plasmagoat/nixos-base-image
1
0
Fork 1
Code Issues Pull requests Projects Releases 4 Packages Wiki Activity Actions

Compare commits

base: plasmagoat:dev-20250609-e759410
Branches Tags
plasmagoat:main
plasmagoat:v0.0.2
plasmagoat:dev-20250609-d799507
plasmagoat:v0.0.1
plasmagoat:dev-20250609-e759410
...
compare: plasmagoat:main
Branches Tags
plasmagoat:main
plasmagoat:v0.0.2
plasmagoat:dev-20250609-d799507
plasmagoat:v0.0.1
plasmagoat:dev-20250609-e759410

5 commits
dev-202506 ... main

Author SHA1 Message Date
plasmagoat
c6cff38e59 Update README.md 2025-06-10 14:54:34 +02:00
plasmagoat
d799507b6c env 2025-06-09 22:59:09 +02:00
plasmagoat
beab8fedc6 version tagging 2025-06-09 22:59:09 +02:00
David Samuelsen
32d407c6af Merge pull request 'Remove non-ascii chars 🎨' (#1) from dannydannydanny/nixos-base-image:main into main 
Reviewed-on: #1
Reviewed-by: David Samuelsen <plasmagoat@noreply.git.procopius.dk>
 2025-06-09 22:01:01 +02:00
dannydannydanny
46290db2be chore: remove non-ascii chars 🎨 2025-06-09 21:59:02 +02:00
7 changed files with 46 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

54
.forgejo/workflows/build-image.yml
View file

@ -17,16 +17,12 @@ jobs:
NIXOS_BUILER_USER: runner NIXOS_BUILER_USER: runner
PROXMOX_HOST: 192.168.1.205 PROXMOX_HOST: 192.168.1.205
PROXMOX_USER: plasmagoat PROXMOX_USER: plasmagoat
# VM Template IDs for your Ansible playbook
# These are now passed to the playbook via --extra-vars, not directly as env vars for qm.
# They are defined in group_vars/all.yml, but can be overridden from here if needed.
# TEMPLATE_VMID: 9001 # Removed from direct env for explicit passing to Ansible
# LATEST_TEMPLATE_VMID: 9000 # Removed from direct env for explicit passing to Ansible
outputs: outputs:
image-name: ${{ steps.build_image.outputs.image_name_from_build }} image-name: ${{ steps.build_image.outputs.image_name_from_build }}
flake-metadata: ${{ steps.meta.outputs.metadata }} image-version: ${{ steps.version.outputs.tag_name }}
image-url: ${{ steps.image-artifact.outputs.artifact-url }} image-url: ${{ steps.image-artifact.outputs.artifact-url }}
flake-metadata: ${{ steps.meta.outputs.metadata }}
steps: steps:
# Use nix-env for setup (as you prefer and it works well for ephemeral environments) # Use nix-env for setup (as you prefer and it works well for ephemeral environments)
- name: Install dependencies via nix-env - name: Install dependencies via nix-env
@ -89,26 +85,31 @@ jobs:
echo "image_path_from_build=${IMAGE_PATH}" >> "$GITHUB_OUTPUT" echo "image_path_from_build=${IMAGE_PATH}" >> "$GITHUB_OUTPUT"
echo "image_name_from_build=${IMAGE_NAME}" >> "$GITHUB_OUTPUT" echo "image_name_from_build=${IMAGE_NAME}" >> "$GITHUB_OUTPUT"
- name: Set version
id: version
run: |
if [[ "${{ github.ref_type }}" == "tag" ]]; then
TAG_NAME="${{ github.ref_name }}"
else
TAG_NAME="dev-$(date +%Y%m%d)-${GITHUB_SHA::7}"
fi
echo "Ref Type: ${{ github.ref_type }}"
echo "Ref Name: ${{ github.ref_name }}"
echo "Version: $TAG_NAME"
echo "tag_name=$TAG_NAME" >> "$GITHUB_OUTPUT"
- name: Run Proxmox Image Deployment - name: Run Proxmox Image Deployment
run: | run: |
chmod +x ./scripts/run_ansible_ci.sh chmod +x ./scripts/run_ansible_ci.sh
# Execute the script, passing necessary environment variables # Execute the script, passing necessary environment variables
bash scripts/run_ansible_ci.sh bash scripts/run_ansible_ci.sh
env: env:
# These are passed directly to the `run_ansible_ci.sh` script,
# which then uses them to construct Ansible's --extra-vars.
# Match these variable names with what `run_ansible_ci.sh` expects.
# Note: The `image_path_from_build` comes from the previous step's output.
PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD: ${{ steps.build_image.outputs.image_path_from_build }}
# Provide VMIDs and names, overriding group_vars if desired. # Provide VMIDs and names, overriding group_vars if desired.
# These will be passed as `--extra-vars` to Ansible. # These will be passed as `--extra-vars` to Ansible.
ANSIBLE_EXTRA_VARS: >- ANSIBLE_EXTRA_VARS: >-
backup_template_vmid={{ env.TEMPLATE_VMID | default('9001') }} backup_template_vmid=${{ env.TEMPLATE_VMID | default('9001') }}
latest_template_vmid={{ env.LATEST_TEMPLATE_VMID | default('9000') }} latest_template_vmid=${{ env.LATEST_TEMPLATE_VMID | default('9000') }}
proxmox_host={{ env.PROXMOX_HOST }} version=${{ steps.version.outputs.tag_name }}
proxmox_user={{ env.PROXMOX_USER }}
remote_image_path_ci={{ steps.build_image.outputs.image_path_from_build }}
- name: Extract flake metadata - name: Extract flake metadata
id: meta id: meta
@ -153,25 +154,12 @@ jobs:
with: with:
name: release-artifact name: release-artifact
- name: Set version
id: version
run: |
if [[ "${{ github.ref_type }}" == "tag" ]]; then
TAG_NAME="${{ github.ref_name }}"
else
TAG_NAME="dev-$(date +%Y%m%d)-${GITHUB_SHA::7}"
fi
echo "Ref Type: ${{ github.ref_type }}"
echo "Ref Name: ${{ github.ref_name }}"
echo "Version: $TAG_NAME"
echo "tag_name=$TAG_NAME" >> "$GITHUB_OUTPUT"
- name: Create Forgejo Release - name: Create Forgejo Release
uses: https://code.forgejo.org/sheik/forgejo-release@v2.6.0 uses: https://code.forgejo.org/sheik/forgejo-release@v2.6.0
with: with:
title: "NixOS Base Image ${{ steps.version.outputs.tag_name }}" title: "NixOS Base Image ${{ needs.build.outputs.image-version }}"
prerelease: ${{ github.ref_type != 'tag' }} prerelease: ${{ github.ref_type != 'tag' }}
tag: ${{ steps.version.outputs.tag_name }} tag: ${{ needs.build.outputs.image-version }}
direction: upload direction: upload
release-notes: | release-notes: |
✅ **Base NixOS image uploaded** ✅ **Base NixOS image uploaded**

