NixOS-PVE-Deployment-Util/config-lxc.sh

122 lines
3.1 KiB
Bash

#!/bin/bash
set -e
# Function to display usage
usage() {
echo "Usage: $0 <container_id> --ssh-key <ssh_key> --ip <ip_address> --gateway <gateway> --user <username>"
echo " <container_id>: ID of the container (100-999)"
echo " --ssh-key: SSH public key for the user"
echo " --ip: IP address for the container"
echo " --gateway: Gateway IP address"
echo " --user: Username for the admin user (default: admin)"
exit 1
}
# Function to validate IP address format
validate_ip() {
if [[ $1 =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
return 0
fi
return 1
}
# Parse command-line arguments
CTID=$1
shift
while [[ $# -gt 0 ]]; do
case $1 in
--ssh-key) SSH_KEY="$2"; shift 2 ;;
--ip) IP_ADDRESS="$2"; shift 2 ;;
--gateway) GATEWAY="$2"; shift 2 ;;
--user) USERNAME="$2"; shift 2 ;;
*) echo "Unknown option: $1"; usage ;;
esac
done
# Validate inputs
[[ ! $CTID =~ ^[1-9][0-9]{2}$ ]] && { echo "Error: Invalid container ID"; usage; }
[[ -z $SSH_KEY ]] && { echo "Error: SSH key is required"; usage; }
[[ -z $IP_ADDRESS ]] && { echo "Error: IP address is required"; usage; }
[[ -z $GATEWAY ]] && { echo "Error: Gateway is required"; usage; }
validate_ip "$IP_ADDRESS" || { echo "Error: Invalid IP address"; usage; }
validate_ip "$GATEWAY" || { echo "Error: Invalid gateway"; usage; }
USERNAME=${USERNAME:-admin}
# Function to generate NixOS configuration
generate_nixos_config() {
cat << EOF
{ modulesPath, config, pkgs, ... }:
{
imports = [ "\${modulesPath}/virtualisation/lxc-container.nix" ];
boot.isContainer = true;
systemd.suppressedSystemUnits = [
"dev-mqueue.mount"
"sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount"
];
environment.systemPackages = with pkgs; [ openssh binutils man git ];
users.users.${USERNAME} = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ "${SSH_KEY}" ];
};
security.sudo.wheelNeedsPassword = false;
programs.nix-ld.enable = true;
services.openssh = {
enable = true;
settings = {
AllowUsers = ["${USERNAME}"];
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
networking = {
dhcpcd.enable = false;
useDHCP = false;
useHostResolvConf = false;
defaultGateway = "${GATEWAY}";
nameservers = [ "8.8.8.8" "8.8.4.4" ];
interfaces.eth0.ipv4.addresses = [{
address = "${IP_ADDRESS}";
prefixLength = 24;
}];
};
system.stateVersion = "24.05";
}
EOF
}
# Main execution
if ! pct status "$CTID" >/dev/null 2>&1; then
echo "Error: Container $CTID does not exist"
exit 1
fi
CONFIG_CONTENT=$(generate_nixos_config)
pct start ${CTID}
sleep 10
pct enter ${CTID} << EOF
/run/current-system/sw/bin/bash << 'INNEREOF'
export PATH=/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:\$PATH
source /etc/profile
mkdir -p /etc/nixos
cat > /etc/nixos/configuration.nix << 'CONFIGEOF'
${CONFIG_CONTENT}
CONFIGEOF
nixos-rebuild switch
INNEREOF
EOF
echo "Configuration applied successfully!"