From 74c26b370bf070148abb75668616b055fe601122 Mon Sep 17 00:00:00 2001
From: "Artemis (Iron Legion)" <jarvis@iron-legion.labs>
Date: Sat, 23 May 2026 18:27:08 -0400
Subject: [PATCH] Add fleet-standard Ubuntu autoinstall template (G9 N150,
 nvme0n1, Docker, SSH key, no-swap)

---
 autoinstall/ubuntu-autoinstall-fleet.yaml | 126 ++++++++++++++++++++++
 1 file changed, 126 insertions(+)
 create mode 100644 autoinstall/ubuntu-autoinstall-fleet.yaml

diff --git a/autoinstall/ubuntu-autoinstall-fleet.yaml b/autoinstall/ubuntu-autoinstall-fleet.yaml
new file mode 100644
index 0000000..be46e6b
--- /dev/null
+++ b/autoinstall/ubuntu-autoinstall-fleet.yaml
@@ -0,0 +1,126 @@
+# Ubuntu Autoinstall Template — Iron Legion Fleet Standard
+# Generated May 23, 2026. Targets GMKtec G9 N150, 1TB NVMe (/dev/nvme0n1)
+# Includes: jarvis user, SSH key, Docker, NFS client, Tailscale (optional)
+
+version: 1
+reporting:
+  builtin:
+    type: print
+
+autoinstall:
+  identity:
+    hostname: ubuntu-fleet-node
+    username: jarvis
+    password: "$6$rounds=5000$fleet$salts$hashedpassword"
+    # ^^^ Generate with: mkpasswd -m sha-512 ubuntu
+    # Or use: python3 -c "import crypt; print(crypt.crypt('ubuntu', crypt.mksalt(crypt.METHOD_SHA512)))"
+
+  ssh:
+    install-server: true
+    authorized-keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSBrRCROUHOiZX9IB3teEK89VFfghbdu7OF5NoJ1Y6g Generated By Termius
+    allow-pw: true
+
+  network:
+    version: 2
+    ethernets:
+      enp4s0:
+        dhcp4: true
+        optional: true
+      enp5s0:
+        dhcp4: true
+        optional: true
+      enp6s0:
+        dhcp4: true
+        optional: true
+    # Note: enp5s0 is the Intel I226-V which drops link on some G9 units.
+    # Fallback to enp4s0 if enp5s0 fails.
+
+  storage:
+    config:
+      - type: disk
+        id: nvme0n1
+        path: /dev/nvme0n1
+        ptable: gpt
+        wipe: superblock-recursive
+      - type: partition
+        id: boot-part
+        device: nvme0n1
+        size: 1GiB
+        flag: boot
+      - type: partition
+        id: root-part
+        device: nvme0n1
+        size: -1
+      - type: format
+        id: boot-format
+        volume: boot-part
+        fstype: ext4
+      - type: format
+        id: root-format
+        volume: root-part
+        fstype: ext4
+      - type: mount
+        id: boot-mount
+        device: boot-format
+        path: /boot
+      - type: mount
+        id: root-mount
+        device: root-format
+        path: /
+    swap:
+      size: 0
+
+  packages:
+    - openssh-server
+    - curl
+    - nfs-common
+    - cifs-utils
+    - net-tools
+    - ca-certificates
+    - gnupg
+
+  late-commands:
+    # Fix hostname preservation (cloud-init stomp bug)
+    - echo 'preserve_hostname: true' > /target/etc/cloud/cloud.cfg.d/99_preserve_hostname.cfg
+
+    # Set hostname explicitly
+    - hostnamectl set-hostname ubuntu-fleet-node
+
+    # Add jarvis to sudoers with NOPASSWD
+    - echo 'jarvis ALL=(ALL) NOPASSWD: ALL' > /target/etc/sudoers.d/jarvis
+    - chmod 440 /target/etc/sudoers.d/jarvis
+
+    # Create SSH directory and inject key (fallback if ssh section fails)
+    - mkdir -p /target/home/jarvis/.ssh
+    - echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSBrRCROUHOiZX9IB3teEK89VFfghbdu7OF5NoJ1Y6g Generated By Termius' > /target/home/jarvis/.ssh/authorized_keys
+    - chmod 600 /target/home/jarvis/.ssh/authorized_keys
+    - chown -R 1000:1000 /target/home/jarvis/.ssh
+
+    # Install Docker
+    - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker.gpg
+    - echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu noble stable" > /target/etc/apt/sources.list.d/docker.list
+    - curtin in-target -- apt-get update
+    - curtin in-target -- apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+
+    # Add jarvis to docker group
+    - usermod -aG docker jarvis
+
+    # Enable and start services
+    - systemctl enable docker
+    - systemctl enable ssh
+
+    # Install Tailscale (optional — needs auth key for auto-join)
+    # Uncomment and add TAILSCALE_AUTH_KEY to user-data if auto-join desired
+    # - curl -fsSL https://tailscale.com/install.sh | sh
+    # - tailscale up --auth-key=${TAILSCALE_AUTH_KEY}
+
+    # Clone ansible-pull repo (optional — needs git and network)
+    # - mkdir -p /target/var/lib/ansible/local
+    # - cd /target/var/lib/ansible/local && git clone https://gitea.nb.bobbysh.me/Iron-Legion/ansible-pull-deploy.git .
+
+    # Re-enable netplan for actual NIC that comes up
+    - sed -i 's/optional: true/optional: false/g' /target/etc/netplan/00-installer-config.yaml 2>/dev/null || true
+
+  # Shutdown after install (remove for auto-reboot)
+  # shutdown: reboot