proxmox/scripts/create-mifos-lxc-r630-02.sh

#!/usr/bin/env bash
# Create LXC 5800 (mifos) on r630-02 for Apache Fineract + Mifos X.
# Cloudflare Tunnel and UK egress are wired separately (see docs/04-configuration/MIFOS_R630_02_DEPLOYMENT.md).
#
# Usage: ./scripts/create-mifos-lxc-r630-02.sh [--dry-run]
#   --dry-run  Print commands only, do not create.
#
# Overrides (env): PROXMOX_HOST_R630_02, MIFOS_IP, STORAGE_R630_02_MIFOS, TEMPLATE_UBUNTU_24
# See: docs/04-configuration/MIFOS_R630_02_DEPLOYMENT.md

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true

VMID=5800
HOST="${PROXMOX_HOST_R630_02:-${PROXMOX_R630_02:-192.168.11.12}}"
IP="${MIFOS_IP:-192.168.11.85}"
GATEWAY="${NETWORK_GATEWAY:-192.168.11.1}"
NETWORK="${NETWORK:-vmbr0}"
# Prefer thin3/thin4 on r630-02 to avoid full pools (thin1-r630-02, thin2 were ~88% full)
STORAGE="${STORAGE_R630_02_MIFOS:-thin3}"
TEMPLATE="${TEMPLATE_UBUNTU_24:-local:vztmpl/ubuntu-24.04-standard_24.04-1_amd64.tar.zst}"
ROOTFS_GB=32
MEMORY_MB=8192
CORES=2
SSH_OPTS="-o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new"

DRY_RUN=false
[[ "${1:-}" == "--dry-run" ]] && DRY_RUN=true

echo "=== Mifos LXC (5800) on r630-02 — Create ==="
echo "Host: $HOST | IP: $IP | Disk: ${ROOTFS_GB}G | RAM: ${MEMORY_MB}MB | Cores: $CORES"
echo "Storage: $STORAGE | Template: $TEMPLATE"
echo ""

resolve_template() {
  if ssh $SSH_OPTS root@$HOST "pveam list local 2>/dev/null | grep -q 'ubuntu-24.04-standard'" 2>/dev/null; then
    echo "local:vztmpl/ubuntu-24.04-standard_24.04-1_amd64.tar.zst"
  elif ssh $SSH_OPTS root@$HOST "pveam list local 2>/dev/null | grep -q 'ubuntu-22.04-standard'" 2>/dev/null; then
    echo "local:vztmpl/ubuntu-22.04-standard_22.04-1_amd64.tar.zst"
  elif ssh $SSH_OPTS root@$HOST "pveam list local 2>/dev/null | grep -q 'debian-12-standard'" 2>/dev/null; then
    echo "local:vztmpl/debian-12-standard_12.12-1_amd64.tar.zst"
  else
    echo "$TEMPLATE"
  fi
}

if $DRY_RUN; then
  echo "[DRY-RUN] Would create LXC $VMID on $HOST with:"
  echo "  hostname=mifos, memory=${MEMORY_MB}, cores=$CORES, rootfs=$STORAGE:${ROOTFS_GB}, ip=$IP/24, gw=$GATEWAY"
  echo "  Run without --dry-run to create."
  exit 0
fi

if ssh $SSH_OPTS root@$HOST "pct list 2>/dev/null" | grep -q " $VMID "; then
  echo "Container $VMID already exists on $HOST."
  echo "Start with: ssh root@$HOST 'pct start $VMID'"
  exit 0
fi

RESOLVED_TEMPLATE=$(resolve_template)
echo "Using template: $RESOLVED_TEMPLATE"
echo "Creating CT $VMID (mifos)..."
ssh $SSH_OPTS root@$HOST "pct create $VMID $RESOLVED_TEMPLATE \
  --hostname mifos \
  --memory $MEMORY_MB \
  --cores $CORES \
  --rootfs $STORAGE:${ROOTFS_GB} \
  --net0 name=eth0,bridge=$NETWORK,ip=$IP/24,gw=$GATEWAY \
  --features nesting=1,keyctl=1 \
  --nameserver $DNS_PRIMARY \
  --description 'Mifos X + Apache Fineract; cloudflared in-container. See docs/04-configuration/MIFOS_R630_02_DEPLOYMENT.md' \
  --start 1 \
  --onboot 1 \
  --unprivileged 0"
ssh $SSH_OPTS root@$HOST "echo 'lxc.apparmor.profile: unconfined' >> /etc/pve/lxc/$VMID.conf"

echo ""
echo "Done. Next: install Mifos (Docker or native) and cloudflared inside the container."
echo "  ssh root@$HOST 'pct exec $VMID -- bash'"
echo "  See: docs/04-configuration/MIFOS_R630_02_DEPLOYMENT.md"