run as root"
+    exit 1
+fi
+
+# Parse command line arguments
+while getopts "n:c:m:s:d:i:" opt; do
+    case $opt in
+        n) HOSTNAME_CONTAINER="$OPTARG" ;;
+        c) CORES="$OPTARG" ;;
+        m) RAM="$OPTARG" ;;
+        s) SWAP="$OPTARG" ;;
+        d) STORAGE="$OPTARG" ;;
+        i) IP="$OPTARG" ;;
+        *) usage ;;
+    esac
+done
+
+# Check for required hostname
+if [ -z "$HOSTNAME_CONTAINER" ]; then
+    echo "Error: Hostname is required"
+    usage
+fi
+
+# Set defaults if not specified
+CORES=${CORES:-$DEFAULT_CORES}
+RAM=${RAM:-$DEFAULT_RAM}
+SWAP=${SWAP:-$DEFAULT_SWAP}
+STORAGE=${STORAGE:-$DEFAULT_STORAGE}
+IP=${IP:-"dhcp"}
+
+# Check if template exists
+if [ ! -f "$DEFAULT_TEMPLATE" ]; then
+    echo "Error: NixOS template not found at $DEFAULT_TEMPLATE"
+    exit 1
+fi
+
+# Get next available CT ID
+NEXT_ID=$(pvesh get /cluster/nextid)
+
+# Prepare network config
+if [ "$IP" = "dhcp" ]; then
+    NET_CONFIG="name=eth0,ip=dhcp,bridge=vmbr0"
+else
+    NET_CONFIG="name=eth0,ip=$IP,bridge=vmbr0"
+fi
+
+# Create container
+echo "Creating NixOS container CT $NEXT_ID..."
+    pct create "$NEXT_ID" "$DEFAULT_TEMPLATE" \
+    --hostname "$HOSTNAME_CONTAINER" \
+    --cores "$CORES" \
+    --memory "$RAM" \
+    --swap "$SWAP" \
+    --rootfs "local-lvm:${STORAGE}" \
+    --net0 "$NET_CONFIG" \
+    --unprivileged 1 \
+    --features "nesting=1" \
+    --start 1
+
+# Get container's IPv4 address
+IP_ADDRESS=$(pct exec $NEXT_ID -- hostname -I | awk '{print $1}')
+
+if [ $? -eq 0 ]; then
+    echo "Container $NEXT_ID created successfully"
+    echo "Hostname: $HOSTNAME_CONTAINER"
+    echo "Cores: $CORES"
+    echo "RAM: $RAM MB"
+    echo "Swap: $SWAP MB"
+    echo "Storage: $STORAGE GB"
+    echo "Network: $NET_CONFIG"
+    
+    # Only display IP if we got one
+    if [ ! -z "$IP_ADDRESS" ]; then
+        echo -e "${HOSTNAME_CONTAINER} is now deployed at ${GREEN}${IP_ADDRESS}${NC}"
+    else
+        echo "Warning: Could not retrieve IP address"
+    fi
+else
+    echo "Error: Failed to create container"
+    exit 1
+fi
diff --git a/scripts/get-latest.sh b/scripts/get-latest.sh
index 2c1c151..4140248 100644
--- a/scripts/get-latest.sh
+++ b/scripts/get-latest.sh
@@ -1,25 +1,48 @@
 #!/bin/bash
 
-IMAGE_TYPE="$1"
 BASE_URL="https://hydra.nixos.org/job/nixos/release-24.11/nixos"
-DOWNLOAD_DIR="./build"
+LXC_TEMPLATE_DIR="/var/lib/vz/template/cache"
+VM_BACKUP_DIR="/var/lib/vz/dump"
 
-if [ "$IMAGE_TYPE" = "VM" ]; then
-    DOWNLOAD_URL="${BASE_URL}.proxmoxImage.x86_64-linux/latest/download/1"
-    OUTPUT_FILE="${DOWNLOAD_DIR}/nixos_proxmox_vm.vma.zst"
-elif [ "$IMAGE_TYPE" = "LXC" ]; then
-    DOWNLOAD_URL="${BASE_URL}.proxmoxLXC.x86_64-linux/latest/download/1"
-    OUTPUT_FILE="${DOWNLOAD_DIR}/nixos_proxmox_lxc.tar.xz"
-else
-    echo "Error: Invalid image type. Must be 'VM' or 'LXC'" >&2
+# Check if running as root
+if [ "$EUID" -ne 0 ]; then 
+    echo "Please run as root"
     exit 1
 fi
 
