From 89e518612a7fe2f0cc13812b146db6e900603e47 Mon Sep 17 00:00:00 2001
From: "Artemis (Iron Legion)" <jarvis@iron-legion.labs>
Date: Sat, 23 May 2026 13:54:52 -0400
Subject: [PATCH] MAAS preseed v5: isolate-safe, targets /dev/nvme0n1, no
 apt-get during late_commands

---
 preseeds/curtin_userdata_fleet_v5.yaml | 49 ++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 preseeds/curtin_userdata_fleet_v5.yaml

diff --git a/preseeds/curtin_userdata_fleet_v5.yaml b/preseeds/curtin_userdata_fleet_v5.yaml
new file mode 100644
index 0000000..f7b2004
--- /dev/null
+++ b/preseeds/curtin_userdata_fleet_v5.yaml
@@ -0,0 +1,49 @@
+#cloud-config
+# MAAS Fleet Preseed v5 — Iron Legion DR Standard
+# No apt-get during late_commands (isolated subnet)
+# Targets /dev/nvme0n1 (first NVMe, skip eMMC)
+# Defer internet tasks to post-deploy on fleet LAN
+# Corrected 2026-05-23: nvme1 → nvme0n1 (Linux enumeration)
+
+debconf_selections:
+ maas: |
+  {{for line in str(curtin_preseed).splitlines()}}
+  {{line}}
+  {{endfor}}
+
+storage:
+  swap:
+    size: 0
+  config:
+    - type: disk
+      id: root-disk
+      path: /dev/nvme0n1
+      ptable: gpt
+      wipe: superblock-recursive
+    - type: partition
+      id: root-partition
+      device: root-disk
+      size: -1
+      flag: boot
+    - type: format
+      id: root-format
+      volume: root-partition
+      fstype: ext4
+    - type: mount
+      id: root-mount
+      device: root-format
+      path: /
+
+late_commands:
+  fleet_01_create_user: ["curtin", "in-target", "--", "sh", "-c", "useradd -m -s /bin/bash -G sudo jarvis && echo 'jarvis:ubuntu' | chpasswd"]
+  fleet_02_hostname: ["curtin", "in-target", "--", "sh", "-c", "hostnamectl set-hostname $(echo {{node.hostname}} | sed 's/[^a-zA-Z0-9-]//g') && echo $(echo {{node.hostname}} | sed 's/[^a-zA-Z0-9-]//g') > /etc/hostname"]
+  fleet_02b_preserve_hostname: ["curtin", "in-target", "--", "sh", "-c", "echo 'preserve_hostname: true' > /etc/cloud/cloud.cfg.d/99_preserve_hostname.cfg"]
+  fleet_03_enable_ssh: ["curtin", "in-target", "--", "systemctl", "enable", "ssh"]
+  fleet_04_start_ssh: ["curtin", "in-target", "--", "systemctl", "start", "ssh"]
+  fleet_05_ssh_dir: ["curtin", "in-target", "--", "sh", "-c", "mkdir -p /home/jarvis/.ssh && chmod 700 /home/jarvis/.ssh"]
+  fleet_06_auth_keys: ["curtin", "in-target", "--", "sh", "-c", "echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSBrRCROUHOiZX9IB3teEK89VFfghbdu7OF5NoJ1Y6g Generated By Termius' > /home/jarvis/.ssh/authorized_keys"]
+  fleet_07_chmod: ["curtin", "in-target", "--", "chmod", "600", "/home/jarvis/.ssh/authorized_keys"]
+  fleet_08_chown: ["curtin", "in-target", "--", "chown", "-R", "jarvis:jarvis", "/home/jarvis/.ssh"]
+  fleet_09_sudo: ["curtin", "in-target", "--", "sh", "-c", "echo 'jarvis ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/jarvis && chmod 440 /etc/sudoers.d/jarvis"]
+  fleet_10_ansible_dirs: ["curtin", "in-target", "--", "sh", "-c", "mkdir -p /var/lib/ansible/local"]
+  maas: [wget, '--no-proxy', {{node_disable_pxe_url|escape.json}}, '--post-data', {{node_disable_pxe_data|escape.json}}, '-O', '/dev/null']