6
README.md
View file

@ -1,4 +1,4 @@
# Nixs base image for promxox # NixOS base image for promxox
This is the nixos base image to be used as a template in proxmox This is the nixos base image to be used as a template in proxmox
## Using this base image ## Using this base image
@ -12,6 +12,6 @@ nix build .#base
Copy to target proxmox storage Copy to target proxmox storage
```bash ```bash
cd ansible chmod +x scripts/run_ansible_ci.sh
ansible-playbook upload-template.yml ./scripts/run_ansible_ci.sh
``` ```

1
ansible/inventory/hosts.yml
View file

@ -1,4 +1,3 @@
---
all: all:
children: children:
proxmox: proxmox:

2
ansible/roles/create-template/tasks/main.yml
View file

@ -31,7 +31,7 @@
- name: Restore VM from image to 'latest' template VMID - name: Restore VM from image to 'latest' template VMID
ansible.builtin.shell: | ansible.builtin.shell: |
qmrestore {{ remote_image_path }} {{ vmid_latest_template }} --unique true --storage {{ storage_name }} qmrestore {{ remote_image_path }} {{ vmid_latest_template }} --unique true --storage {{ storage_name }}
qm set {{ vmid_latest_template }} --cores {{ cpu_cores }} --memory {{ memory_mb }} --name {{ vmname_latest_template }} qm set {{ vmid_latest_template }} --cores {{ cpu_cores }} --memory {{ memory_mb }} --name {{ vmname_latest_template }} --tag {{ template_version }}
qm template {{ vmid_latest_template }} qm template {{ vmid_latest_template }}
register: restore_new_latest_result register: restore_new_latest_result
changed_when: restore_new_latest_result.rc == 0 changed_when: restore_new_latest_result.rc == 0

