# Ubuntu Autoinstall Template — Iron Legion Fleet Standard # Generated May 23, 2026. Targets GMKtec G9 N150, 1TB NVMe (/dev/nvme0n1) # Includes: jarvis user, SSH key, Docker, NFS client, Tailscale (optional) version: 1 reporting: builtin: type: print autoinstall: identity: hostname: ubuntu-fleet-node username: jarvis password: "$6$rounds=5000$fleet$salts$hashedpassword" # ^^^ Generate with: mkpasswd -m sha-512 ubuntu # Or use: python3 -c "import crypt; print(crypt.crypt('ubuntu', crypt.mksalt(crypt.METHOD_SHA512)))" ssh: install-server: true authorized-keys: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSBrRCROUHOiZX9IB3teEK89VFfghbdu7OF5NoJ1Y6g Generated By Termius allow-pw: true network: version: 2 ethernets: enp4s0: dhcp4: true optional: true enp5s0: dhcp4: true optional: true enp6s0: dhcp4: true optional: true # Note: enp5s0 is the Intel I226-V which drops link on some G9 units. # Fallback to enp4s0 if enp5s0 fails. storage: config: - type: disk id: nvme0n1 path: /dev/nvme0n1 ptable: gpt wipe: superblock-recursive - type: partition id: boot-part device: nvme0n1 size: 1GiB flag: boot - type: partition id: root-part device: nvme0n1 size: -1 - type: format id: boot-format volume: boot-part fstype: ext4 - type: format id: root-format volume: root-part fstype: ext4 - type: mount id: boot-mount device: boot-format path: /boot - type: mount id: root-mount device: root-format path: / swap: size: 0 packages: - openssh-server - curl - nfs-common - cifs-utils - net-tools - ca-certificates - gnupg late-commands: # Fix hostname preservation (cloud-init stomp bug) - echo 'preserve_hostname: true' > /target/etc/cloud/cloud.cfg.d/99_preserve_hostname.cfg # Set hostname explicitly - hostnamectl set-hostname ubuntu-fleet-node # Add jarvis to sudoers with NOPASSWD - echo 'jarvis ALL=(ALL) NOPASSWD: ALL' > /target/etc/sudoers.d/jarvis - chmod 440 /target/etc/sudoers.d/jarvis # Create SSH directory and inject key (fallback if ssh section fails) - mkdir -p /target/home/jarvis/.ssh - echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSBrRCROUHOiZX9IB3teEK89VFfghbdu7OF5NoJ1Y6g Generated By Termius' > /target/home/jarvis/.ssh/authorized_keys - chmod 600 /target/home/jarvis/.ssh/authorized_keys - chown -R 1000:1000 /target/home/jarvis/.ssh # Install Docker - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker.gpg - echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu noble stable" > /target/etc/apt/sources.list.d/docker.list - curtin in-target -- apt-get update - curtin in-target -- apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin # Add jarvis to docker group - usermod -aG docker jarvis # Enable and start services - systemctl enable docker - systemctl enable ssh # Install Tailscale (optional — needs auth key for auto-join) # Uncomment and add TAILSCALE_AUTH_KEY to user-data if auto-join desired # - curl -fsSL https://tailscale.com/install.sh | sh # - tailscale up --auth-key=${TAILSCALE_AUTH_KEY} # Clone ansible-pull repo (optional — needs git and network) # - mkdir -p /target/var/lib/ansible/local # - cd /target/var/lib/ansible/local && git clone https://gitea.nb.bobbysh.me/Iron-Legion/ansible-pull-deploy.git . # Re-enable netplan for actual NIC that comes up - sed -i 's/optional: true/optional: false/g' /target/etc/netplan/00-installer-config.yaml 2>/dev/null || true # Shutdown after install (remove for auto-reboot) # shutdown: reboot