tegwick
9bc761c2b5
Packer build definition, cloud-init autoinstall, GHCup toolchain script, boot-time registration agent (state-hub + autossh dual tunnel), systemd unit, key injection, remote-build Makefile, smoke test, and deployment README. All 15 tasks complete. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
57 lines
1.4 KiB
Plaintext
57 lines
1.4 KiB
Plaintext
#cloud-config
|
|
autoinstall:
|
|
version: 1
|
|
locale: en_US.UTF-8
|
|
keyboard:
|
|
layout: us
|
|
|
|
timezone: Europe/Berlin
|
|
|
|
storage:
|
|
layout:
|
|
name: lvm
|
|
sizing-policy: all
|
|
|
|
identity:
|
|
hostname: haskell-build
|
|
username: build
|
|
# Password "build" — only used during Packer provisioning.
|
|
# SSH password auth is disabled post-install; key-only access.
|
|
password: "$6$rounds=4096$saltsalt$YQvhEBfODCjg4i7ORlYsIJfIpM3bFSGx3QWxJ8DqZvHCIKcMmOYa0N3KQj6SHvHYjjKZaX9FPqc9dLiNLsVA."
|
|
|
|
ssh:
|
|
install-server: true
|
|
allow-pw: true # needed for Packer SSH communicator during build
|
|
|
|
packages:
|
|
- build-essential
|
|
- curl
|
|
- git
|
|
- libgmp-dev
|
|
- libffi-dev
|
|
- zlib1g-dev
|
|
- libncurses-dev
|
|
- libtinfo-dev
|
|
- pkg-config
|
|
- openssh-server
|
|
- autossh
|
|
- jq
|
|
- rsync
|
|
- python3
|
|
|
|
user-data:
|
|
users:
|
|
- name: build
|
|
groups: sudo
|
|
shell: /bin/bash
|
|
sudo: ALL=(ALL) NOPASSWD:ALL
|
|
lock_passwd: false
|
|
|
|
late-commands:
|
|
# Disable password authentication for SSH (key-only after provisioning)
|
|
- sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' /target/etc/ssh/sshd_config
|
|
- sed -i 's/^#*PubkeyAuthentication.*/PubkeyAuthentication yes/' /target/etc/ssh/sshd_config
|
|
# Create /build directory for remote builds
|
|
- mkdir -p /target/build
|
|
- chown 1000:1000 /target/build
|