1
ansible/upload-template.yml
View file

@ -16,6 +16,7 @@
vmname_backup_template: "{{ backup_template_vm_name }}" vmname_backup_template: "{{ backup_template_vm_name }}"
vmid_latest_template: "{{ latest_template_vmid }}" vmid_latest_template: "{{ latest_template_vmid }}"
vmname_latest_template: "{{ latest_template_vm_name }}" vmname_latest_template: "{{ latest_template_vm_name }}"
template_version: "{{ version | default('v0.0.0') }}"
roles: roles:
- role: create-template - role: create-template

4
configuration.nix
View file

@ -2,7 +2,7 @@
{ {
# We rely on the QEMU Guest Agent profile so that Proxmox can talk # We rely on the QEMU Guest Agent profile so that Proxmox can talk
# to the VMs guest-agent. # to the VM's guest-agent.
imports = [ imports = [
# Enables QEMU Guest Agent support in the VM # Enables QEMU Guest Agent support in the VM
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
@ -30,7 +30,7 @@
# Sudo: Do not require a password for wheel group # Sudo: Do not require a password for wheel group
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
# OpenSSH: disable passwordbased auth, only allow keybased # OpenSSH: disable password-based auth, only allow key-based
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "prohibit-password"; settings.PermitRootLogin = "prohibit-password";

42
scripts/run_ansible_ci.sh
View file

@ -3,12 +3,6 @@ set -euo pipefail
echo "Starting Ansible CI/CD run..." echo "Starting Ansible CI/CD run..."
# # --- 1. Validate required environment variables ---
# if [[ -z "${PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD}" ]]; then
# echo "Error: PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD environment variable not set. Cannot find built image."
# exit 1
# fi
# --- 2. Navigate to the Ansible directory --- # --- 2. Navigate to the Ansible directory ---
SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P) SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)
ANSIBLE_DIR="${SCRIPT_DIR}/../ansible" ANSIBLE_DIR="${SCRIPT_DIR}/../ansible"
@ -23,32 +17,32 @@ echo "Changed directory to: $(pwd)"
# # --- 3. Define Ansible Extra Variables --- # # --- 3. Define Ansible Extra Variables ---
# # Base extra variables from our static definitions # # Base extra variables from our static definitions
# EXTRA_VARS=( EXTRA_VARS=(
# # "local_image_path_ci=${PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD}" # Path to the image file on the CI runner # "local_image_path_ci=${PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD}" # Path to the image file on the CI runner
# # "image_filename=$(basename "${PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD}")" # Extract filename # "image_filename=$(basename "${PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD}")" # Extract filename
# ) )
# # Append any other variables passed via ANSIBLE_EXTRA_VARS from the workflow # # Append any other variables passed via ANSIBLE_EXTRA_VARS from the workflow
# if [[ -n "${ANSIBLE_EXTRA_VARS:-}" ]]; then if [[ -n "${ANSIBLE_EXTRA_VARS:-}" ]]; then
# # Split by space or newline and add to array # Split by space or newline and add to array
# IFS=$'\n' read -r -d '' -a ADDITIONAL_VARS <<< "${ANSIBLE_EXTRA_VARS}" || true IFS=$'\n' read -r -d '' -a ADDITIONAL_VARS <<< "${ANSIBLE_EXTRA_VARS}" || true
# for var in "${ADDITIONAL_VARS[@]}"; do for var in "${ADDITIONAL_VARS[@]}"; do
# EXTRA_VARS+=("${var}") EXTRA_VARS+=("${var}")
# done done
# fi fi
# # --- 4. Execute the Ansible Playbook --- # # --- 4. Execute the Ansible Playbook ---
# echo "Executing Ansible playbook: upload-template.yml" # echo "Executing Ansible playbook: upload-template.yml"
# # Construct the full --extra-vars string # # Construct the full --extra-vars string
# EXTRA_VARS_ARGS="" EXTRA_VARS_ARGS=""
# for var in "${EXTRA_VARS[@]}"; do for var in "${EXTRA_VARS[@]}"; do
# EXTRA_VARS_ARGS+=" -e ${var}" EXTRA_VARS_ARGS+=" -e ${var}"
# done done
ansible-playbook upload-template.yml #\ ansible-playbook upload-template.yml \
# --inventory inventory/hosts.yml \ --inventory inventory/hosts.yml \
# ${EXTRA_VARS_ARGS} \ ${EXTRA_VARS_ARGS} # \
# --diff \ # --diff \
# --check false # Set to true for a dry run, false for actual execution # --check false # Set to true for a dry run, false for actual execution