plasmagoat/nixos-base-image
1
0
Fork 1
Code Issues Pull requests Projects Releases 4 Packages Wiki Activity Actions

Compare commits

base: plasmagoat:main
Branches Tags
plasmagoat:main
plasmagoat:v0.0.2
plasmagoat:dev-20250609-d799507
plasmagoat:v0.0.1
plasmagoat:dev-20250609-e759410
..
compare: plasmagoat:v0.0.1
Branches Tags
plasmagoat:main
plasmagoat:v0.0.2
plasmagoat:dev-20250609-d799507
plasmagoat:v0.0.1
plasmagoat:dev-20250609-e759410

No commits in common. "main" and "v0.0.1" have entirely different histories.
main ... v0.0.1

7 changed files with 64 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

54
.forgejo/workflows/build-image.yml
View file

@ -17,12 +17,16 @@ jobs:
NIXOS_BUILER_USER: runner NIXOS_BUILER_USER: runner
PROXMOX_HOST: 192.168.1.205 PROXMOX_HOST: 192.168.1.205
PROXMOX_USER: plasmagoat PROXMOX_USER: plasmagoat
# VM Template IDs for your Ansible playbook
# These are now passed to the playbook via --extra-vars, not directly as env vars for qm.
# They are defined in group_vars/all.yml, but can be overridden from here if needed.
# TEMPLATE_VMID: 9001 # Removed from direct env for explicit passing to Ansible
# LATEST_TEMPLATE_VMID: 9000 # Removed from direct env for explicit passing to Ansible
outputs: outputs:
image-name: ${{ steps.build_image.outputs.image_name_from_build }} image-name: ${{ steps.build_image.outputs.image_name_from_build }}
image-version: ${{ steps.version.outputs.tag_name }}
image-url: ${{ steps.image-artifact.outputs.artifact-url }}
flake-metadata: ${{ steps.meta.outputs.metadata }} flake-metadata: ${{ steps.meta.outputs.metadata }}
image-url: ${{ steps.image-artifact.outputs.artifact-url }}
steps: steps:
# Use nix-env for setup (as you prefer and it works well for ephemeral environments) # Use nix-env for setup (as you prefer and it works well for ephemeral environments)
- name: Install dependencies via nix-env - name: Install dependencies via nix-env
@ -85,31 +89,26 @@ jobs:
echo "image_path_from_build=${IMAGE_PATH}" >> "$GITHUB_OUTPUT" echo "image_path_from_build=${IMAGE_PATH}" >> "$GITHUB_OUTPUT"
echo "image_name_from_build=${IMAGE_NAME}" >> "$GITHUB_OUTPUT" echo "image_name_from_build=${IMAGE_NAME}" >> "$GITHUB_OUTPUT"
- name: Set version
id: version
run: |
if [[ "${{ github.ref_type }}" == "tag" ]]; then
TAG_NAME="${{ github.ref_name }}"
else
TAG_NAME="dev-$(date +%Y%m%d)-${GITHUB_SHA::7}"
fi
echo "Ref Type: ${{ github.ref_type }}"
echo "Ref Name: ${{ github.ref_name }}"
echo "Version: $TAG_NAME"
echo "tag_name=$TAG_NAME" >> "$GITHUB_OUTPUT"
- name: Run Proxmox Image Deployment - name: Run Proxmox Image Deployment
run: | run: |
chmod +x ./scripts/run_ansible_ci.sh chmod +x ./scripts/run_ansible_ci.sh
# Execute the script, passing necessary environment variables # Execute the script, passing necessary environment variables
bash scripts/run_ansible_ci.sh bash scripts/run_ansible_ci.sh
env: env:
# These are passed directly to the `run_ansible_ci.sh` script,
# which then uses them to construct Ansible's --extra-vars.
# Match these variable names with what `run_ansible_ci.sh` expects.
# Note: The `image_path_from_build` comes from the previous step's output.
PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD: ${{ steps.build_image.outputs.image_path_from_build }}
# Provide VMIDs and names, overriding group_vars if desired. # Provide VMIDs and names, overriding group_vars if desired.
# These will be passed as `--extra-vars` to Ansible. # These will be passed as `--extra-vars` to Ansible.
ANSIBLE_EXTRA_VARS: >- ANSIBLE_EXTRA_VARS: >-
backup_template_vmid=${{ env.TEMPLATE_VMID | default('9001') }} backup_template_vmid={{ env.TEMPLATE_VMID | default('9001') }}
latest_template_vmid=${{ env.LATEST_TEMPLATE_VMID | default('9000') }} latest_template_vmid={{ env.LATEST_TEMPLATE_VMID | default('9000') }}
version=${{ steps.version.outputs.tag_name }} proxmox_host={{ env.PROXMOX_HOST }}
proxmox_user={{ env.PROXMOX_USER }}
remote_image_path_ci={{ steps.build_image.outputs.image_path_from_build }}
- name: Extract flake metadata - name: Extract flake metadata
id: meta id: meta
@ -154,12 +153,25 @@ jobs:
with: with:
name: release-artifact name: release-artifact
- name: Set version
id: version
run: |
if [[ "${{ github.ref_type }}" == "tag" ]]; then
TAG_NAME="${{ github.ref_name }}"
else
TAG_NAME="dev-$(date +%Y%m%d)-${GITHUB_SHA::7}"
fi
echo "Ref Type: ${{ github.ref_type }}"
echo "Ref Name: ${{ github.ref_name }}"
echo "Version: $TAG_NAME"
echo "tag_name=$TAG_NAME" >> "$GITHUB_OUTPUT"
- name: Create Forgejo Release - name: Create Forgejo Release
uses: https://code.forgejo.org/sheik/forgejo-release@v2.6.0 uses: https://code.forgejo.org/sheik/forgejo-release@v2.6.0
with: with:
title: "NixOS Base Image ${{ needs.build.outputs.image-version }}" title: "NixOS Base Image ${{ steps.version.outputs.tag_name }}"
prerelease: ${{ github.ref_type != 'tag' }} prerelease: ${{ github.ref_type != 'tag' }}
tag: ${{ needs.build.outputs.image-version }} tag: ${{ steps.version.outputs.tag_name }}
direction: upload direction: upload
release-notes: | release-notes: |
✅ **Base NixOS image uploaded** ✅ **Base NixOS image uploaded**

