From 27d33141d22ad75f58edd09ea304753ea32ab6eb Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Mon, 13 Oct 2025 18:30:30 +0200
Subject: [PATCH] set up proxmox

Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>
---
 deployment/check/data-model-tf-proxmox/nixosTest.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/deployment/check/data-model-tf-proxmox/nixosTest.nix b/deployment/check/data-model-tf-proxmox/nixosTest.nix
index cb8578ad..1fb5e129 100644
--- a/deployment/check/data-model-tf-proxmox/nixosTest.nix
+++ b/deployment/check/data-model-tf-proxmox/nixosTest.nix
@@ -136,6 +136,18 @@ in
     # pve.succeed("curl -s -i -k -d '{\"userid\":\"root@pam\",\"password\":\"mypwdhaha\",\"confirmation-password\":\"mypwdlol\"}' -X PUT https://localhost:8006/api2/json/access/password 1>&2")
     cert = pve.succeed("cat /etc/pve/pve-root-ca.pem").strip()
 
+    # set up proxmox
+    pm_token = pve.succeed("""
+      set -e
+      pvesh create /pools --poolid Fediversity
+      pvesh set /storage/local --content "vztmpl,rootdir,backup,snippets,import,iso,images" 1>/dev/null
+      pvesh create /access/groups --groupid "roots"
+      pvesh set /access/users/root@pam --enable 1 --groups "roots"
+      pvesh set /access/acl --path "/" --roles "Administrator" --groups "roots"
+      pvesh create /access/users/root@pam/token/mytoken --privsep 0 --output-format json | jq -r .value
+    """).strip()
+    # FIXME pass separate privileges rather than disabling privsep
+
     # skip indent for EOF
     deployer.succeed(f"""
     cat > /etc/ssl/certs/pve-root-ca.pem <<EOF