ubuntu-autoinstaller/templates/user-data.tmpl

#cloud-config
autoinstall:
  version: 1
  timezone: Europe/Budapest

  # Network configuration – Ethernet + optional Wi‑Fi
  network:
    version: 2
    ethernets:
      all-eth:
        match:
          name: "en*" # matches common Ethernet interface names
        dhcp4: true
        optional: true # not required; if no eth interface exists, ignore

  # ─── IDENTITY ──────────────────────────────────────────────────────────────
  identity:
    hostname: nokia-l13g4-sisu
    username: alfoldi
    realname: "Zsolt Alfoldi"
    password: "${USER_PASSWORD_HASH}"

  # ─── SSH ───────────────────────────────────────────────────────────────────
  ssh:
    install-server: true
    allow-pw: false
    authorized-keys:
      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgcJfi0dZotMWa8zQvxXduM76GmQfoPvMU5FjIFZCAa alfonzso@gmail.com"

  locale: en_US.UTF-8

  keyboard:
    layout: us

  # ─── DISK LAYOUT: LVM on LUKS ──────────────────────────────────────────────
  storage:
    layout:
      name: lvm
      # match:
      #   path: /dev/nvme0n1
      sizing-policy: all
      encrypted: true
      password: "${LUKS_PASSPHRASE}"

  user-data:
    chpasswd:
      expire: false
      list:
        - root:${USER_PASSWORD_HASH}

    # ─── CERT FILES ────────────────────────────────────────────────────────────
    write_files:
      - path: /nokia/vpn/NOKIA_Root_CA.crt
        permissions: "0600"
        owner: ${TARGET_USER}:${TARGET_USER}
        encoding: b64
        content: "${NOKIA_CA_CERT_B64}"

      - path: /nokia/vpn/${TARGET_USER}.ipa.nsn-net.net.crt
        permissions: "0600"
        owner: ${TARGET_USER}:${TARGET_USER}
        encoding: b64
        content: "${NOKIA_CLIENT_CERT_B64}"

      - path: /nokia/vpn/${TARGET_USER}.ipa.nsn-net.net.key
        permissions: "0600"
        owner: ${TARGET_USER}:${TARGET_USER}
        encoding: b64
        content: "${NOKIA_CLIENT_KEY_B64}"

      - path: /persists/sops/age/.keep
        permissions: "0600"
        owner: ${TARGET_USER}:${TARGET_USER}
        content: ""

      - path: /home/${TARGET_USER}/first_install.sh
        permissions: "0755"
        owner: ${TARGET_USER}:${TARGET_USER}
        #               | |
        # envsubst hack \ /
        #                `
        content: |
          if [[ "$${Q}EUID" -ne 0 ]]; then
            echo "This script must be run as root"
            exit 1
          fi
          chown ${TARGET_USER}:${TARGET_USER} -R /home/${TARGET_USER}/nocloud/
          netplan generate || true
          netplan apply    || true
          bash -x /home/${TARGET_USER}/nocloud/post-install.sh main

      # - path: /etc/himmelblau/himmelblau.conf
      #   owner: ${TARGET_USER}:${TARGET_USER}
      #   content: |
      #     [global]
      #     domain = nokia.com
      #     home_attr = CN
      #     home_alias = CN
      #     use_etc_skel = true
      #     pam_allow_groups = zsolt.alfoldi@nokia.com
      #     # user_map_file = /etc/himmelblau/user-map
      #
      # - path: /etc/himmelblau/user-map
      #   owner: ${TARGET_USER}:${TARGET_USER}
      #   content: |
      #     ${TARGET_USER}:zsolt.${TARGET_USER}@nokia.com

      - path: /etc/ssh/sshd_config.d/99-custom.conf
        permissions: "0644"
        owner: root:root
        content: |
          X11Forwarding yes
          X11DisplayOffset 10
          X11UseLocalhost no
          GatewayPorts yes

      - path: /etc/systemd/sleep.conf
        permissions: "0644"
        owner: root:root
        content: |
          [Sleep]
          AllowSuspend=no
          AllowHibernation=no
          AllowSuspendThenHibernate=no
          AllowHybridSleep=no

      - path: /etc/systemd/logind.conf.d/no-powersave.conf
        permissions: "0644"
        owner: root:root
        content: |
          [Login]
          HandleLidSwitch=ignore
          HandleLidSwitchExternalPower=ignore
          HandleLidSwitchDocked=ignore
          HandleSuspendKey=ignore
          HandleHibernateKey=ignore
          IdleAction=ignore

      - path: /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf
        permissions: "0644"
        owner: root:root
        content: |
          [connection]
          wifi.powersave = 2

