#cloud-config
autoinstall:
  version: 1
  locale: en_US.UTF-8
  keyboard:
    layout: us

  timezone: Europe/Berlin

  storage:
    layout:
      name: lvm
      sizing-policy: all

  identity:
    hostname: haskell-build
    username: build
    # Password "build" — only used during Packer provisioning.
    # SSH password auth is disabled post-install; key-only access.
    password: "$6$rounds=4096$saltsalt$YQvhEBfODCjg4i7ORlYsIJfIpM3bFSGx3QWxJ8DqZvHCIKcMmOYa0N3KQj6SHvHYjjKZaX9FPqc9dLiNLsVA."

  ssh:
    install-server: true
    allow-pw: true  # needed for Packer SSH communicator during build

  packages:
    - build-essential
    - curl
    - git
    - libgmp-dev
    - libffi-dev
    - zlib1g-dev
    - libncurses-dev
    - libtinfo-dev
    - pkg-config
    - openssh-server
    - autossh
    - jq
    - rsync
    - python3

  user-data:
    users:
      - name: build
        groups: sudo
        shell: /bin/bash
        sudo: ALL=(ALL) NOPASSWD:ALL
        lock_passwd: false

  late-commands:
    # Disable password authentication for SSH (key-only after provisioning)
    - sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' /target/etc/ssh/sshd_config
    - sed -i 's/^#*PubkeyAuthentication.*/PubkeyAuthentication yes/' /target/etc/ssh/sshd_config
    # Create /build directory for remote builds
    - mkdir -p /target/build
    - chown 1000:1000 /target/build
