proxmox ansible bootstrapping

files/cloud-init.yml

@@ -0,0 +1,23 @@
+# files/cloud-init.yaml
+# Used to seed new NixOS VMs via Proxmox's cloud-init mechanism
+# Replace username, password hash, and SSH key with your values or use secrets
+# This file itself is not secret-sensitive unless it embeds a password
+
+#cloud-config
+users:
+  - name: nixadmin
+    groups: [wheel, sudo]
+    shell: /run/current-system/sw/bin/bash
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    ssh_authorized_keys:
+      - ${CI_USER_SSH_PUBKEY} # Will be templated in via Ansible
+
+hostname: ${VM_HOSTNAME}
+
+package_update: false
+package_upgrade: false
+chpasswd:
+  expire: false
+runcmd:
+  - [nixos-generate-config, "--root", "/"]
+  - [systemctl, "restart", "sshd"]