#cloud-config
autoinstall:
  version: 1
  timezone: Europe/Budapest

  # Network configuration – Ethernet + optional Wi‑Fi
  network:
    version: 2
    ethernets:
      all-eth:
        match:
          name: "en*" # matches common Ethernet interface names
        dhcp4: true
        optional: true # not required; if no eth interface exists, ignore

  # ─── IDENTITY ──────────────────────────────────────────────────────────────
  identity:
    hostname: nokia-l13g4-sisu
    username: alfoldi
    realname: "Zsolt Alfoldi"
    password: "${USER_PASSWORD_HASH}"

  # ─── SSH ───────────────────────────────────────────────────────────────────
  ssh:
    install-server: true
    allow-pw: false
    authorized-keys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgcJfi0dZotMWa8zQvxXduM76GmQfoPvMU5FjIFZCAa alfonzso@gmail.com"

  locale: en_US.UTF-8

  keyboard:
    layout: us

  # ─── DISK LAYOUT: LVM on LUKS ──────────────────────────────────────────────
  storage:
    layout:
      name: lvm
      # match:
      #   path: /dev/nvme0n1
      sizing-policy: all
      encrypted: true
      password: "${LUKS_PASSPHRASE}"

  user-data:
    chpasswd:
      expire: false
      list:
        - root:${USER_PASSWORD_HASH}

    # ─── CERT FILES ────────────────────────────────────────────────────────────
    write_files:
      - path: /nokia/vpn/NOKIA_Root_CA.crt
        permissions: "0600"
        owner: ${TARGET_USER}:${TARGET_USER}
        encoding: b64
        content: "${NOKIA_CA_CERT_B64}"

      - path: /nokia/vpn/${TARGET_USER}.ipa.nsn-net.net.crt
        permissions: "0600"
        owner: ${TARGET_USER}:${TARGET_USER}
        encoding: b64
        content: "${NOKIA_CLIENT_CERT_B64}"

      - path: /nokia/vpn/${TARGET_USER}.ipa.nsn-net.net.key
        permissions: "0600"
        owner: ${TARGET_USER}:${TARGET_USER}
        encoding: b64
        content: "${NOKIA_CLIENT_KEY_B64}"

      - path: /persists/sops/age/.keep
        permissions: "0600"
        owner: ${TARGET_USER}:${TARGET_USER}
        content: ""

      - path: /home/${TARGET_USER}/first_install.sh
        permissions: "0755"
        owner: ${TARGET_USER}:${TARGET_USER}
        #               | |
        # envsubst hack \ /
        #                `
        content: |
          if [[ "$${Q}EUID" -ne 0 ]]; then
            echo "This script must be run as root"
            exit 1
          fi
          chown ${TARGET_USER}:${TARGET_USER} -R /home/${TARGET_USER}/nocloud/
          netplan generate || true
          netplan apply    || true
          bash -x /home/${TARGET_USER}/nocloud/post-install.sh main

      # - path: /etc/himmelblau/himmelblau.conf
      #   owner: ${TARGET_USER}:${TARGET_USER}
      #   content: |
      #     [global]
      #     domain = nokia.com
      #     home_attr = CN
      #     home_alias = CN
      #     use_etc_skel = true
      #     pam_allow_groups = zsolt.alfoldi@nokia.com
      #     # user_map_file = /etc/himmelblau/user-map
      #
      # - path: /etc/himmelblau/user-map
      #   owner: ${TARGET_USER}:${TARGET_USER}
      #   content: |
      #     ${TARGET_USER}:zsolt.${TARGET_USER}@nokia.com

      - path: /etc/ssh/sshd_config.d/99-custom.conf
        permissions: "0644"
        owner: root:root
        content: |
          X11Forwarding yes
          X11DisplayOffset 10
          X11UseLocalhost no
          GatewayPorts yes

      - path: /etc/systemd/sleep.conf
        permissions: "0644"
        owner: root:root
        content: |
          [Sleep]
          AllowSuspend=no
          AllowHibernation=no
          AllowSuspendThenHibernate=no
          AllowHybridSleep=no

      - path: /etc/systemd/logind.conf.d/no-powersave.conf
        permissions: "0644"
        owner: root:root
        content: |
          [Login]
          HandleLidSwitch=ignore
          HandleLidSwitchExternalPower=ignore
          HandleLidSwitchDocked=ignore
          HandleSuspendKey=ignore
          HandleHibernateKey=ignore
          IdleAction=ignore

      - path: /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf
        permissions: "0644"
        owner: root:root
        content: |
          [connection]
          wifi.powersave = 2

      - path: /etc/dconf/db/local.d/99-custom-gnome
        permissions: "0644"
        owner: root:root
        content: |
          # do not remove it

      - path: /etc/dconf/profile/user
        owner: root:root
        content: |
          user-db:user
          system-db:local

  # ─── PACKAGES ──────────────────────────────────────────────────────────────
  packages:
    - git
    - curl
    - wget
    - vim
    - gettext
    - build-essential
    - python3
    - python3-pip
    - python3-venv
    - apt-transport-https
    - ca-certificates
    - gnupg
    - lsb-release
    - openssh-server
    - net-tools

  # early-commands:
  #   - mkdir -p /target/nokia/vpn
  #   - mkdir -p /target/etc/himmelblau

  late-commands:
    - bash -x /cdrom/nocloud/wifi.sh
    - mkdir -p                      /target/home/${TARGET_USER}/nocloud
    - cp /cdrom/nocloud/*           /target/home/${TARGET_USER}/nocloud/
    - cat /cdrom/nocloud/my.dconf > /target/etc/dconf/db/local.d/99-custom-gnome
    - curtin in-target -- systemctl disable systemd-networkd-wait-online.service

  updates: all
  shutdown: poweroff

# vim: set filetype=yaml :