initial commit

debian11-cloudinit/run.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+
+set -Eeuo pipefail
+
+VM="${VM:-debian}"
+BASEIMAGE="${BASEIMAGE:-https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-genericcloud-amd64.qcow2}"
+BACKINGSTORE="${BACKINGSTORE:-debian-11-genericcloud-amd64.qcow2}"
+OSINFO="debian11"
+
+if [ "$UID" != "0" ]; then
+  echo "Usage: sudo $0 [cleanup]"
+  exit 1
+fi
+
+if virsh list --all --name | grep -xqF "$VM"; then
+  echo "Cleaning up..."
+  virsh destroy "$VM" || true
+  virsh undefine "$VM" || true
+  rm -f "/var/lib/libvirt/images/$VM.qcow2"
+  sleep 1
+fi
+
+if [ "${1:-}" == "cleanup" ]; then
+  exit 0
+fi
+
+if [ ! -f "/var/lib/libvirt/images/$BACKINGSTORE" ]; then
+  echo "Downloading base image..."
+  curl -Lo "/var/lib/libvirt/images/$BACKINGSTORE" "$BASEIMAGE"
+fi
+
+# Pre-requisites: dnf install mtools cloud-utils
+echo "Generating cloud-init.iso..."
+
+# Note: the Debian "genericcloud" image is smaller but does not include any driver for physical hardware.
+# So we cannot use the default format (iso) since it is emulated as SATA by KVM.
+# Therefore, we generate a VFAT image that will be mounted with virtio.
+cloud-localds -f vfat "/var/lib/libvirt/images/$VM-cloud-init.img" user-data.yaml
+
+# Also, the debian image requires to explicitely set the cloud datasource.
+# For KVM, this is set via the SMBIOS "serial number" property. Hence, the --sysinfo below...
+# See https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html
+virt-install --name "$VM" --autostart --noautoconsole --import \
+	     --cpu host-passthrough --vcpus 2 --ram 2048 \
+	     --os-variant "$OSINFO" \
+	     --disk "path=/var/lib/libvirt/images/$VM.qcow2,backing_store=/var/lib/libvirt/images/$BACKINGSTORE,size=10" \
+	     --disk "path=/var/lib/libvirt/images/$VM-cloud-init.img,readonly=on" \
+	     --network default \
+	     --console pty,target.type=virtio --serial pty \
+	     --sysinfo 'system.serial=ds=nocloud'
+sleep 1
+virsh console "$VM"
+

debian11-cloudinit/user-data.yaml

@@ -0,0 +1,22 @@
+#cloud-config
+
+users:
+- name: nicolas
+  gecos: Nicolas MASSE
+  groups: sudo
+  lock_passwd: false
+  # Password = "nicolas". Generated with "openssl passwd -6".
+  passwd: $6$lEBwC1lnRvLErO9A$lsb2i.3eTHj3PKV7uKryLROFOQMPDK/eKZXaLIoIk933JimDOPjCxn3F4gIu5ao9oQ4NFid7kQj/wUYJeVqoe.
+  ssh_authorized_keys:
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1tt58X0+vbvsCR12gMAqr+g7vjt1Fx/qqz9EiboIs nicolas@localhost.localdomain
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFW62WJXI1ZCMfNA4w0dMpL0fsldhbEfULNGIUB0nQui nmasse@localhost.localdomain
+
+write_files:
+- path: /etc/sudoers
+  content: |
+    Defaults        env_reset
+    Defaults        mail_badpass
+    Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    root    ALL=(ALL:ALL) NOPASSWD: ALL
+    %sudo   ALL=(ALL:ALL) NOPASSWD: ALL
+    @includedir /etc/sudoers.d

