#cloud-config
# Example: create user (pi), enable SSH, then download and run first-boot.sh to install
# Chromium kiosk, rpd-labwc, and touch options. Edit FIRST_BOOT_URL to point to your
# hosted first-boot.sh (e.g. file server or raw GitHub).
#
# 1. Generate a password hash: mkpasswd -m sha-512 'YourPassword' or openssl passwd -6 'YourPassword'
#    Paste the full output into the passwd: line below.
# 2. Host first-boot.sh (same dir as this repo: cloud-init/first-boot.sh) at FIRST_BOOT_URL.
# 3. Optional: copy first-boot.conf.example to first-boot.conf, edit variables, and host it
#    as first-boot.conf; then add a runcmd line to download it to /tmp/first-boot.conf before
#    running first-boot.sh so the script loads your config.
# 4. To use a different username than "pi", set PI_USER in first-boot.conf and create that user below.
# 5. DNS: manage_resolv_conf: false and NM rc-manager=symlink so the device uses DNS from DHCP
#    (LXC option 6) and file.server resolves. See docs/DEVICE-DNS-DHCP-RESOLVCONF.md.

package_update: true
package_upgrade: false

# Do not overwrite /etc/resolv.conf; device will use DNS from DHCP (LXC sends option 6).
manage_resolv_conf: false

packages:
  - curl

users:
  - name: pi
    groups: [adm, sudo, video]
    lock_passwd: false
    passwd: "$6$7xWGhGc6d1lJx1dU$4E8r1mkzVj51bjEbfzdP8wPxso..C36LbXkqU/X4oBGq94aGFMSrZb0PVI8zs/Om1Jm97/D..Apy2HTdCn3FV1"
    shell: /bin/bash

write_files:
  - path: /etc/ssh/sshd_config.d/99-cloud-init.conf
    content: |
      PasswordAuthentication yes
      PermitRootLogin no

  # NetworkManager: manage resolv.conf via symlink so it gets DNS from DHCP (option 6 from LXC).
  - path: /etc/NetworkManager/conf.d/99-resolv-dhcp.conf
    content: |
      [main]
      rc-manager=symlink
    permissions: '0644'

runcmd:
  # Allow NM to manage resolv.conf with DHCP DNS (remove static file if present).
  - rm -f /etc/resolv.conf
  - systemctl restart NetworkManager || true
  - systemctl enable ssh
  - systemctl start ssh
  - curl -fsSL "http://10.20.50.1:5000/files/first-boot.sh" -o /tmp/first-boot.sh
  # Optional: download config to override FILE_SERVER, HOSTNAME, PACKAGES, etc.
  # - curl -fsSL "http://10.20.50.1:5000/files/first-boot.conf" -o /tmp/first-boot.conf
  - chmod +x /tmp/first-boot.sh
  - /tmp/first-boot.sh
  # - rm -f /tmp/first-boot.sh /tmp/first-boot.conf
  - cloud-init single --name cc_final_message