6
README.md
View file

@ -1,4 +1,4 @@
# NixOS base image for promxox # Nixs base image for promxox
This is the nixos base image to be used as a template in proxmox This is the nixos base image to be used as a template in proxmox
## Using this base image ## Using this base image
@ -12,6 +12,6 @@ nix build .#base
Copy to target proxmox storage Copy to target proxmox storage
```bash ```bash
chmod +x scripts/run_ansible_ci.sh cd ansible
./scripts/run_ansible_ci.sh ansible-playbook upload-template.yml
``` ```

1
ansible/inventory/hosts.yml
View file

@ -1,3 +1,4 @@
---
all: all:
children: children:
proxmox: proxmox:

2
ansible/roles/create-template/tasks/main.yml
View file

@ -31,7 +31,7 @@
- name: Restore VM from image to 'latest' template VMID - name: Restore VM from image to 'latest' template VMID
ansible.builtin.shell: | ansible.builtin.shell: |
qmrestore {{ remote_image_path }} {{ vmid_latest_template }} --unique true --storage {{ storage_name }} qmrestore {{ remote_image_path }} {{ vmid_latest_template }} --unique true --storage {{ storage_name }}
qm set {{ vmid_latest_template }} --cores {{ cpu_cores }} --memory {{ memory_mb }} --name {{ vmname_latest_template }} --tag {{ template_version }} qm set {{ vmid_latest_template }} --cores {{ cpu_cores }} --memory {{ memory_mb }} --name {{ vmname_latest_template }}
qm template {{ vmid_latest_template }} qm template {{ vmid_latest_template }}
register: restore_new_latest_result register: restore_new_latest_result
changed_when: restore_new_latest_result.rc == 0 changed_when: restore_new_latest_result.rc == 0

1
ansible/upload-template.yml
View file

@ -16,7 +16,6 @@
vmname_backup_template: "{{ backup_template_vm_name }}" vmname_backup_template: "{{ backup_template_vm_name }}"
vmid_latest_template: "{{ latest_template_vmid }}" vmid_latest_template: "{{ latest_template_vmid }}"
vmname_latest_template: "{{ latest_template_vm_name }}" vmname_latest_template: "{{ latest_template_vm_name }}"
template_version: "{{ version | default('v0.0.0') }}"
roles: roles:
- role: create-template - role: create-template