fcos/fcos.yaml

@@ -0,0 +1,53 @@
+variant: fcos
+version: 1.4.0
+passwd:
+  users:
+    - name: nicolas
+      groups:
+        - wheel
+        - sudo
+      ssh_authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1tt58X0+vbvsCR12gMAqr+g7vjt1Fx/qqz9EiboIs nicolas@localhost.localdomain
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFW62WJXI1ZCMfNA4w0dMpL0fsldhbEfULNGIUB0nQui nmasse@localhost.localdomain
+      # echo nicolas | mkpasswd --method=yescrypt -s
+      password_hash: "$y$j9T$IIkhmtKaucCqDD1gF//fm1$ZyKCnWN8i2eRFZke.O0eSvjxEqnQEmfTFQgi7.a/Ce0"
+systemd:
+  units:
+  - name: unifi.service
+    enabled: true
+    contents: |
+      [Unit]
+      Description=Unifi Controller
+      Documentation=https://docs.linuxserver.io/images/docker-unifi-controller
+      Wants=network-online.target
+      After=network-online.target
+      RequiresMountsFor=%t/containers
+
+      [Service]
+      Environment=PODMAN_SYSTEMD_UNIT=%n
+      Restart=always
+      TimeoutStopSec=61
+      ExecStartPre=/bin/rm -f %t/%n.ctr-id
+      ExecStartPre=/bin/install -d /var/lib/unifi -m 0700 -o 10000 -g 10000
+      ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d --replace --name unifi -e PUID=10000 -e PGID=10000 -v /var/lib/unifi:/config:z -p 3478:3478/udp -p 10001:10001/udp -p 8080:8080 -p 8443:8443 -p 1900:1900/udp -p 8843:8843 -p 8880:8880 -p 6789:6789 -p 5514:5514/udp quay.io/linuxserver.io/unifi-controller:6.5.55
+      ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+      ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+      Type=notify
+      NotifyAccess=all
+
+      [Install]
+      WantedBy=multi-user.target default.target
+
+storage:
+  disks:
+  - device: /dev/vdb
+    wipe_table: false
+    partitions:
+    - size_mib: 0
+      start_mib: 0
+      label: var
+  filesystems:
+    - path: /var/lib/unifi
+      device: /dev/disk/by-partlabel/var
+      format: xfs
+      with_mount_unit: true

fcos/run.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+set -Eeuo pipefail
+
+VM="${VM:-fcos}"
+BASEIMAGE="${BASEIMAGE:-https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/35.20211203.3.0/x86_64/fedora-coreos-35.20211203.3.0-qemu.x86_64.qcow2.xz}"
+BACKINGSTORE="${BACKINGSTORE:-fedora-coreos-35-qemu.x86_64.qcow2}"
+OSINFO="fedora-coreos-stable"
+
+if [ "$UID" != "0" ]; then
+  echo "Usage: sudo $0 [cleanup]"
+  exit 1
+fi
+
+if virsh list --all --name | grep -xqF "$VM"; then
+  echo "Cleaning up..."
+  virsh destroy "$VM" || true
+  virsh undefine "$VM" || true
+  rm -f "/var/lib/libvirt/images/$VM.qcow2"
+  sleep 1
+fi
+
+if [ "${1:-}" == "cleanup" ]; then
+  exit 0
+fi
+
+if [ ! -f "/var/lib/libvirt/images/$BACKINGSTORE" ]; then
+  echo "Downloading base image..."
+  curl -L "$BASEIMAGE" | xz -dc > "/var/lib/libvirt/images/$BACKINGSTORE"
+fi
+
+# Pre-requisites: dnf install butane
+echo "Generating ignition file..."
+butane --pretty --strict < "$PWD/fcos.yaml" > "/var/lib/libvirt/images/$VM.ign"
+
+virt-install --name "$VM" --autostart --import --noautoconsole \
+	     --cpu host-passthrough --vcpus 2 --ram 3074 \
+	     --os-variant "$OSINFO" \
+	     --disk "path=/var/lib/libvirt/images/$VM.qcow2,backing_store=/var/lib/libvirt/images/$BACKINGSTORE,size=10" \
+	     --disk "path=/var/lib/libvirt/images/$VM-var.qcow2,size=10" \
+	     --network default \
+       --qemu-commandline="-fw_cfg name=opt/com.coreos/config,file=/var/lib/libvirt/images/$VM.ign" \
+	     --graphics none --console pty,target.type=virtio --serial pty
+sleep 1
+virsh console "$VM"
+

