domus-cli: Features, Authentication & Configuration
Key Features
KVM Operations
# List all VMs across KVM hosts
domus kvm vms
# Filter by host
domus kvm vms --host kvm-01
# List network bridges
domus kvm bridges
# Show interfaces on host
domus kvm interfaces kvm-01
# List libvirt networks
domus kvm networks
# Show VM network attachments
domus kvm vm-interfacesNetwork Discovery
# Full network discovery
domus network discovery
# Routing table
domus network routes kvm-01Output Formats
# JSON output
domus kvm vms --format json
# CSV output
domus kvm vms --format csvFull Inventory
# All infrastructure
domus inventoryAuthentication
domus-cli uses Vault SSH CA certificates for authentication:
-
Sign your SSH key:
vault-ssh-sign -
domus-cli automatically uses
~/.ssh/id_ed25519_vault -
Falls back to SSH agent if cert expired
Configuration
Host inventory via ~/.config/domus-cli/hosts.yaml:
hosts:
kvm-01:
ip: 10.50.1.99
user: evanusmodestus
type: kvm
tags: [hypervisor]
vault-01:
ip: 10.50.1.60
type: linux
tags: [pki, secrets]Installation
# Clone
git clone git@github.com:EvanusModestus/domus-cli.git
cd domus-cli
# Install in development mode
pip install -e ".[dev]"
# Or with uv
uv pip install -e ".[dev]"Integration with Vault SSH CA
domus-cli integrates with the Vault SSH CA infrastructure:
# Morning workflow
dsource d000 dev/vault # Load Vault credentials
vault-ssh-sign # Get 8-hour SSH cert
# Use domus-cli
domus kvm vms # SSH cert auto-used