#cloud-config autoinstall: version: 1 # Network configuration – Ethernet + optional Wi‑Fi network: version: 2 ethernets: all-eth: match: name: "en*" # matches common Ethernet interface names dhcp4: true optional: true # not required; if no eth interface exists, ignore # ─── IDENTITY ────────────────────────────────────────────────────────────── identity: hostname: nokia username: alfoldi password: "${USER_PASSWORD_HASH}" # ─── SSH ─────────────────────────────────────────────────────────────────── ssh: install-server: true allow-pw: false authorized-keys: - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgcJfi0dZotMWa8zQvxXduM76GmQfoPvMU5FjIFZCAa alfonzso@gmail.com" locale: en_US.UTF-8 keyboard: layout: us # ─── DISK LAYOUT: LVM on LUKS ────────────────────────────────────────────── storage: layout: name: lvm # match: # path: /dev/nvme0n1 sizing-policy: all encrypted: true password: "${LUKS_PASSPHRASE}" user-data: chpasswd: expire: false list: - root:${USER_PASSWORD_HASH} # ─── CERT FILES ──────────────────────────────────────────────────────────── write_files: - path: /nokia/vpn/NOKIA_Root_CA.crt permissions: "0600" owner: ${TARGET_USER}:${TARGET_USER} encoding: b64 content: "${NOKIA_CA_CERT_B64}" - path: /nokia/vpn/${TARGET_USER}.ipa.nsn-net.net.crt permissions: "0600" owner: ${TARGET_USER}:${TARGET_USER} encoding: b64 content: "${NOKIA_CLIENT_CERT_B64}" - path: /nokia/vpn/${TARGET_USER}.ipa.nsn-net.net.key permissions: "0600" owner: ${TARGET_USER}:${TARGET_USER} encoding: b64 content: "${NOKIA_CLIENT_KEY_B64}" # - path: /etc/himmelblau/himmelblau.conf # owner: ${TARGET_USER}:${TARGET_USER} # content: | # [global] # domain = nokia.com # home_attr = CN # home_alias = CN # use_etc_skel = true # pam_allow_groups = zsolt.alfoldi@nokia.com # # user_map_file = /etc/himmelblau/user-map # # - path: /etc/himmelblau/user-map # owner: ${TARGET_USER}:${TARGET_USER} # content: | # ${TARGET_USER}:zsolt.${TARGET_USER}@nokia.com - path: /etc/ssh/sshd_config.d/99-custom.conf permissions: "0644" owner: root:root content: | X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost no GatewayPorts yes - path: /etc/systemd/sleep.conf permissions: "0644" owner: root:root content: | [Sleep] AllowSuspend=no AllowHibernation=no AllowSuspendThenHibernate=no AllowHybridSleep=no - path: /etc/systemd/logind.conf.d/no-powersave.conf permissions: "0644" owner: root:root content: | [Login] HandleLidSwitch=ignore HandleLidSwitchExternalPower=ignore HandleLidSwitchDocked=ignore HandleSuspendKey=ignore HandleHibernateKey=ignore IdleAction=ignore - path: /etc/dconf/db/local.d/99-custom-gnome permissions: "0644" owner: root:root content: | [org/gnome/desktop/interface] color-scheme='prefer-dark' gtk-theme='Adwaita-dark' [org/gnome/shell] disabled-extensions=['ubuntu-dock@ubuntu.com'] enabled-extensions=['dash-to-panel@jderose9.github.com'] disable-user-extensions=false [org/gnome/settings-daemon/plugins/power] sleep-inactive-ac-type='nothing' sleep-inactive-battery-type='nothing' # power-button-action='nothing' [org/gnome/desktop/session] idle-delay=uint32 0 [system/proxy] autoconfig-url='proxyconf.glb.nokia.com/proxy.pac' ignore-hosts=['localhost', '127.0.0.0/8', '::1', '192.168.1.1', '192.168.0.0', '192.168.0.0/8'] mode='none' [system/proxy/http] host='10.158.100.1' [system/proxy/https] host='10.158.100.1' port=8080 - path: /etc/dconf/profile/user owner: root:root content: | user-db:user system-db:local # ─── PACKAGES ────────────────────────────────────────────────────────────── packages: - git - curl - wget - vim - gettext - build-essential - python3 - python3-pip - python3-venv - apt-transport-https - ca-certificates - gnupg - lsb-release - openssh-server - net-tools # early-commands: # - mkdir -p /target/nokia/vpn # - mkdir -p /target/etc/himmelblau late-commands: - bash -x /cdrom/nocloud/wifi.sh - mkdir -p /target/home/${TARGET_USER}/nocloud - cp /cdrom/nocloud/* /target/home/${TARGET_USER}/nocloud/ updates: all shutdown: poweroff # vim: set filetype=yaml :