fedora35-cloudinit/run.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+set -Eeuo pipefail
+
+VM="${VM:-fedora}"
+BASEIMAGE="${BASEIMAGE:-https://download.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.qcow2}"
+BACKINGSTORE="${BACKINGSTORE:-Fedora-Cloud-Base-35-1.2.x86_64.qcow2}"
+OSINFO="fedora-35"
+
+if [ "$UID" != "0" ]; then
+  echo "Usage: sudo $0 [cleanup]"
+  exit 1
+fi
+
+if virsh list --all --name | grep -xqF "$VM"; then
+  echo "Cleaning up..."
+  virsh destroy "$VM" || true
+  virsh undefine "$VM" || true
+  rm -f "/var/lib/libvirt/images/$VM.qcow2"
+  sleep 1
+fi
+
+if [ "${1:-}" == "cleanup" ]; then
+  exit 0
+fi
+
+if [ ! -f "/var/lib/libvirt/images/$BACKINGSTORE" ]; then
+  echo "Downloading base image..."
+  curl -Lo "/var/lib/libvirt/images/$BACKINGSTORE" "$BASEIMAGE"
+fi
+
+echo "Generating cloud-init.iso..."
+cloud-localds "/var/lib/libvirt/images/$VM-cloud-init.iso" user-data.yaml
+
+virt-install --name "$VM" --autostart --import --noautoconsole \
+	     --cpu host-passthrough --vcpus 2 --ram 2048 \
+	     --os-variant "$OSINFO" \
+	     --disk "path=/var/lib/libvirt/images/$VM.qcow2,backing_store=/var/lib/libvirt/images/$BACKINGSTORE,size=10" \
+	     --disk "path=/var/lib/libvirt/images/$VM-cloud-init.iso,readonly=on,device=cdrom" \
+	     --network default \
+	     --graphics none --console pty,target.type=virtio --serial pty
+sleep 1
+virsh console "$VM"

fedora35-cloudinit/user-data.yaml

@@ -0,0 +1,27 @@
+#cloud-config
+
+resize_rootfs: true
+
+users:
+- name: nicolas
+  gecos: Nicolas MASSE
+  groups: wheel
+  lock_passwd: false
+  # Password = "nicolas". Generated with "openssl passwd -6".
+  passwd: $6$lEBwC1lnRvLErO9A$lsb2i.3eTHj3PKV7uKryLROFOQMPDK/eKZXaLIoIk933JimDOPjCxn3F4gIu5ao9oQ4NFid7kQj/wUYJeVqoe.
+  ssh_authorized_keys:
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1tt58X0+vbvsCR12gMAqr+g7vjt1Fx/qqz9EiboIs nicolas@localhost.localdomain
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFW62WJXI1ZCMfNA4w0dMpL0fsldhbEfULNGIUB0nQui nmasse@localhost.localdomain
+
+packages:
+- podman
+
+runcmd:
+# Enable KVM virsh console access
+- [ "systemctl", "enable", "serial-getty@ttyS0.service" ]
+- [ "systemctl", "start", "--no-block", "serial-getty@ttyS0.service" ]
+# Disable SSH password authentication
+- [ "sed", "-i.post-install", "-e", "s/PasswordAuthentication yes/PasswordAuthentication no/", "/etc/ssh/sshd_config" ]
+- [ "systemctl", "restart", "--no-block", "sshd" ]
+# Enable sudo without password
+- [ "sed", "-i.post-install", "-e", "s/^%wheel\tALL=(ALL)\tALL/%wheel  ALL=(ALL)       NOPASSWD: ALL/", "/etc/sudoers" ]