-wget -q --show-progress -O "$OUTPUT_FILE" "$DOWNLOAD_URL"
-EXIT_CODE=$?
+# Create directories if they don't exist
+mkdir -p "$LXC_TEMPLATE_DIR" "$VM_BACKUP_DIR"
 
-if [ $EXIT_CODE -ne 0 ]; then
-    echo "Error: Download failed" >&2
-    rm -f "$OUTPUT_FILE"
-    exit $EXIT_CODE
-fi
\ No newline at end of file
+# Define file paths and URLs
+LXC_FILE="${LXC_TEMPLATE_DIR}/nixos_proxmox_lxc.tar.xz"
+VM_FILE="${VM_BACKUP_DIR}/nixos_proxmox_vm.vma.zst"
+LXC_URL="${BASE_URL}.proxmoxLXC.x86_64-linux/latest/download/1"
+VM_URL="${BASE_URL}.proxmoxImage.x86_64-linux/latest/download/1"
+
+# Function to check and download file
+check_and_download() {
+    local file=$1
+    local url=$2
+    local type=$3
+    
+    if [ -f "$file" ]; then
+        # Get remote file size
+        remote_size=$(curl -sI "$url" | grep -i content-length | awk '{print $2}' | tr -d '\r')
+        local_size=$(stat -f%z "$file" 2>/dev/null || stat -c%s "$file")
+        
+        if [ "$local_size" != "$remote_size" ]; then
+            echo "Size mismatch for $type, downloading new version..."
+            wget -q --show-progress -O "$file" "$url"
+        else
+            echo "$type is up to date"
+        fi
+    else
+        echo "Downloading $type..."
+        wget -q --show-progress -O "$file" "$url"
+    fi
+}
+
+# Download both images if needed
+check_and_download "$LXC_FILE" "$LXC_URL" "LXC template"
+# check_and_download "$VM_FILE" "$VM_URL" "VM backup"
+# TODO: fix the VM download url
diff --git a/scripts/nixos-pve-config b/scripts/nixos-pve-config
index d7c01f5..8bee036 100755
--- a/scripts/nixos-pve-config
+++ b/scripts/nixos-pve-config
@@ -87,10 +87,10 @@ LXC_CONFIG="/var/lib/lxc/${CTID}/config"
 
 # Update PVE config
 if [ -f "$PVE_CONFIG" ]; then
-    if ! grep -q "^lxc.init_cmd:" "$PVE_CONFIG"; then
-        echo "lxc.init_cmd: /run/current-system/sw/bin/bash" >> "$PVE_CONFIG"
+    if ! grep -q "^lxc.init.cmd:" "$PVE_CONFIG"; then
+        echo "lxc.init.cmd: /run/current-system/sw/bin/bash" >> "$PVE_CONFIG"
     else
-        sed -i "s|^lxc.init_cmd:.*|lxc.init_cmd: /run/current-system/sw/bin/bash|" "$PVE_CONFIG"
+        sed -i "s|^lxc.init.cmd:.*|lxc.init.cmd: /run/current-system/sw/bin/bash|" "$PVE_CONFIG"
     fi
 
     if ! grep -q "^cmode:" "$PVE_CONFIG"; then
@@ -132,7 +132,11 @@ DEVICE_PATH="/dev/pve/${VOLUME_NAME}"
 mkdir -p "$MOUNT_POINT"
 mount "$DEVICE_PATH" "$MOUNT_POINT"
 mkdir -p "${MOUNT_POINT}/etc/nixos"
+
+# Copy files and fix permissions for unprivileged container access
 cp -r "${REPO_DIR}/nix-config/"* "${MOUNT_POINT}/etc/nixos/"
+chown -R 100000:100000 "${MOUNT_POINT}/etc/nixos"
+chmod -R 755 "${MOUNT_POINT}/etc/nixos"
 
 # Set password if requested
 if [[ "$set_password" =~ ^[Yy]$ ]]; then