Iron-Legion/ansible-pull-deploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move autoinstall/ to 412friendly/backups.git (staging repo) — Iron-Legion repo is ansible-pull only

Browse Source
This commit is contained in:
Artemis (Iron Legion)
2026-05-23 19:01:30 -04:00
parent 2370049e48
commit f3e7c5d108
3 changed files with 0 additions and 309 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
autoinstall/first-boot.sh
View File

@@ -1,88 +0,0 @@
#!/bin/bash
# first-boot.sh — Iron Legion Fleet Node Post-Install Bootstrap
# Run manually AFTER confirming autoinstall boots successfully
# Date: May 23, 2026
set -euo pipefail
# ========== CONFIG ==========
TRUENAS_IP="192.168.16.254"
NFS_SHARE="/mnt/Ice/Backup/swarm-data"
LOCAL_MOUNT="/mnt/swarm-data"
ANSIBLE_REPO="https://gitea.nb.bobbysh.me/Iron-Legion/ansible-pull-deploy.git"
ANSIBLE_DIR="/var/lib/ansible/local"
TAILSCALE_API_KEY="${TAILSCALE_API_KEY:-}" # Set before running, or hardcode for unattended
# ========== DOCKER ==========
echo "[1/6] Installing Docker CE..."
if ! command -v docker >/dev/null 2>&1; then
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu noble stable" > /etc/apt/sources.list.d/docker.list
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
systemctl enable docker
systemctl start docker
usermod -aG docker jarvis
echo "Docker installed."
else
echo "Docker already present."
fi
# ========== NFS AUTOMOUNT ==========
echo "[2/6] Configuring NFS automount for TrueNAS..."
mkdir -p "$LOCAL_MOUNT"
if ! grep -q "$TRUENAS_IP:$NFS_SHARE" /etc/fstab; then
echo "$TRUENAS_IP:$NFS_SHARE $LOCAL_MOUNT nfs defaults,_netdev 0 0" >> /etc/fstab
mount "$LOCAL_MOUNT"
echo "NFS mount added to fstab and mounted."
else
echo "NFS fstab entry already exists."
fi
# ========== ANSIBLE-PULL REPO ==========
echo "[3/6] Cloning ansible-pull repo..."
mkdir -p "$ANSIBLE_DIR"
if [ ! -d "$ANSIBLE_DIR/.git" ]; then
cd "$ANSIBLE_DIR"
git clone "$ANSIBLE_REPO" .
echo "Ansible repo cloned."
else
echo "Ansible repo already present."
fi
# ========== TAILSCALE ==========
echo "[4/6] Installing Tailscale..."
if ! command -v tailscale >/dev/null 2>&1; then
curl -fsSL https://tailscale.com/install.sh | sh
echo "Tailscale installed."
else
echo "Tailscale already present."
fi
if [ -n "$TAILSCALE_API_KEY" ]; then
echo "[5/6] Joining Tailnet..."
tailscale up --auth-key="$TAILSCALE_API_KEY" --ssh --accept-routes
echo "Tailscale joined."
else
echo "[5/6] TAILSCALE_API_KEY not set. Run manually:"
echo " export TAILSCALE_API_KEY=tskey-..."
echo " tailscale up --auth-key=\$TAILSCALE_API_KEY --ssh --accept-routes"
fi
# ========== ENABLE SERVICES ==========
echo "[6/6] Enabling services..."
systemctl enable ssh docker
systemctl restart ssh docker
# ========== DONE ==========
echo ""
echo "========================================"
echo " Fleet node bootstrap complete"
echo "========================================"
echo "Docker: $(docker --version)"
echo "Tailscale: $(tailscale version 2>/dev/null | head -1 || echo 'not joined')"
echo "NFS mount: $(df -h | grep swarm-data || echo 'not mounted')"
echo "Ansible: $(ansible --version | head -1 || echo 'not checked')"
echo ""
echo "Next: run ansible-pull from $ANSIBLE_DIR"
echo " cd $ANSIBLE_DIR && ansible-pull -d . -U $ANSIBLE_REPO"

95
autoinstall/ubuntu-autoinstall-fleet-minimal.yaml
View File

@@ -1,95 +0,0 @@
# Ubuntu Autoinstall — Iron Legion Fleet Standard (MINIMAL)
# Targets: GMKtec G9 N150, 1TB NVMe (/dev/nvme0n1)
# Date: May 23, 2026
# Role: Bare-metal bootable fleet node — manual post-install via first-boot.sh
version: 1
reporting:
builtin:
type: print
autoinstall:
identity:
hostname: fleet-node
username: jarvis
password: "$6$0DL8vh2WMWRpPiOt$xP1XyKFbX8J0hGSwd9GD6RsPAM5Ajdkrd8PYW2KJAv64YBJC3NAHgGr4BNYORodCVf1hkv3D2KhbezFoIlVsL1"
ssh:
install-server: true
authorized-keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSBrRCROUHOiZX9IB3teEK89VFfghbdu7OF5NoJ1Y6g Generated By Termius
allow-pw: true
network:
version: 2
ethernets:
enp4s0:
dhcp4: true
optional: true
enp5s0:
dhcp4: true
optional: true
enp6s0:
dhcp4: true
optional: true
storage:
config:
- type: disk
id: nvme0n1
path: /dev/nvme0n1
ptable: gpt
wipe: superblock-recursive
- type: partition
id: boot-part
device: nvme0n1
size: 1GiB
flag: boot
- type: partition
id: root-part
device: nvme0n1
size: -1
- type: format
id: boot-format
volume: boot-part
fstype: ext4
- type: format
id: root-format
volume: root-part
fstype: ext4
- type: mount
id: boot-mount
device: boot-format
path: /boot
- type: mount
id: root-mount
device: root-format
path: /
swap:
size: 0
packages:
- openssh-server
- curl
- nfs-common
- cifs-utils
- net-tools
- ca-certificates
- gnupg
- ansible
- git
late-commands:
# Prevent cloud-init from stomping hostname on first boot
- echo 'preserve_hostname: true' > /target/etc/cloud/cloud.cfg.d/99_preserve_hostname.cfg
# Add jarvis to sudoers with NOPASSWD
- echo 'jarvis ALL=(ALL) NOPASSWD: ALL' > /target/etc/sudoers.d/jarvis
- chmod 440 /target/etc/sudoers.d/jarvis
# Ensure SSH key has correct permissions
- chmod 600 /target/home/jarvis/.ssh/authorized_keys
- chown -R 1000:1000 /target/home/jarvis/.ssh
# Auto-reboot after install completes
shutdown: reboot

