aipackage/autoinstall/user-data

92 lines
2.7 KiB
Plaintext

#cloud-config
autoinstall:
version: 1
# ── Locale & keyboard ──────────────────────────
locale: en_IN.UTF-8
keyboard:
layout: us
# ── Network: DHCP on first ethernet ───────────
network:
network:
version: 2
ethernets:
any-en:
dhcp4: true
match:
name: "en*"
any-eth:
dhcp4: true
match:
name: "eth*"
# ── Storage: LVM on largest disk ──────────────
storage:
layout:
name: lvm
match:
size: largest
# ── Identity: cezen user ──────────────────────
identity:
hostname: aiserver
username: cezen
# Password: Cezen@2024! (SHA-512 hash below)
password: "$6$rounds=4096$cezentech$9pHVUFCvB7mHrblqn0qXJaFWxMkmepNM4T8Q5Fx8piVXuGDq.MLk/RH4nRMWtluLMpPXaZQAGFOD4xtjW1wC1"
# ── SSH ───────────────────────────────────────
ssh:
install-server: true
allow-pw: true
# ── Packages installed during setup ───────────
packages:
- git
- curl
- wget
# ── Late commands: run after OS install ───────
# These run with target mounted at /target
late-commands:
# Clone the Cezen AI installer
- git clone https://cgit.cezentech.com/jinojose/aipackage.git /target/opt/aipackage
# Set ownership
- curtin in-target -- chown -R cezen:cezen /opt/aipackage
# Create a firstboot systemd service that runs install.sh on first boot
- |
cat > /target/etc/systemd/system/cezen-firstboot.service << 'SVCEOF'
[Unit]
Description=Cezen AI Suite First Boot Installer
After=network-online.target
Wants=network-online.target
ConditionPathExists=!/opt/cezen/.installed
[Service]
Type=oneshot
ExecStart=/bin/bash /opt/aipackage/install.sh
ExecStartPost=/bin/touch /opt/cezen/.installed
RemainAfterExit=yes
StandardOutput=journal+console
StandardError=journal+console
[Install]
WantedBy=multi-user.target
SVCEOF
# Enable the firstboot service
- curtin in-target -- systemctl enable cezen-firstboot.service
# Allow cezen user to run sudo without password (needed for install.sh)
- echo "cezen ALL=(ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/cezen
- chmod 440 /target/etc/sudoers.d/cezen
# ── Skip confirmations ────────────────────────
user-data:
disable_root: false
# Confirm destructive action without prompting
confirm-bugs: false