103 lines
3.6 KiB
YAML
103 lines
3.6 KiB
YAML
# vim: set filetype=yaml :
|
|
|
|
#cloud-config
|
|
# user-data.tmpl — plaintext template, safe to commit to git
|
|
# Secrets are injected at build time via envsubst from secrets.sops.yaml
|
|
autoinstall:
|
|
version: 1
|
|
|
|
# ─── LOCALE & KEYBOARD ─────────────────────────────────────────────────────
|
|
locale: en_US.UTF-8
|
|
keyboard:
|
|
layout: us
|
|
|
|
# ─── NETWORK ───────────────────────────────────────────────────────────────
|
|
network:
|
|
version: 2
|
|
ethernets:
|
|
any-eth:
|
|
match:
|
|
name: "en*"
|
|
dhcp4: true
|
|
wifis:
|
|
wlp0s20f3:
|
|
dhcp4: true
|
|
access-points:
|
|
"house":
|
|
password: "${WIFI_HOUSE_PASSWORD}"
|
|
"house5":
|
|
password: "${WIFI_HOUSE_PASSWORD}"
|
|
"NOKIA":
|
|
auth:
|
|
key-management: eap
|
|
eap-method: tls
|
|
identity: "host/alfoldi.ipa.nsn-net.net"
|
|
ca-certificate: /nokia/vpn/NOKIA_Root_CA.crt
|
|
client-certificate: /nokia/vpn/alfoldi.ipa.nsn-net.net.crt
|
|
client-key: /nokia/vpn/alfoldi.ipa.nsn-net.net.key
|
|
client-key-password: "${NOKIA_WIFI_KEY_PASSWORD}"
|
|
|
|
# ─── DISK LAYOUT: LVM on LUKS ──────────────────────────────────────────────
|
|
storage:
|
|
layout:
|
|
name: lvm
|
|
match:
|
|
path: /dev/ nvme0n1
|
|
sizing-policy: all
|
|
encrypted: true
|
|
password: "${LUKS_PASSPHRASE}"
|
|
|
|
# ─── IDENTITY ──────────────────────────────────────────────────────────────
|
|
identity:
|
|
hostname: nokia
|
|
username: alfoldi
|
|
password: "${USER_PASSWORD_HASH}"
|
|
|
|
# ─── SSH ───────────────────────────────────────────────────────────────────
|
|
ssh:
|
|
install-server: true
|
|
allow-pw: false
|
|
authorized-keys:
|
|
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgcJfi0dZotMWa8zQvxXduM76GmQfoPvMU5FjIFZCAa alfonzso@gmail.com"
|
|
|
|
# ─── CERT FILES ────────────────────────────────────────────────────────────
|
|
write_files:
|
|
- path: /nokia/vpn/NOKIA_Root_CA.crt
|
|
permissions: '0600'
|
|
owner: root:root
|
|
encoding: b64
|
|
content: "${NOKIA_CA_CERT_B64}"
|
|
|
|
- path: /nokia/vpn/alfoldi.ipa.nsn-net.net.crt
|
|
permissions: '0600'
|
|
owner: root:root
|
|
encoding: b64
|
|
content: "${NOKIA_CLIENT_CERT_B64}"
|
|
|
|
- path: /nokia/vpn/alfoldi.ipa.nsn-net.net.key
|
|
permissions: '0600'
|
|
owner: root:root
|
|
encoding: b64
|
|
content: "${NOKIA_CLIENT_KEY_B64}"
|
|
|
|
# ─── PACKAGES ──────────────────────────────────────────────────────────────
|
|
packages:
|
|
- git
|
|
- curl
|
|
- wget
|
|
- vim
|
|
- build-essential
|
|
- python3
|
|
- python3-pip
|
|
- python3-venv
|
|
- apt-transport-https
|
|
- ca-certificates
|
|
- gnupg
|
|
- lsb-release
|
|
|
|
late-commands:
|
|
- curtin in-target -- bash /post-install.sh
|
|
|
|
updates: security
|
|
shutdown: reboot
|