make URL to use for downloading authorized_keys file configurable

Use the authorized_keys getting downloaded into the temp directory, by
popping out of it later.

README.md

@@ -7,22 +7,24 @@ The script uses the package [`libguestfs-tools`](https://libguestfs.org)' `virt-
 ## Building the Template
 
 ### Configuration Options
-Verify that the settings at the beginning of the script are suitable to the cluster you want to create the template from.
 
-| Variable  | Default                                 | Description                                                            |
+The following settings are available for configuration by setting the respective environment variable.
-| --------- | --------------------------------------- | ---------------------------------------------------------------------- |
+Verify that the configured settings are suitable for the cluster you want to create the template for.  
-| `VMID`    | 9023                                    | ID the template should have in Proxmox                                 |
+If left unset, the respective default value will be used.
-| `STORAGE` | `local-zfs`                             | Pool the disks should be created in                                    |
+
-| `OS`      | `debian-12`                             | `virt-builder` name of the OS to install                               |
+| Variable              | Default                                                                                               | Description                                                            |
-| `NAME`    | `chaos-${OS}-tmpl-$(date -u +%Y-%m-%d)` | name of the template                                                   |
+| --------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------- |
-| `BRIDGE`  | `vmbr0,tag=208`                         | name of the bridge to use and any parameters needed, like the VLAN tag |
+| `VMID`                | 9023                                                                                                  | ID the template should have in Proxmox                                 |
+| `STORAGE`             | `local-zfs`                                                                                           | Pool the disks should be created in                                    |
+| `OS`                  | `debian-12`                                                                                           | `virt-builder` name of the OS to install                               |
+| `NAME`                | `chaos-${OS}-tmpl-$(date -u +%Y-%m-%d)`                                                               | name of the template                                                   |
+| `BRIDGE`              | `vmbr0,tag=208`                                                                                       | name of the bridge to use and any parameters needed, like the VLAN tag |
+| `AUTHORIZED_KEYS_URL` | `https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys`    | URL to download the authorized_keys file to use from                   |
 
 ### User Account, sshd, and `authorized_keys`
 
 `cloud-init` will create a user `chaos`, by default with a locked password, and authorized keys initialized. Password-less `sudo` is configured, so you can run commands as root.
 
-The script expects `authorized_keys` to be in the current directory. Copy the correct contents from the [appropriate repository](https://gitlab.hamburg.ccc.de/ccchh/infrastructure-authorized-keys).
-
 `sshd` has been configured to listen on port 42666 instead of 22.
 
 ### Run the Script

build-proxmox-template

@@ -5,11 +5,12 @@
 # Needs apt install libguestfs-tools
 #
 
-VMID=9023
+: "${VMID:=9023}"
-STORAGE=local-zfs
+: "${STORAGE:=local-zfs}"
-OS=debian-12
+: "${OS:=debian-12}"
-NAME=chaos-${OS}-tmpl-$(date -u +%Y-%m-%d)
+: "${NAME:=chaos-${OS}-tmpl-$(date -u +%Y-%m-%d)}"
-BRIDGE=vmbr0,tag=208
+: "${BRIDGE:=vmbr0,tag=208}"
+: "${AUTHORIZED_KEYS_URL:=https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys}"
 
 set -eE
 
@@ -27,7 +28,7 @@ cleanup() {
 }
 
 
-wget -4 https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys -O authorized_keys
+wget -4 "$AUTHORIZED_KEYS_URL" -O authorized_keys
 wget https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.tar.xz -O debian-12-generic-amd64.tar.xz
 wget https://cloud.debian.org/images/cloud/bookworm/latest/SHA512SUMS -O SHA512SUMS
 sha512sum --ignore-missing -c SHA512SUMS
@@ -38,15 +39,14 @@ rm debian-12-generic-amd64.tar.xz
 virt-customize -a disk.raw \
 	--update \
 	--install qemu-guest-agent \
+	--uninstall openipmi \
 	--run-command 'systemctl enable qemu-guest-agent' \
-	--run-command 'systemctl enable fstrim.timer' \
+	--run-command 'systemctl enable fstrim.timer'
-	--edit '/etc/ssh/sshd_config:s,#?Port.*,Port 42666,'
 
 qm destroy ${VMID} || true
 qm create ${VMID} --name "creating-vm" --memory 2048 --net0 virtio,bridge=${BRIDGE}
 qm importdisk ${VMID} disk.raw ${STORAGE}
 rm disk.raw
-popd
 
 qm set ${VMID} --scsihw virtio-scsi-pci --scsi0 ${STORAGE}:vm-${VMID}-disk-0,ssd=1,discard=on
 qm set ${VMID} --ide2 ${STORAGE}:cloudinit
@@ -64,3 +64,4 @@ qm set ${VMID} --ipconfig0 ip=dhcp
 qm set ${VMID} --name ${NAME} --tags debian12
 qm cloudinit update ${VMID}
 qm template ${VMID}
+popd