126
autoinstall/ubuntu-autoinstall-fleet.yaml
View File

@@ -1,126 +0,0 @@
# Ubuntu Autoinstall Template — Iron Legion Fleet Standard
# Generated May 23, 2026. Targets GMKtec G9 N150, 1TB NVMe (/dev/nvme0n1)
# Includes: jarvis user, SSH key, Docker, NFS client, Tailscale (optional)
version: 1
reporting:
builtin:
type: print
autoinstall:
identity:
hostname: ubuntu-fleet-node
username: jarvis
password: "$6$rounds=5000$fleet$salts$hashedpassword"
# ^^^ Generate with: mkpasswd -m sha-512 ubuntu
# Or use: python3 -c "import crypt; print(crypt.crypt('ubuntu', crypt.mksalt(crypt.METHOD_SHA512)))"
ssh:
install-server: true
authorized-keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSBrRCROUHOiZX9IB3teEK89VFfghbdu7OF5NoJ1Y6g Generated By Termius
allow-pw: true
network:
version: 2
ethernets:
enp4s0:
dhcp4: true
optional: true
enp5s0:
dhcp4: true
optional: true
enp6s0:
dhcp4: true
optional: true
# Note: enp5s0 is the Intel I226-V which drops link on some G9 units.
# Fallback to enp4s0 if enp5s0 fails.
storage:
config:
- type: disk
id: nvme0n1
path: /dev/nvme0n1
ptable: gpt
wipe: superblock-recursive
- type: partition
id: boot-part
device: nvme0n1
size: 1GiB
flag: boot
- type: partition
id: root-part
device: nvme0n1
size: -1
- type: format
id: boot-format
volume: boot-part
fstype: ext4
- type: format
id: root-format
volume: root-part
fstype: ext4
- type: mount
id: boot-mount
device: boot-format
path: /boot
- type: mount
id: root-mount
device: root-format
path: /
swap:
size: 0
packages:
- openssh-server
- curl
- nfs-common
- cifs-utils
- net-tools
- ca-certificates
- gnupg
late-commands:
# Fix hostname preservation (cloud-init stomp bug)
- echo 'preserve_hostname: true' > /target/etc/cloud/cloud.cfg.d/99_preserve_hostname.cfg
# Set hostname explicitly
- hostnamectl set-hostname ubuntu-fleet-node
# Add jarvis to sudoers with NOPASSWD
- echo 'jarvis ALL=(ALL) NOPASSWD: ALL' > /target/etc/sudoers.d/jarvis
- chmod 440 /target/etc/sudoers.d/jarvis
# Create SSH directory and inject key (fallback if ssh section fails)
- mkdir -p /target/home/jarvis/.ssh
- echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSBrRCROUHOiZX9IB3teEK89VFfghbdu7OF5NoJ1Y6g Generated By Termius' > /target/home/jarvis/.ssh/authorized_keys
- chmod 600 /target/home/jarvis/.ssh/authorized_keys
- chown -R 1000:1000 /target/home/jarvis/.ssh
# Install Docker
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker.gpg
- echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu noble stable" > /target/etc/apt/sources.list.d/docker.list
- curtin in-target -- apt-get update
- curtin in-target -- apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# Add jarvis to docker group
- usermod -aG docker jarvis
# Enable and start services
- systemctl enable docker
- systemctl enable ssh
# Install Tailscale (optional — needs auth key for auto-join)
# Uncomment and add TAILSCALE_AUTH_KEY to user-data if auto-join desired
# - curl -fsSL https://tailscale.com/install.sh | sh
# - tailscale up --auth-key=${TAILSCALE_AUTH_KEY}
# Clone ansible-pull repo (optional — needs git and network)
# - mkdir -p /target/var/lib/ansible/local
# - cd /target/var/lib/ansible/local && git clone https://gitea.nb.bobbysh.me/Iron-Legion/ansible-pull-deploy.git .
# Re-enable netplan for actual NIC that comes up
- sed -i 's/optional: true/optional: false/g' /target/etc/netplan/00-installer-config.yaml 2>/dev/null || true
# Shutdown after install (remove for auto-reboot)
# shutdown: reboot