make URL to use for downloading authorized_keys file configurable

use downloaded authorized_keys
Use the authorized_keys getting downloaded into the temp directory, by popping out of it later.
2025-02-17 18:40:49 +01:00 · 2025-02-17 18:40:49 +01:00 · 2025-02-17 15:50:06 +01:00 · 2025-02-13 23:53:19 +01:00 · 2025-02-13 01:09:36 +01:00
2 changed files with 22 additions and 19 deletions
--- a/README.md
+++ b/README.md
@ -7,22 +7,24 @@ The script uses the package [`libguestfs-tools`](https://libguestfs.org)' `virt-
 ## Building the Template
 ### Configuration Options
-Verify that the settings at the beginning of the script are suitable to the cluster you want to create the template from.
+
 The following settings are available for configuration by setting the respective environment variable.
 Verify that the configured settings are suitable for the cluster you want to create the template for.  
 If left unset, the respective default value will be used.
 | Variable              | Default                                                                                               | Description                                                            |
-| --------- | --------------------------------------- | ---------------------------------------------------------------------- |
+| --------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- |
 | `VMID`                | 9023                                                                                                  | ID the template should have in Proxmox                                 |
 | `STORAGE`             | `local-zfs`                                                                                           | Pool the disks should be created in                                    |
 | `OS`                  | `debian-12`                                                                                           | `virt-builder` name of the OS to install                               |
 | `NAME`                | `chaos-${OS}-tmpl-$(date -u +%Y-%m-%d)`                                                               | name of the template                                                   |
 | `BRIDGE`              | `vmbr0,tag=208`                                                                                       | name of the bridge to use and any parameters needed, like the VLAN tag |
 | `AUTHORIZED_KEYS_URL` | `https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys`    | URL to download the authorized_keys file to use from                   |
 ### User Account, sshd, and `authorized_keys`
 `cloud-init` will create a user `chaos`, by default with a locked password, and authorized keys initialized. Password-less `sudo` is configured, so you can run commands as root.
 The script expects `authorized_keys` to be in the current directory. Copy the correct contents from the [appropriate repository](https://gitlab.hamburg.ccc.de/ccchh/infrastructure-authorized-keys).
 `sshd` has been configured to listen on port 42666 instead of 22.
 ### Run the Script
--- a/19
+++ b/19
@ -5,11 +5,12 @@
 # Needs apt install libguestfs-tools
 #
-VMID=9023
+: "${VMID:=9023}"
-STORAGE=local-zfs
+: "${STORAGE:=local-zfs}"
-OS=debian-12
+: "${OS:=debian-12}"
-NAME=chaos-${OS}-tmpl-$(date -u +%Y-%m-%d)
+: "${NAME:=chaos-${OS}-tmpl-$(date -u +%Y-%m-%d)}"
-BRIDGE=vmbr0,tag=208
+: "${BRIDGE:=vmbr0,tag=208}"
 : "${AUTHORIZED_KEYS_URL:=https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys}"
 set -eE
@ -27,7 +28,7 @@ cleanup() {
 }
-wget -4 https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys -O authorized_keys
+wget -4 "$AUTHORIZED_KEYS_URL" -O authorized_keys
 wget https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.tar.xz -O debian-12-generic-amd64.tar.xz
 wget https://cloud.debian.org/images/cloud/bookworm/latest/SHA512SUMS -O SHA512SUMS
 sha512sum --ignore-missing -c SHA512SUMS
@ -38,15 +39,14 @@ rm debian-12-generic-amd64.tar.xz
 virt-customize -a disk.raw \
 	--update \
 	--install qemu-guest-agent \
 	--uninstall openipmi \
 	--run-command 'systemctl enable qemu-guest-agent' \
-	--run-command 'systemctl enable fstrim.timer' \
+	--run-command 'systemctl enable fstrim.timer'
 	--edit '/etc/ssh/sshd_config:s,#?Port.*,Port 42666,'
 qm destroy ${VMID} || true
 qm create ${VMID} --name "creating-vm" --memory 2048 --net0 virtio,bridge=${BRIDGE}
 qm importdisk ${VMID} disk.raw ${STORAGE}
 rm disk.raw
 popd
 qm set ${VMID} --scsihw virtio-scsi-pci --scsi0 ${STORAGE}:vm-${VMID}-disk-0,ssd=1,discard=on
 qm set ${VMID} --ide2 ${STORAGE}:cloudinit
@ -64,3 +64,4 @@ qm set ${VMID} --ipconfig0 ip=dhcp
 qm set ${VMID} --name ${NAME} --tags debian12
 qm cloudinit update ${VMID}
 qm template ${VMID}
 popd
Author	SHA1	Message	Date
June	6d16e2e4ae	make URL to use for downloading authorized_keys file configurable	2025-02-17 18:40:49 +01:00
June	524c839e2c	use downloaded authorized_keys Use the authorized_keys getting downloaded into the temp directory, by popping out of it later.	2025-02-17 18:40:49 +01:00
June	c84cf7b8d0	make settings configurable via environment variables set externally	2025-02-17 15:50:06 +01:00
June	3b66b655da	don't set a custom SSH port in the templ. as we now standardized on 22 Also see: `e3a1443df9`	2025-02-13 23:53:19 +01:00
June	d09f497d11	remove openipmi from template as it results in a crashing service It can always be installed after the fact, if indeed needed.	2025-02-13 01:09:36 +01:00