      - path: /etc/dconf/db/local.d/99-custom-gnome
        permissions: "0644"
        owner: root:root
        content: |
          [org/gnome/desktop/interface]
          color-scheme='prefer-dark'
          gtk-theme='Adwaita-dark'

          [org/gnome/desktop/background]
          color-shading-type='solid'
          picture-options='zoom'
          picture-uri='file:///usr/share/backgrounds/Fuji_san_by_amaral.png'
          picture-uri-dark='file:///usr/share/backgrounds/Fuji_san_by_amaral.png'
          primary-color='#000000'
          secondary-color='#000000'

          [org/gnome/desktop/screensaver]
          picture-uri='file:///usr/share/backgrounds/Fuji_san_by_amaral.png'

          [org/gnome/desktop/session]
          idle-delay=uint32 0

          [org/gnome/settings-daemon/plugins/power]
          idle-dim=false
          sleep-inactive-ac-type='nothing'
          sleep-inactive-battery-type='nothing'
          sleep-inactive-ac-timeout=3600

          [org/gnome/desktop/peripherals/mouse]
          speed=-0.60

          # [org/gnome/desktop/peripherals/touchpad]
          # edge-scrolling-enabled=true
          # two-finger-scrolling-enabled=false

          [org/gnome/desktop/peripherals/keyboard]
          numlock-state=true

          [org/gnome/desktop/notifications]
          show-banners=false

          [org/gnome/desktop/wm/keybindings]
          maximize=@as []
          unmaximize=@as []
          move-to-workspace-left=['<Shift><Control><Alt>h']
          move-to-workspace-right=['<Shift><Control><Alt>l']
          switch-to-workspace-left=['<Control><Alt>h']
          switch-to-workspace-right=['<Control><Alt>l']

          [org/gnome/mutter/keybindings]
          toggle-tiled-left=@as []
          toggle-tiled-right=@as []

          [org/gnome/shell]
          disable-user-extensions=false
          disabled-extensions=['ubuntu-dock@ubuntu.com']
          enabled-extensions=['dash-to-panel@jderose9.github.com']
          favorite-apps=['firefox_firefox.desktop', 'google-chrome.desktop', 'microsoft-edge.desktop', 'org.gnome.Nautilus.desktop', 'ZSTray.desktop', 'org.gnome.Settings.desktop', 'org.gnome.Terminal.desktop', 'msedge-cifhbcnohmdccbgoicgdjpfamggdegmo-Default.desktop']

          [org/gnome/shell/extensions/dash-to-panel]
          dot-position='BOTTOM'
          panel-sizes='{"GSM-0x01010101":32,"IVO-0x00000000":32}'
          panel-anchors='{"GSM-0x01010101":"MIDDLE","IVO-0x00000000":"MIDDLE","HWP-3CQ5372CSD":"MIDDLE"}'
          panel-element-positions='{"GSM-0x01010101":[{"element":"showAppsButton","visible":true,"position":"stackedTL"},{"element":"activitiesButton","visible":false,"position":"stackedTL"},{"element":"leftBox","visible":true,"position":"stackedTL"},{"element":"taskbar","visible":true,"position":"stackedTL"},{"element":"centerBox","visible":true,"position":"stackedBR"},{"element":"dateMenu","visible":true,"position":"centerMonitor"},{"element":"rightBox","visible":true,"position":"stackedBR"},{"element":"systemMenu","visible":true,"position":"stackedBR"},{"element":"desktopButton","visible":true,"position":"stackedBR"}],"IVO-0x00000000":[{"element":"showAppsButton","visible":true,"position":"stackedTL"},{"element":"activitiesButton","visible":false,"position":"stackedTL"},{"element":"leftBox","visible":true,"position":"stackedTL"},{"element":"taskbar","visible":true,"position":"stackedTL"},{"element":"centerBox","visible":true,"position":"stackedBR"},{"element":"dateMenu","visible":true,"position":"centerMonitor"},{"element":"rightBox","visible":true,"position":"stackedBR"},{"element":"systemMenu","visible":true,"position":"stackedBR"},{"element":"desktopButton","visible":true,"position":"stackedBR"}]}'
          window-preview-title-position='TOP'
          hotkeys-overlay-combo='TEMPORARILY'
          prefs-opened=false

          [system/proxy]
          mode='none'
          autoconfig-url=''
          ignore-hosts=['localhost', '127.0.0.0/8', '::1', '192.168.1.1', '192.168.0.0', '192.168.0.0/8']

          [system/proxy/http]
          host='10.158.100.1'

          [system/proxy/https]
          host='10.158.100.1'
          port=8080

          [org/gnome/terminal/legacy/profiles:]
          default='71a9971e-e829-43a9-9b2f-4565c855d664'
          list=['b1dcc9dd-5262-4d8d-a863-c897e6d979b9', 'de8a9081-8352-4ce4-9519-5de655ad9361', '71a9971e-e829-43a9-9b2f-4565c855d664', '5083e06b-024e-46be-9cd2-892b814f1fc8', '95894cfd-82f7-430d-af6e-84d168bc34f5']

