#cloud-config
hostname: ${hostname}
local-hostname: ${hostname}
fqdn: ${hostname}.${domain}
manage_etc_hosts: true

users:
  - default
  - name: ${hostname}
    groups: sudo
    shell: /bin/bash
    sudo: ALL=(ALL) NOPASSWD:ALL
    ssh_authorized_keys:
      - ${ssh_key}

disable_root: true

package_update: true
package_upgrade: false

packages:
  - git
  - nfs-common
  - curl
  - nginx

mounts:
  - [ "192.168.1.12:/main/backups", "/backups", "nfs", "defaults,_netdev,x-systemd.requires=network-online.target", "0", "0" ]

write_files:
  - path: /opt/environment/.env
    permissions: "0644"
    content: |
      ${env-file-content}
  - path: /opt/gateway/install-traefik.sh
    permissions: "0755"
    content: |
      ${install-traefik-script}
  - path: /opt/gateway/install-docker.sh
    permissions: "0755"
    content: |
      ${install-docker-script}
  - path: /opt/gateway/install-crowdsec.sh
    permissions: "0755"
    content: |
      ${install-crowdsec-script}
  - path: /etc/systemd/system/traefik.service
    permissions: "0755"
    content: |
      ${traefik-service}
  - path: /usr/share/nginx/error-pages/502.html
    permissions: "0644"
    content: |
      ${nginx-error-502}
  - path: /etc/nginx/sites-available/default
    permissions: "0644"
    content: |
      ${nginx-error-configuration}
  - path: /usr/local/bin/restore-backup.sh
    permissions: "0755"
    content: |
      ${restore-backup-script}
  - path: /etc/systemd/system/restore-backup.service
    permissions: "0644"
    content: |
      ${restore-backup-service}
  - path: /usr/local/bin/backup.sh
    permissions: "0755"
    content: | 
      ${create-backup-script}
  - path: /etc/systemd/system/create-backup.timer
    permissions: "0644"
    content: |
      ${create-backup-timer}
  - path: /etc/systemd/system/create-backup.service
    permissions: "0644"
    content: |
      ${create-backup-service}

bootcmd:
  - hostnamectl set-hostname ${hostname}

runcmd:
  # Backup setup
  - mkdir -p /backups
  - mount -t nfs ${proxmox_host_ip}:/main/backups /backups
  - systemctl enable --now create-backup.timer
  # Crowdsec / Terraform setup
  - /opt/gateway/install-docker.sh
  - /opt/gateway/install-crowdsec.sh
  - /opt/gateway/install-traefik.sh
  - ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled
  - systemctl start nginx.service
  - systemctl start restore-backup

final_message: |
  Base system ready for ${hostname}