From 371aa306d9213cc670ab100e411298b76a795597 Mon Sep 17 00:00:00 2001
From: Michael Wilson <mw@ciphron.de>
Date: Tue, 22 Nov 2022 19:53:55 +0100
Subject: [PATCH] add hetzner autoinstall role

---
 hetzner/autoinstall/defaults/main.yml     |  3 ++
 hetzner/autoinstall/files/post-install.sh | 46 +++++++++++++++++++++++
 hetzner/autoinstall/tasks/main.yml        | 18 +++++++++
 hetzner/autoinstall/templates/setup.conf  |  8 ++++
 hetzner/autoinstall/vars/main.yml         |  3 ++
 5 files changed, 78 insertions(+)
 create mode 100644 hetzner/autoinstall/defaults/main.yml
 create mode 100644 hetzner/autoinstall/files/post-install.sh
 create mode 100644 hetzner/autoinstall/tasks/main.yml
 create mode 100644 hetzner/autoinstall/templates/setup.conf
 create mode 100644 hetzner/autoinstall/vars/main.yml

diff --git a/hetzner/autoinstall/defaults/main.yml b/hetzner/autoinstall/defaults/main.yml
new file mode 100644
index 0000000..3376b0d
--- /dev/null
+++ b/hetzner/autoinstall/defaults/main.yml
@@ -0,0 +1,3 @@
+autoinstall_image: /root/images/Debian-1105-bullseye-amd64-base.tar.gz
+autoinstall_disk_encryption_secret: secret
+autoinstall_authorized_keys_src: .ssh/id_rsa.pub
diff --git a/hetzner/autoinstall/files/post-install.sh b/hetzner/autoinstall/files/post-install.sh
new file mode 100644
index 0000000..fe144aa
--- /dev/null
+++ b/hetzner/autoinstall/files/post-install.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+
+add_rfc3442_hook() {
+  cat << EOF > /etc/initramfs-tools/hooks/add-rfc3442-dhclient-hook
+#!/bin/sh
+
+PREREQ=""
+
+prereqs()
+{
+        echo "\$PREREQ"
+}
+
+case \$1 in
+prereqs)
+        prereqs
+        exit 0
+        ;;
+esac
+
+if [ ! -x /sbin/dhclient ]; then
+        exit 0
+fi
+
+. /usr/share/initramfs-tools/scripts/functions
+. /usr/share/initramfs-tools/hook-functions
+
+mkdir -p \$DESTDIR/etc/dhcp/dhclient-exit-hooks.d/
+cp -a /etc/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes \$DESTDIR/etc/dhcp/dhclient-exit-hooks.d/
+EOF
+
+  chmod +x /etc/initramfs-tools/hooks/add-rfc3442-dhclient-hook
+}
+
+
+# Install hook
+add_rfc3442_hook
+
+# Copy SSH keys for dropbear
+mkdir -p /etc/dropbear-initramfs
+cp -a /root/.ssh/authorized_keys /etc/dropbear-initramfs/authorized_keys
+
+# Update system
+apt-get update >/dev/null
+apt-get -y install cryptsetup-initramfs dropbear-initramfs
diff --git a/hetzner/autoinstall/tasks/main.yml b/hetzner/autoinstall/tasks/main.yml
new file mode 100644
index 0000000..995d8bc
--- /dev/null
+++ b/hetzner/autoinstall/tasks/main.yml
@@ -0,0 +1,18 @@
+- name: copy setup.conf template
+  template:
+    src: setup.conf
+    dest: "{{ autoinstall_setup_conf_dest }}"
+
+- name: copy post install script
+  copy:
+    src: post-install.sh
+    dest: "{{ post_install_dest }}"
+    owner: root
+    mode: "0755"
+
+- name: copy authorized_keys
+  src: "{{ autoinstall_authorized_keys_src }}"
+  dest: "{{ autoinstall_authorized_keys_dest }}"
+
+- name: run autoinstall
+  command: "installimage -a -c {{ setup_conf_dest }} -x {{ post_install_dest }}"
diff --git a/hetzner/autoinstall/templates/setup.conf b/hetzner/autoinstall/templates/setup.conf
new file mode 100644
index 0000000..c16134a
--- /dev/null
+++ b/hetzner/autoinstall/templates/setup.conf
@@ -0,0 +1,8 @@
+CRYPTPASSWORD {{ autoinstall_disk_encryption_secret }}
+DRIVE1 /dev/sda
+BOOTLOADER grub
+HOSTNAME {{ autoinstall_hostname }}
+PART /boot ext4 1G
+PART /     ext4 all crypt
+IMAGE {{ autoinstall_image }}
+SSHKEYS_URL {{ autoinstall_authorized_keys_dest }}
diff --git a/hetzner/autoinstall/vars/main.yml b/hetzner/autoinstall/vars/main.yml
new file mode 100644
index 0000000..b3efc70
--- /dev/null
+++ b/hetzner/autoinstall/vars/main.yml
@@ -0,0 +1,3 @@
+autoinstall_authorized_keys_dest: /tmp/authorized_keys
+setup_conf_dest: /tmp/setup.conf
+post_install_dest: /tmp/post-install.sh