          [org/gnome/terminal/legacy/profiles:/:b1dcc9dd-5262-4d8d-a863-c897e6d979b9]
          cell-width-scale=1.0
          font='Monospace 10'
          use-system-font=false

          [org/gnome/terminal/legacy/profiles:/:de8a9081-8352-4ce4-9519-5de655ad9361]
          visible-name='Catppuccin Latte'
          background-color='#eff1f5'
          foreground-color='#4c4f69'
          highlight-colors-set=true
          highlight-background-color='#dc8a78'
          highlight-foreground-color='#acb0be'
          cursor-colors-set=true
          cursor-background-color='#dc8a78'
          cursor-foreground-color='#eff1f5'
          use-theme-colors=false
          palette=['#5c5f77', '#d20f39', '#40a02b', '#df8e1d', '#1e66f5', '#ea76cb', '#179299', '#acb0be', '#6c6f85', '#d20f39', '#40a02b', '#df8e1d', '#1e66f5', '#ea76cb', '#179299', '#bcc0cc']

          [org/gnome/terminal/legacy/profiles:/:71a9971e-e829-43a9-9b2f-4565c855d664]
          visible-name='Catppuccin Frappe'
          background-color='#303446'
          foreground-color='#c6d0f5'
          highlight-colors-set=true
          highlight-background-color='#f2d5cf'
          highlight-foreground-color='#626880'
          cursor-colors-set=true
          cursor-background-color='#f2d5cf'
          cursor-foreground-color='#303446'
          use-theme-colors=false
          font='Monospace 10'
          use-system-font=false
          palette=['#51576d', '#e78284', '#a6d189', '#e5c890', '#8caaee', '#f4b8e4', '#81c8be', '#b5bfe2', '#626880', '#e78284', '#a6d189', '#e5c890', '#8caaee', '#f4b8e4', '#81c8be', '#a5adce']

          [org/gnome/terminal/legacy/profiles:/:5083e06b-024e-46be-9cd2-892b814f1fc8]
          visible-name='Catppuccin Macchiato'
          background-color='#24273a'
          foreground-color='#cad3f5'
          highlight-colors-set=true
          highlight-background-color='#f4dbd6'
          highlight-foreground-color='#5b6078'
          cursor-colors-set=true
          cursor-background-color='#f4dbd6'
          cursor-foreground-color='#24273a'
          use-theme-colors=false
          palette=['#494d64', '#ed8796', '#a6da95', '#eed49f', '#8aadf4', '#f5bde6', '#8bd5ca', '#b8c0e0', '#5b6078', '#ed8796', '#a6da95', '#eed49f', '#8aadf4', '#f5bde6', '#8bd5ca', '#a5adcb']

          [org/gnome/terminal/legacy/profiles:/:95894cfd-82f7-430d-af6e-84d168bc34f5]
          visible-name='Catppuccin Mocha'
          background-color='#1e1e2e'
          foreground-color='#cdd6f4'
          highlight-colors-set=true
          highlight-background-color='#f5e0dc'
          highlight-foreground-color='#585b70'
          cursor-colors-set=true
          cursor-background-color='#f5e0dc'
          cursor-foreground-color='#1e1e2e'
          use-theme-colors=false
          palette=['#45475a', '#f38ba8', '#a6e3a1', '#f9e2af', '#89b4fa', '#f5c2e7', '#94e2d5', '#bac2de', '#585b70', '#f38ba8', '#a6e3a1', '#f9e2af', '#89b4fa', '#f5c2e7', '#94e2d5', '#a6adc8']
      - path: /etc/dconf/profile/user
        owner: root:root
        content: |
          user-db:user
          system-db:local

  # ─── PACKAGES ──────────────────────────────────────────────────────────────
  packages:
    - git
    - curl
    - wget
    - vim
    - gettext
    - build-essential
    - python3
    - python3-pip
    - python3-venv
    - apt-transport-https
    - ca-certificates
    - gnupg
    - lsb-release
    - openssh-server
    - net-tools

  # early-commands:
  #   - mkdir -p /target/nokia/vpn
  #   - mkdir -p /target/etc/himmelblau

  late-commands:
    - bash -x /cdrom/nocloud/wifi.sh
    - mkdir -p /target/home/${TARGET_USER}/nocloud
    - cp /cdrom/nocloud/* /target/home/${TARGET_USER}/nocloud/
    - curtin in-target -- systemctl disable systemd-networkd-wait-online.service

  updates: all
  shutdown: poweroff

# vim: set filetype=yaml :