#cloud-config
# vim:syntax=yaml

growpart:
  mode: auto
  devices: ['/']

{{- if .UpgradePackages }}
package_update: true
package_upgrade: true
package_reboot_if_required: true
{{- end }}

{{- if or (eq .MountType "9p") (eq .MountType "virtiofs") }}
{{- if .Mounts }}
mounts:
  {{- range $m := $.Mounts}}
- [{{$m.Tag}}, {{$m.MountPoint}}, {{$m.Type}}, "{{$m.Options}}", "0", "0"]
  {{- end }}
{{- end }}
{{- end }}

{{- if .TimeZone }}
timezone: {{.TimeZone}}
{{- end }}

users:
  - name: "{{.User}}"
    uid: "{{.UID}}"
    homedir: "{{.Home}}"
    shell: /bin/bash
    sudo: ALL=(ALL) NOPASSWD:ALL
    lock_passwd: true
    ssh-authorized-keys:
    {{- range $val := .SSHPubKeys }}
      - {{ printf "%q" $val }}
    {{- end }}

write_files:
 - content: |
      #!/bin/sh
      set -eux
      LIMA_CIDATA_MNT="/mnt/lima-cidata"
      LIMA_CIDATA_DEV="/dev/disk/by-label/cidata"
      mkdir -p -m 700 "${LIMA_CIDATA_MNT}"
      mount -o ro,mode=0700,dmode=0700,overriderockperm,exec,uid=0 "${LIMA_CIDATA_DEV}" "${LIMA_CIDATA_MNT}"
      export LIMA_CIDATA_MNT
      exec "${LIMA_CIDATA_MNT}"/boot.sh
   owner: root:root
   path: /var/lib/cloud/scripts/per-boot/00-lima.boot.sh
   permissions: '0755'

{{- if .DNSAddresses }}
# This has no effect on systems using systemd-resolved, but is used
# on e.g. Alpine to set up /etc/resolv.conf on first boot.

manage_resolv_conf: true

resolv_conf:
  nameservers:
  {{- range $ns := $.DNSAddresses }}
  - {{$ns}}
  {{- end }}
{{- end }}

{{ with .CACerts }}
ca_certs:
  remove_defaults: {{ .RemoveDefaults }}
  {{- if .Trusted}}
  trusted:
  {{- range $cert := .Trusted }}
  - |
    {{- range $line := $cert.Lines }}
    {{ $line }}
    {{- end }}
  {{- end }}
  {{- end }}
{{- end }}

{{- if .BootCmds }}
bootcmd:
  {{- range $cmd := $.BootCmds }}
- |
    {{- range $line := $cmd.Lines }}
  {{ $line }}
    {{- end }}
  {{- end }}
{{- end }}
