save

2026-02-26 12:40:44 +01:00
parent 561044e548
commit 7c53335966
6 changed files with 210 additions and 137 deletions
--- a/templates/user-data.tmpl
+++ b/templates/user-data.tmpl
@@ -0,0 +1,97 @@
+#cloud-config
+autoinstall:
+  version: 1
+
+  # Network configuration – Ethernet + optional Wi‑Fi
+  network:
+    version: 2
+    ethernets:
+      all-eth:
+        match:
+          name: "en*" # matches common Ethernet interface names
+        dhcp4: true
+        optional: true # not required; if no eth interface exists, ignore
+
+  # ─── IDENTITY ──────────────────────────────────────────────────────────────
+  identity:
+    hostname: nokia
+    username: alfoldi
+    password: "${USER_PASSWORD_HASH}"
+
+  # ─── SSH ───────────────────────────────────────────────────────────────────
+  ssh:
+    install-server: true
+    allow-pw: false
+    authorized-keys:
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgcJfi0dZotMWa8zQvxXduM76GmQfoPvMU5FjIFZCAa alfonzso@gmail.com"
+
+  locale: en_US.UTF-8
+
+  keyboard:
+    layout: us
+
+  # ─── DISK LAYOUT: LVM on LUKS ──────────────────────────────────────────────
+  storage:
+    layout:
+      name: lvm
+      # match:
+      #   path: /dev/nvme0n1
+      sizing-policy: all
+      encrypted: true
+      password: "${LUKS_PASSPHRASE}"
+
+  # ─── CERT FILES ────────────────────────────────────────────────────────────
+  write_files:
+    - path: /nokia/vpn/NOKIA_Root_CA.crt
+      permissions: "0600"
+      owner: root:root
+      encoding: b64
+      content: "${NOKIA_CA_CERT_B64}"
+
+    - path: /nokia/vpn/alfoldi.ipa.nsn-net.net.crt
+      permissions: "0600"
+      owner: root:root
+      encoding: b64
+      content: "${NOKIA_CLIENT_CERT_B64}"
+
+    - path: /nokia/vpn/alfoldi.ipa.nsn-net.net.key
+      permissions: "0600"
+      owner: root:root
+      encoding: b64
+      content: "${NOKIA_CLIENT_KEY_B64}"
+
+    - path: /etc/systemd/logind.conf.d/lid.conf
+      content: |
+        [Login]
+        HandleLidSwitch=ignore
+        LidSwitchIgnoreInhibited=no
+
+  # ─── PACKAGES ──────────────────────────────────────────────────────────────
+  packages:
+    - git
+    - curl
+    - wget
+    - vim
+    - build-essential
+    - python3
+    - python3-pip
+    - python3-venv
+    - apt-transport-https
+    - ca-certificates
+    - gnupg
+    - lsb-release
+    - openssh-server
+
+  early-commands:
+    - mkdir -p /nokia/vpn
+    - mkdir -p /target/nokia/vpn
+
+  late-commands:
+    # - cp /etc/resolv.conf /target/etc/resolv.conf
+    - bash -x /cdrom/nocloud/wifi.sh
+    - cp /cdrom/nocloud/post-install.sh /target/home/
+
+  updates: security
+  shutdown: poweroff
+
+# vim: set filetype=yaml :