set up proxmox

Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>
2025-10-13 18:30:30 +02:00 · 2025-10-13 18:30:30 +02:00 · f640edc23d
commit f640edc23d
parent 4504e99986
1 changed files with 12 additions and 0 deletions
--- a/deployment/check/data-model-tf-proxmox/nixosTest.nix
+++ b/deployment/check/data-model-tf-proxmox/nixosTest.nix
@ -136,6 +136,18 @@ in
    # pve.succeed("curl -s -i -k -d '{\"userid\":\"root@pam\",\"password\":\"mypwdhaha\",\"confirmation-password\":\"mypwdlol\"}' -X PUT https://localhost:8006/api2/json/access/password 1>&2")
    cert = pve.succeed("cat /etc/pve/pve-root-ca.pem").strip()

+    # set up proxmox
+    pm_token = pve.succeed("""
+      set -e
+      pvesh create /pools --poolid Fediversity
+      pvesh set /storage/local --content "vztmpl,rootdir,backup,snippets,import,iso,images" 1>/dev/null
+      pvesh create /access/groups --groupid "roots"
+      pvesh set /access/users/root@pam --enable 1 --groups "roots"
+      pvesh set /access/acl --path "/" --roles "Administrator" --groups "roots"
+      pvesh create /access/users/root@pam/token/mytoken --privsep 0 --output-format json | jq -r .value
+    """).strip()
+    # FIXME pass separate privileges rather than disabling privsep
+
    # skip indent for EOF
    deployer.succeed(f"""
    cat > /etc/ssl/certs/pve-root-ca.pem <<EOF