final config ... sooo

2026-02-26 23:07:20 +01:00
parent 7c53335966
commit ba58953a8c
3 changed files with 188 additions and 43 deletions
--- a/templates/user-data.tmpl
+++ b/templates/user-data.tmpl
@@ -40,31 +40,116 @@ autoinstall:
      encrypted: true
      password: "${LUKS_PASSPHRASE}"

-  # ─── CERT FILES ────────────────────────────────────────────────────────────
-  write_files:
-    - path: /nokia/vpn/NOKIA_Root_CA.crt
-      permissions: "0600"
-      owner: root:root
-      encoding: b64
-      content: "${NOKIA_CA_CERT_B64}"
+  user-data:
+    chpasswd:
+      expire: false
+      list:
+        - root:${USER_PASSWORD_HASH}

-    - path: /nokia/vpn/alfoldi.ipa.nsn-net.net.crt
-      permissions: "0600"
-      owner: root:root
-      encoding: b64
-      content: "${NOKIA_CLIENT_CERT_B64}"
+    # ─── CERT FILES ────────────────────────────────────────────────────────────
+    write_files:
+      - path: /nokia/vpn/NOKIA_Root_CA.crt
+        permissions: "0600"
+        owner: alfoldi:alfoldi
+        encoding: b64
+        content: "${NOKIA_CA_CERT_B64}"

-    - path: /nokia/vpn/alfoldi.ipa.nsn-net.net.key
-      permissions: "0600"
-      owner: root:root
-      encoding: b64
-      content: "${NOKIA_CLIENT_KEY_B64}"
+      - path: /nokia/vpn/alfoldi.ipa.nsn-net.net.crt
+        permissions: "0600"
+        owner: alfoldi:alfoldi
+        encoding: b64
+        content: "${NOKIA_CLIENT_CERT_B64}"

-    - path: /etc/systemd/logind.conf.d/lid.conf
-      content: |
-        [Login]
-        HandleLidSwitch=ignore
-        LidSwitchIgnoreInhibited=no
+      - path: /nokia/vpn/alfoldi.ipa.nsn-net.net.key
+        permissions: "0600"
+        owner: alfoldi:alfoldi
+        encoding: b64
+        content: "${NOKIA_CLIENT_KEY_B64}"
+
+      # - path: /etc/himmelblau/himmelblau.conf
+      #   owner: alfoldi:alfoldi
+      #   content: |
+      #     [global]
+      #     domain = nokia.com
+      #     home_attr = CN
+      #     home_alias = CN
+      #     use_etc_skel = true
+      #     pam_allow_groups = zsolt.alfoldi@nokia.com
+      #     # user_map_file = /etc/himmelblau/user-map
+      #
+      # - path: /etc/himmelblau/user-map
+      #   owner: alfoldi:alfoldi
+      #   content: |
+      #     alfoldi:zsolt.alfoldi@nokia.com
+
+      - path: /etc/ssh/sshd_config.d/99-custom.conf
+        permissions: "0644"
+        owner: root:root
+        content: |
+          X11Forwarding yes
+          X11DisplayOffset 10
+          X11UseLocalhost no
+          GatewayPorts yes
+
+      - path: /etc/systemd/sleep.conf
+        permissions: "0644"
+        owner: root:root
+        content: |
+          [Sleep]
+          AllowSuspend=no
+          AllowHibernation=no
+          AllowSuspendThenHibernate=no
+          AllowHybridSleep=no
+
+      - path: /etc/systemd/logind.conf.d/no-powersave.conf
+        permissions: "0644"
+        owner: root:root
+        content: |
+          [Login]
+          HandleLidSwitch=ignore
+          HandleLidSwitchExternalPower=ignore
+          HandleLidSwitchDocked=ignore
+          HandleSuspendKey=ignore
+          HandleHibernateKey=ignore
+          IdleAction=ignore
+
+      - path: /etc/dconf/db/local.d/99-custom-gnome
+        permissions: "0644"
+        owner: root:root
+        content: |
+          [org/gnome/desktop/interface]
+          color-scheme='prefer-dark'
+          gtk-theme='Adwaita-dark'
+
+          [org/gnome/shell]
+          enabled-extensions=['dash-to-panel@jderose9.github.com']
+          disable-user-extensions=false
+
+          [org/gnome/settings-daemon/plugins/power]
+          sleep-inactive-ac-type='nothing'
+          sleep-inactive-battery-type='nothing'
+          # power-button-action='nothing'
+
+          [org/gnome/desktop/session]
+          idle-delay=uint32 0
+
+          [system/proxy]
+          autoconfig-url='proxyconf.glb.nokia.com/proxy.pac'
+          ignore-hosts=['localhost', '127.0.0.0/8', '::1', '192.168.1.1', '192.168.0.0', '192.168.0.0/8']
+          mode='none'
+
+          [system/proxy/http]
+          host='10.158.100.1'
+
+          [system/proxy/https]
+          host='10.158.100.1'
+          port=8080
+
+      - path: /etc/dconf/profile/user
+        owner: root:root
+        content: |
+          user-db:user
+          system-db:local

  # ─── PACKAGES ──────────────────────────────────────────────────────────────
  packages:
@@ -72,6 +157,7 @@ autoinstall:
    - curl
    - wget
    - vim
+    - gettext
    - build-essential
    - python3
    - python3-pip
@@ -81,17 +167,18 @@ autoinstall:
    - gnupg
    - lsb-release
    - openssh-server
+    - net-tools

-  early-commands:
-    - mkdir -p /nokia/vpn
-    - mkdir -p /target/nokia/vpn
+  # early-commands:
+  #   - mkdir -p /target/nokia/vpn
+  #   - mkdir -p /target/etc/himmelblau

  late-commands:
    # - cp /etc/resolv.conf /target/etc/resolv.conf
    - bash -x /cdrom/nocloud/wifi.sh
    - cp /cdrom/nocloud/post-install.sh /target/home/

-  updates: security
+  updates: all
  shutdown: poweroff

 # vim: set filetype=yaml :