# files/cloud-init.yaml
# Used to seed new NixOS VMs via Proxmox's cloud-init mechanism
# Replace username, password hash, and SSH key with your values or use secrets
# This file itself is not secret-sensitive unless it embeds a password

#cloud-config
users:
  - name: nixadmin
    groups: [wheel, sudo]
    shell: /run/current-system/sw/bin/bash
    sudo: ALL=(ALL) NOPASSWD:ALL
    ssh_authorized_keys:
      - ${CI_USER_SSH_PUBKEY} # Will be templated in via Ansible

hostname: ${VM_HOSTNAME}

package_update: false
package_upgrade: false
chpasswd:
  expire: false
runcmd:
  - [nixos-generate-config, "--root", "/"]
  - [systemctl, "restart", "sshd"]