#cloud-config
# vim: syntax=yaml

disk_setup:
  /dev/vdb:
    table_type: mbr
    layout:
    - 100
    overwrite: false
fs_setup:
- label: storage
  filesystem: xfs
  device: /dev/vdb
  partition: 1
resize_rootfs: true

mounts:
- [ "/dev/vdb1", "/srv", "xfs", "defaults", "0", "0" ]

users:
- name: nicolas
  gecos: Nicolas MASSE
  groups: wheel
  lock_passwd: false
  passwd: $6$XUTB20jVVXIqh78k$L1A9Lft5JlbOtNbeDP.fOZ5giLl09LfJGGCon5uwtsIhPJoNkj4SIk08Rb6vSowOps2ik5tlUwT2ZOZ6jjr7.0
  ssh_authorized_keys:
  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1tt58X0+vbvsCR12gMAqr+g7vjt1Fx/qqz9EiboIs nicolas@localhost.localdomain
  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFW62WJXI1ZCMfNA4w0dMpL0fsldhbEfULNGIUB0nQui nmasse@localhost.localdomain

packages:
# Useful tools
- net-tools
- hdparm
- iptraf
- iotop
- vim-enhanced
- tmux
- rsync
- tree
- unzip
- tar
- tcpdump
- telnet
- strace
- bind-utils
# NFS
- firewalld
- nfs-utils

runcmd:
# Enable KVM virsh console access
- [ "systemctl", "enable", "serial-getty@ttyS0.service" ]
- [ "systemctl", "start", "--no-block", "serial-getty@ttyS0.service" ]
# Disable SSH password authentication
- [ "sed", "-i.post-install", "-e", "s/PasswordAuthentication yes/PasswordAuthentication no/", "/etc/ssh/sshd_config" ]
- [ "systemctl", "restart", "sshd" ]
# Enable sudo without password
- [ "sed", "-i.post-install", "-e", "s/^%wheel\tALL=(ALL)\tALL/%wheel  ALL=(ALL)       NOPASSWD: ALL/", "/etc/sudoers" ]
# Fix file permissions
- [ "chown", "-R", "nicolas:nicolas", "/home/nicolas" ]
# Enable NFS
- [ "mount", "/srv" ]
- [ "systemctl", "enable", "rpcbind" ]
- [ "systemctl", "start", "rpcbind" ]
- [ "systemctl", "enable", "nfs-server" ]
- [ "systemctl", "start", "nfs-server" ]
- [ "systemctl", "enable", "firewalld" ]
- [ "systemctl", "start", "firewalld" ]
- [ "setsebool", "-P", "nfs_export_all_rw", "1" ]
- [ "mkdir", "-p", "/srv/nfs" ]
- [ "exportfs", "-rav" ]
#- [ "/bin/bash", "-c", "for i in {0..999}; do pv=$(printf '/srv/nfs/pv-%03d\n' $i); mkdir $pv; chmod 777 $pv; done" ]
- [ "/bin/bash", "-c", "for pv in pv-infra-registry pv-user-pvs; do mkdir -p /srv/nfs/$pv; chmod 770 /srv/nfs/$pv; done" ]
- [ "firewall-cmd", "--add-service=nfs", "--permanent" ]
- [ "firewall-cmd", "--reload" ]

write_files:
- path: /root/.bashrc
  # PS1='\[\033[01;31m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]# '
  content: |
    UFMxPSdcW1wwMzNbMDE7MzFtXF1cdUBcaFxbXDAzM1swMG1cXTpcW1wwMzNbMDE7MzRtXF1cd1xb
    XDAzM1swMG1cXSMgJwo=
  encoding: base64
  append: true

- path: /etc/skel/.bashrc
  # PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
  content: |
    UFMxPSdcW1wwMzNbMDE7MzJtXF1cdUBcaFxbXDAzM1swMG1cXTpcW1wwMzNbMDE7MzRtXF1cd1xb
    XDAzM1swMG1cXVwkICcK
  encoding: base64
  append: true

- path: /home/nicolas/.bashrc
  # PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
  content: |
    UFMxPSdcW1wwMzNbMDE7MzJtXF1cdUBcaFxbXDAzM1swMG1cXTpcW1wwMzNbMDE7MzRtXF1cd1xb
    XDAzM1swMG1cXVwkICcK
  encoding: base64
  append: true

- path: /etc/exports
  content: |
    /srv/nfs *(rw,no_root_squash)