Iron-Legion/ansible-pull-deploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Ubuntu Server autoinstall for Iron Legion G9 — headless, zero-touch, replaces MAAS for small batches

Browse Source
This commit is contained in:
Artemis (Iron Legion)
2026-05-23 16:20:21 -04:00
parent 89e518612a
commit 39ff842a65
2 changed files with 286 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
ubuntu-autoinstall/autoinstall.yaml Normal file
View File

@@ -0,0 +1,135 @@
# Ubuntu Server Autoinstall — Iron Legion G9 Headless Deploy
# Usage: Place as 'user-data' on nocloud USB alongside empty 'meta-data' file
# See README.md for USB creation instructions
version: 1
autoinstall:
# ── Identity ──
identity:
hostname: ubuntu
username: jarvis
password: "$6$iypA63f5vLDzTGQ2$eOrvsyhnM6c4istoy65GUConWL4St.rzy28wFt8QxUWk7F3fSx7mHytwnjHosvIj7JAMBPeC4jkUctAZJeKDx/"
ssh:
install-server: true
allow-pw: true
authorized-keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSBrRCROUHOiZX9IB3teEK89VFfghbdu7OF5NoJ1Y6g
# ── Storage ──
storage:
config:
- type: disk
id: disk0
ptable: gpt
wipe: superblock-recursive
path: /dev/nvme0n1
- type: partition
id: boot-part
number: 1
size: 1GB
device: disk0
flag: boot
grub_device: true
- type: format
id: boot-format
fstype: ext4
volume: boot-part
- type: mount
id: boot-mount
device: boot-format
path: /boot
- type: partition
id: root-part
number: 2
size: -1
device: disk0
- type: format
id: root-format
fstype: ext4
volume: root-part
- type: mount
id: root-mount
device: root-format
path: /
# ── Networking ──
network:
version: 2
ethernets:
en0:
match:
name: "en*"
dhcp4: true
dhcp6: true
# ── Packages ──
packages:
- openssh-server
- curl
- git
- ca-certificates
- gnupg
- net-tools
- iputils-ping
- htop
- ufw
- nfs-common
# ── First boot scripts ──
late-commands:
# Hostname from MAC address
- |
MAC=$(cat /sys/class/net/en*/address 2>/dev/null | head -1 | tr -d ':')
case "$MAC" in
e051d81c5d56) HOST="mk-33" ;;
e051d81c5c75) HOST="mk-34" ;;
e051d81c5dca) HOST="mk-39" ;;
e051d81c5d5c) HOST="mk-42" ;;
*) HOST="g9-$(echo $MAC | tail -c 5)" ;;
esac
hostnamectl set-hostname "$HOST"
echo "$HOST" > /etc/hostname
printf "127.0.1.1\t%s\n" "$HOST" >> /etc/hosts
# Disable cloud-init re-run
- |
mkdir -p /etc/cloud/cloud.cfg.d
echo "preserve_hostname: true" > /etc/cloud/cloud.cfg.d/99_preserve_hostname.cfg
touch /etc/cloud/cloud-init.disabled
# Install Docker
- |
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu noble stable" > /etc/apt/sources.list.d/docker.list
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
usermod -aG docker jarvis
# Install Tailscale
- |
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.noarmor.gpg | tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.tailscale-keyring.list | tee /etc/apt/sources.list.d/tailscale.list
apt-get update
apt-get install -y tailscale
# Clone ansible-pull repo
- |
sudo -u jarvis bash -c 'mkdir -p ~/.ansible-repo && cd ~/.ansible-repo && git clone https://gitea.nb.bobbysh.me/Iron-Legion/ansible-pull-deploy.git . 2>/dev/null || true'
# SSH hardening (keep PW auth enabled for fleet standard)
- |
sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
systemctl restart ssh
# Enable UFW basic rules
- |
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp
ufw --force enable
# Reboot to finalize
- reboot