Iron-Legion/ansible-pull-deploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add fleet-standard Ubuntu autoinstall template (G9 N150, nvme0n1, Docker, SSH key, no-swap)

Browse Source
This commit is contained in:
Artemis (Iron Legion)
2026-05-23 18:27:08 -04:00
parent b09139bbe7
commit 74c26b370b
1 changed files with 126 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
autoinstall/ubuntu-autoinstall-fleet.yaml Normal file
View File

@@ -0,0 +1,126 @@
# Ubuntu Autoinstall Template — Iron Legion Fleet Standard
# Generated May 23, 2026. Targets GMKtec G9 N150, 1TB NVMe (/dev/nvme0n1)
# Includes: jarvis user, SSH key, Docker, NFS client, Tailscale (optional)
version: 1
reporting:
builtin:
type: print
autoinstall:
identity:
hostname: ubuntu-fleet-node
username: jarvis
password: "$6$rounds=5000$fleet$salts$hashedpassword"
# ^^^ Generate with: mkpasswd -m sha-512 ubuntu
# Or use: python3 -c "import crypt; print(crypt.crypt('ubuntu', crypt.mksalt(crypt.METHOD_SHA512)))"
ssh:
install-server: true
authorized-keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSBrRCROUHOiZX9IB3teEK89VFfghbdu7OF5NoJ1Y6g Generated By Termius
allow-pw: true
network:
version: 2
ethernets:
enp4s0:
dhcp4: true
optional: true
enp5s0:
dhcp4: true
optional: true
enp6s0:
dhcp4: true
optional: true
# Note: enp5s0 is the Intel I226-V which drops link on some G9 units.
# Fallback to enp4s0 if enp5s0 fails.
storage:
config:
- type: disk
id: nvme0n1
path: /dev/nvme0n1
ptable: gpt
wipe: superblock-recursive
- type: partition
id: boot-part
device: nvme0n1
size: 1GiB
flag: boot
- type: partition
id: root-part
device: nvme0n1
size: -1
- type: format
id: boot-format
volume: boot-part
fstype: ext4
- type: format
id: root-format
volume: root-part
fstype: ext4
- type: mount
id: boot-mount
device: boot-format
path: /boot
- type: mount
id: root-mount
device: root-format
path: /
swap:
size: 0
packages:
- openssh-server
- curl
- nfs-common
- cifs-utils
- net-tools
- ca-certificates
- gnupg
late-commands:
# Fix hostname preservation (cloud-init stomp bug)
- echo 'preserve_hostname: true' > /target/etc/cloud/cloud.cfg.d/99_preserve_hostname.cfg
# Set hostname explicitly
- hostnamectl set-hostname ubuntu-fleet-node
# Add jarvis to sudoers with NOPASSWD
- echo 'jarvis ALL=(ALL) NOPASSWD: ALL' > /target/etc/sudoers.d/jarvis
- chmod 440 /target/etc/sudoers.d/jarvis
# Create SSH directory and inject key (fallback if ssh section fails)
- mkdir -p /target/home/jarvis/.ssh
- echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSBrRCROUHOiZX9IB3teEK89VFfghbdu7OF5NoJ1Y6g Generated By Termius' > /target/home/jarvis/.ssh/authorized_keys
- chmod 600 /target/home/jarvis/.ssh/authorized_keys
- chown -R 1000:1000 /target/home/jarvis/.ssh
# Install Docker
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker.gpg
- echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu noble stable" > /target/etc/apt/sources.list.d/docker.list
- curtin in-target -- apt-get update
- curtin in-target -- apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# Add jarvis to docker group
- usermod -aG docker jarvis
# Enable and start services
- systemctl enable docker
- systemctl enable ssh
# Install Tailscale (optional — needs auth key for auto-join)
# Uncomment and add TAILSCALE_AUTH_KEY to user-data if auto-join desired
# - curl -fsSL https://tailscale.com/install.sh | sh
# - tailscale up --auth-key=${TAILSCALE_AUTH_KEY}
# Clone ansible-pull repo (optional — needs git and network)
# - mkdir -p /target/var/lib/ansible/local
# - cd /target/var/lib/ansible/local && git clone https://gitea.nb.bobbysh.me/Iron-Legion/ansible-pull-deploy.git .
# Re-enable netplan for actual NIC that comes up
- sed -i 's/optional: true/optional: false/g' /target/etc/netplan/00-installer-config.yaml 2>/dev/null || true
# Shutdown after install (remove for auto-reboot)
# shutdown: reboot