#cloud-config
# vim: ft=yaml

bootcmd:
  - cat /etc/resolv.conf
  - uname -r
  - timedatectl set-ntp 1
  - timedatectl set-timezone Europe/Bratislava
  - systemctl disable --now dnf-makecache.timer
  - systemctl stop systemd-resolved
  - echo "nameserver 8.8.8.8" > /etc/resolv.conf
  - dnf config-manager --set-disabled fedora-cisco-openh264
  - dnf config-manager --set-enabled updates updates-testing
  - sed -i "s/ext4 * defaults *1 1/ext4 noatime 0 0/" /etc/fstab
  - sleep 10

runcmd:
  - cat /etc/resolv.conf
  - uname -r
  - timedatectl set-ntp 1
  - timedatectl set-timezone Europe/Bratislava
  - systemctl disable --now dnf-makecache.timer
  - dnf config-manager --set-enabled updates updates-testing
  - dnf upgrade --refresh -y
  - dnf distro-sync -y
  - dnf clean all
  - sed -i "s/ext4 * defaults *1 1/ext4 noatime 0 0/" /etc/fstab
  - touch /.plsgo

write_files:
  - content: |
      [main]
      gpg_check=1
      installonly_limit=2
      clean_requirements_on_remove=True
      fastestmirror=True
      max_parallel_downloads=7
    path: /etc/dnf/dnf.conf
    owner: root:root
    permissions: '0644'

ssh_pwauth: true
chpasswd:
  list: |
     root:1234
  expire: false

users:
  - name: overlord
    ssh_authorized_keys:
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    shell: /bin/bash
    groups: wheel
  - name: root
    ssh_authorized_keys:
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL
  - name: ansible
    ssh_authorized_keys:
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL
      # the tf-ansible key
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9JEzfMs+O6I5JYRQ+gHWClvCqaNTdop8ncDeSj+RWs
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    shell: /bin/bash
    groups: wheel

ssh_publish_hostkeys:
  enabled: false
ssh:
  emit_keys_to_console: false

# hostname is set based on main.tf variables
preserve_hostname: false
fqdn: ${hostname}.${domainname}
hostname: ${hostname}


# reboot after fqdn is set to update the info in libvirt's dnsmasq
power_state:
  delay: "+1"
  mode: reboot
  condition: true
  timeout: 120  # seconds

packages:
  - vim
  - gcc
  - lld
  - golang
  - htop
  - kernel-devel
  - kernel-headers
  - nmap
  # use python3 instead of python39 or similar; python3 is certain to point to
  # the latest python version available in the repositories (apart from
  # python3-devel perhaps)
  - python3  # for ansible
  - "@security-lab"
  - sudo
  - tcpdump
  - tcpflow
  - tcptrack

package_upgrade: true
package_reboot_if_required: true