186 lines
5.5 KiB
YAML
186 lines
5.5 KiB
YAML
#cloud-config
|
||
autoinstall:
|
||
version: 1
|
||
|
||
# Network configuration – Ethernet + optional Wi‑Fi
|
||
network:
|
||
version: 2
|
||
ethernets:
|
||
all-eth:
|
||
match:
|
||
name: "en*" # matches common Ethernet interface names
|
||
dhcp4: true
|
||
optional: true # not required; if no eth interface exists, ignore
|
||
|
||
# ─── IDENTITY ──────────────────────────────────────────────────────────────
|
||
identity:
|
||
hostname: nokia
|
||
username: alfoldi
|
||
password: "${USER_PASSWORD_HASH}"
|
||
|
||
# ─── SSH ───────────────────────────────────────────────────────────────────
|
||
ssh:
|
||
install-server: true
|
||
allow-pw: false
|
||
authorized-keys:
|
||
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgcJfi0dZotMWa8zQvxXduM76GmQfoPvMU5FjIFZCAa alfonzso@gmail.com"
|
||
|
||
locale: en_US.UTF-8
|
||
|
||
keyboard:
|
||
layout: us
|
||
|
||
# ─── DISK LAYOUT: LVM on LUKS ──────────────────────────────────────────────
|
||
storage:
|
||
layout:
|
||
name: lvm
|
||
# match:
|
||
# path: /dev/nvme0n1
|
||
sizing-policy: all
|
||
encrypted: true
|
||
password: "${LUKS_PASSPHRASE}"
|
||
|
||
user-data:
|
||
chpasswd:
|
||
expire: false
|
||
list:
|
||
- root:${USER_PASSWORD_HASH}
|
||
|
||
# ─── CERT FILES ────────────────────────────────────────────────────────────
|
||
write_files:
|
||
- path: /nokia/vpn/NOKIA_Root_CA.crt
|
||
permissions: "0600"
|
||
owner: alfoldi:alfoldi
|
||
encoding: b64
|
||
content: "${NOKIA_CA_CERT_B64}"
|
||
|
||
- path: /nokia/vpn/alfoldi.ipa.nsn-net.net.crt
|
||
permissions: "0600"
|
||
owner: alfoldi:alfoldi
|
||
encoding: b64
|
||
content: "${NOKIA_CLIENT_CERT_B64}"
|
||
|
||
- path: /nokia/vpn/alfoldi.ipa.nsn-net.net.key
|
||
permissions: "0600"
|
||
owner: alfoldi:alfoldi
|
||
encoding: b64
|
||
content: "${NOKIA_CLIENT_KEY_B64}"
|
||
|
||
# - path: /etc/himmelblau/himmelblau.conf
|
||
# owner: alfoldi:alfoldi
|
||
# content: |
|
||
# [global]
|
||
# domain = nokia.com
|
||
# home_attr = CN
|
||
# home_alias = CN
|
||
# use_etc_skel = true
|
||
# pam_allow_groups = zsolt.alfoldi@nokia.com
|
||
# # user_map_file = /etc/himmelblau/user-map
|
||
#
|
||
# - path: /etc/himmelblau/user-map
|
||
# owner: alfoldi:alfoldi
|
||
# content: |
|
||
# alfoldi:zsolt.alfoldi@nokia.com
|
||
|
||
- path: /etc/ssh/sshd_config.d/99-custom.conf
|
||
permissions: "0644"
|
||
owner: root:root
|
||
content: |
|
||
X11Forwarding yes
|
||
X11DisplayOffset 10
|
||
X11UseLocalhost no
|
||
GatewayPorts yes
|
||
|
||
- path: /etc/systemd/sleep.conf
|
||
permissions: "0644"
|
||
owner: root:root
|
||
content: |
|
||
[Sleep]
|
||
AllowSuspend=no
|
||
AllowHibernation=no
|
||
AllowSuspendThenHibernate=no
|
||
AllowHybridSleep=no
|
||
|
||
- path: /etc/systemd/logind.conf.d/no-powersave.conf
|
||
permissions: "0644"
|
||
owner: root:root
|
||
content: |
|
||
[Login]
|
||
HandleLidSwitch=ignore
|
||
HandleLidSwitchExternalPower=ignore
|
||
HandleLidSwitchDocked=ignore
|
||
HandleSuspendKey=ignore
|
||
HandleHibernateKey=ignore
|
||
IdleAction=ignore
|
||
|
||
- path: /etc/dconf/db/local.d/99-custom-gnome
|
||
permissions: "0644"
|
||
owner: root:root
|
||
content: |
|
||
[org/gnome/desktop/interface]
|
||
color-scheme='prefer-dark'
|
||
gtk-theme='Adwaita-dark'
|
||
|
||
[org/gnome/shell]
|
||
disabled-extensions=['ubuntu-dock@ubuntu.com']
|
||
enabled-extensions=['dash-to-panel@jderose9.github.com']
|
||
disable-user-extensions=false
|
||
|
||
[org/gnome/settings-daemon/plugins/power]
|
||
sleep-inactive-ac-type='nothing'
|
||
sleep-inactive-battery-type='nothing'
|
||
# power-button-action='nothing'
|
||
|
||
[org/gnome/desktop/session]
|
||
idle-delay=uint32 0
|
||
|
||
[system/proxy]
|
||
autoconfig-url='proxyconf.glb.nokia.com/proxy.pac'
|
||
ignore-hosts=['localhost', '127.0.0.0/8', '::1', '192.168.1.1', '192.168.0.0', '192.168.0.0/8']
|
||
mode='none'
|
||
|
||
[system/proxy/http]
|
||
host='10.158.100.1'
|
||
|
||
[system/proxy/https]
|
||
host='10.158.100.1'
|
||
port=8080
|
||
|
||
- path: /etc/dconf/profile/user
|
||
owner: root:root
|
||
content: |
|
||
user-db:user
|
||
system-db:local
|
||
|
||
# ─── PACKAGES ──────────────────────────────────────────────────────────────
|
||
packages:
|
||
- git
|
||
- curl
|
||
- wget
|
||
- vim
|
||
- gettext
|
||
- build-essential
|
||
- python3
|
||
- python3-pip
|
||
- python3-venv
|
||
- apt-transport-https
|
||
- ca-certificates
|
||
- gnupg
|
||
- lsb-release
|
||
- openssh-server
|
||
- net-tools
|
||
|
||
# early-commands:
|
||
# - mkdir -p /target/nokia/vpn
|
||
# - mkdir -p /target/etc/himmelblau
|
||
|
||
late-commands:
|
||
# - cp /etc/resolv.conf /target/etc/resolv.conf
|
||
- bash -x /cdrom/nocloud/wifi.sh
|
||
- cp /cdrom/nocloud/post-install.sh /target/home/
|
||
|
||
updates: all
|
||
shutdown: poweroff
|
||
|
||
# vim: set filetype=yaml :
|