4
configuration.nix
View file

@ -2,7 +2,7 @@
{ {
# We rely on the QEMU Guest Agent profile so that Proxmox can talk # We rely on the QEMU Guest Agent profile so that Proxmox can talk
# to the VM's guest-agent. # to the VMs guest-agent.
imports = [ imports = [
# Enables QEMU Guest Agent support in the VM # Enables QEMU Guest Agent support in the VM
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
@ -30,7 +30,7 @@
# Sudo: Do not require a password for wheel group # Sudo: Do not require a password for wheel group
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
# OpenSSH: disable password-based auth, only allow key-based # OpenSSH: disable passwordbased auth, only allow keybased
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "prohibit-password"; settings.PermitRootLogin = "prohibit-password";

42
scripts/run_ansible_ci.sh
View file

@ -3,6 +3,12 @@ set -euo pipefail
echo "Starting Ansible CI/CD run..." echo "Starting Ansible CI/CD run..."
# # --- 1. Validate required environment variables ---
# if [[ -z "${PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD}" ]]; then
# echo "Error: PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD environment variable not set. Cannot find built image."
# exit 1
# fi
# --- 2. Navigate to the Ansible directory --- # --- 2. Navigate to the Ansible directory ---
SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P) SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)
ANSIBLE_DIR="${SCRIPT_DIR}/../ansible" ANSIBLE_DIR="${SCRIPT_DIR}/../ansible"
@ -17,32 +23,32 @@ echo "Changed directory to: $(pwd)"
# # --- 3. Define Ansible Extra Variables --- # # --- 3. Define Ansible Extra Variables ---
# # Base extra variables from our static definitions # # Base extra variables from our static definitions
EXTRA_VARS=( # EXTRA_VARS=(
# "local_image_path_ci=${PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD}" # Path to the image file on the CI runner # # "local_image_path_ci=${PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD}" # Path to the image file on the CI runner
# "image_filename=$(basename "${PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD}")" # Extract filename # # "image_filename=$(basename "${PROXMOX_LOCAL_IMAGE_PATH_FROM_BUILD}")" # Extract filename
) # )
# # Append any other variables passed via ANSIBLE_EXTRA_VARS from the workflow # # Append any other variables passed via ANSIBLE_EXTRA_VARS from the workflow
if [[ -n "${ANSIBLE_EXTRA_VARS:-}" ]]; then # if [[ -n "${ANSIBLE_EXTRA_VARS:-}" ]]; then
# Split by space or newline and add to array # # Split by space or newline and add to array
IFS=$'\n' read -r -d '' -a ADDITIONAL_VARS <<< "${ANSIBLE_EXTRA_VARS}" || true # IFS=$'\n' read -r -d '' -a ADDITIONAL_VARS <<< "${ANSIBLE_EXTRA_VARS}" || true
for var in "${ADDITIONAL_VARS[@]}"; do # for var in "${ADDITIONAL_VARS[@]}"; do
EXTRA_VARS+=("${var}") # EXTRA_VARS+=("${var}")
done # done
fi # fi
# # --- 4. Execute the Ansible Playbook --- # # --- 4. Execute the Ansible Playbook ---
# echo "Executing Ansible playbook: upload-template.yml" # echo "Executing Ansible playbook: upload-template.yml"
# # Construct the full --extra-vars string # # Construct the full --extra-vars string
EXTRA_VARS_ARGS="" # EXTRA_VARS_ARGS=""
for var in "${EXTRA_VARS[@]}"; do # for var in "${EXTRA_VARS[@]}"; do
EXTRA_VARS_ARGS+=" -e ${var}" # EXTRA_VARS_ARGS+=" -e ${var}"
done # done
ansible-playbook upload-template.yml \ ansible-playbook upload-template.yml #\
--inventory inventory/hosts.yml \ # --inventory inventory/hosts.yml \
${EXTRA_VARS_ARGS} # \ # ${EXTRA_VARS_ARGS} \
# --diff \ # --diff \
# --check false # Set to true for a dry run, false for actual execution # --check false # Set to true for a dry run, false for actual execution