merge with tf-debian-vm

debian/files/cloud_init.cfg.tftpl

@@ -0,0 +1,53 @@
+#cloud-config
+hostname: "${name}"
+manage_etc_hosts: true
+disable_root: false
+timezone: Europe/Amsterdam
+
+ssh_authorized_keys:
+%{ for key in admin_authorized_keys ~}
+  - "${key}"
+%{ endfor ~}
+
+%{ if insecure_password }
+chpasswd:
+  list: |
+    root:root
+  expire: False
+ssh_pwauth: true
+%{ else }
+ssh_pwauth: false
+%{ endif }
+
+%{ if use_host_cert }
+ssh_keys:
+  ed25519_private: |
+    ${indent(4, private_key)}
+  ed25519_certificate: "${host_cert}"
+%{ endif}
+
+write_files:
+- path: /etc/default/locale
+  content: |
+    LC_ALL=en_US.UTF-8
+    LANG=en_US.UTF-8
+- path: /etc/locale.gen
+  content: |
+    en_US.UTF-8 UTF-8
+
+runcmd:
+- dhclient -r
+- dhclient
+- locale-gen
+
+%{ if data_share != "" }
+mounts:
+- ["data", "${data_share}", "9p", "trans=virtio,rw", "0", "0"]
+%{ endif }
+
+%{ if fixed_dns != "" }
+manage_resolv_conf: true
+resolv_conf:
+  nameservers:
+    - "${fixed_dns}"
+%{ endif }

debian/files/get_cert.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+eval "$(jq -r '@sh "PUBKEY=\(.pubkey) HOST=\(.host) CAHOST=\(.cahost) CASCRIPT=\(.cascript) CAKEY=\(.cakey)"')"
+
+# TODO: Can this be done more eye-pleasingly?
+set +e
+CERT=$(ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@$CAHOST '"'"$CASCRIPT"'" host "'"$CAKEY"'" "'"$PUBKEY"'" "'"$HOST"'".dmz')
+retval=$?
+set -e
+
+if [ retval -neq 0 ]; then
+	CERT=""
+fi
+
+jq -n --arg cert "$CERT" '{"cert":$cert}'

debian/files/network_config.cfg.tftpl

@@ -0,0 +1,16 @@
+version: 2
+ethernets:
+  ens:
+    match:
+      name: ens*
+%{ if fixed_address != "" }
+    dhcp4: false
+    addresses:
+      - "${fixed_address}"
+%{ else }
+    dhcp4: true
+%{ endif }
+    dhcp4: true
+    routes:
+    - to: 0.0.0.0/0
+      via: 192.168.30.1