Add nuc10i5fnh

Author: taylorific

autoinstall/snuc/nuc10i5fnh/ubuntu-desktop-2404/dual-boot/README.md

@@ -0,0 +1,31 @@
+```
+$ curl -LO https://releases.ubuntu.com/24.04.3/ubuntu-24.04.3-desktop-amd64.iso
+$ shasum -a 256 ubuntu-24.04.3-desktop-amd64.iso
+faabcf33ae53976d2b8207a001ff32f4e5daae013505ac7188c9ea63988f8328  ubuntu-24.04.3-desktop-amd64.iso
+
+docker run -it --rm \
+  --mount type=bind,source="$(pwd)",target=/data \
+  docker.io/boxcutter/ubuntu-autoinstall \
+  --source ubuntu-24.04.3-desktop-amd64.iso \
+  --autoinstall autoinstall.yaml \
+  --destination ubuntu-24.04.3-desktop-amd64-autoinstall.iso \
+  --grub grub.cfg \
+  --loopback loopback.cfg \
+  --config-root
+```
+
+```
+docker container run --rm --interactive --tty \
+  --mount type=bind,source="$(pwd)/test",target=/share \
+  docker.io/boxcutter/cinc-auditor exec example \
+    --key-files /Users/taylor/.ssh/id_ed25519 \
+    --target ssh://autobot@10.63.33.125
+
+docker container run --rm --interactive --tty \
+  --mount type=bind,source="$(pwd)",target=/share \
+  docker.io/boxcutter/cinc-auditor exec /share/test \
+    --no-create-lockfile \
+    --no-distinct-exit \
+    --password superseekret \
+    --target ssh://autobot@10.63.33.171
+```

autoinstall/snuc/nuc10i5fnh/ubuntu-desktop-2404/dual-boot/autoinstall.yaml

@@ -0,0 +1,217 @@
+#cloud-config
+autoinstall:
+  version: 1
+  source:
+    search_drivers: true
+    id: ubuntu-desktop-minimal
+  # https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2097769
+  network:
+    version: 2
+    ethernets:
+      eno1:
+        dhcp4: false
+        dhcp6: false
+        optional: true
+      wlp0s20f3:
+        dhcp4: true
+        dhcp6: false
+        optional: true
+    bridges:
+      br0:
+        interfaces:
+          - eno1
+        dhcp4: true
+        dhcp6: false
+        accept-ra: false
+        link-local: []
+        parameters:
+          stp: false
+          forward-delay: 0
+  storage:
+    config:
+    - ptable: gpt
+      serial: WDC_WDS200T2B0B-00YS70_21044J800564
+      wwn: '0x5001b448be743398'
+      path: /dev/sda
+      preserve: true
+      name: ''
+      grub_device: false
+      id: disk-sda
+      type: disk
+    - device: disk-sda
+      size: 104857600
+      flag: boot
+      number: 1
+      preserve: true
+      grub_device: true
+      offset: 1048576
+      partition_type: c12a7328-f81f-11d2-ba4b-00a0c93ec93b
+      path: /dev/sda1
+      uuid: 78fa767e-7d35-4893-b5ed-4341d691e18a
+      id: partition-sda1
+      type: partition
+    - device: disk-sda
+      size: 16777216
+      flag: msftres
+      number: 2
+      preserve: true
+      grub_device: false
+      offset: 105906176
+      partition_type: e3c9e316-0b5c-4db8-817d-f92df00215ae
+      path: /dev/sda2
+      uuid: 6d2cd641-68da-4a93-9c8d-8eb634887988
+      id: partition-sda2
+      type: partition
+    - device: disk-sda
+      size: 949364981760
+      number: 3
+      preserve: true
+      grub_device: false
+      offset: 122683392
+      partition_type: ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
+      path: /dev/sda3
+      uuid: 033b2f8e-ccce-4502-849b-e2148d30b3eb
+      id: partition-sda3
+      type: partition
+    - device: disk-sda
+      size: 781189120
+      number: 4
+      preserve: true
+      grub_device: false
+      offset: 949487665152
+      partition_type: de94bba4-06d1-4d40-a16a-bfd50179d6ac
+      path: /dev/sda4
+      uuid: 2943b597-e9f3-4c24-a346-9c1e805060e7
+      id: partition-sda4
+      type: partition
+    - device: disk-sda
+      size: 1017118720
+      number: 5
+      preserve: true
+      grub_device: false
+      offset: 950269902848
+      partition_type: de94bba4-06d1-4d40-a16a-bfd50179d6ac
+      path: /dev/sda5
+      uuid: 6b313691-6b88-4623-a156-537604c63719
+      id: partition-sda5
+      type: partition
+    - device: disk-sda
+      size: 1049110773760
+      wipe: superblock
+      number: 6
+      preserve: false
+      offset: 951287021568
+      path: /dev/sda6
+      id: partition-0
+      type: partition
+    - fstype: ext4
+      volume: partition-0
+      preserve: false
+      id: format-0
+      type: format
+    - path: /
+      device: format-0
+      id: mount-1
+      type: mount
+    - fstype: vfat
+      volume: partition-sda1
+      preserve: true
+      id: format-partition-sda1
+      type: format
+    - path: /boot/efi
+      device: format-partition-sda1
+      id: mount-0
+      type: mount
+  timezone: UTC
+  locale: en_US.UTF-8
+  keyboard:
+    layout: us
+  kernel:
+    flavor: hwe
+  updates: all
+  ssh:
+    install-server: true
+    allow-pw: true
+  apt:
+    preserve_sources_list: false
+    mirror-selection:
+      primary:
+        # http://archive.ubuntu.com/ubntu
+        - uri: "https://crake-nexus.org.boxcutter.net/repository/ubuntu-archive-apt-proxy/ubuntu"
+          arches: [i386, amd64]
+        # http://ports.ubuntu.com/ubuntu-ports
+        - uri: "https://crake-nexus.org.boxcutter.net/repository/ubuntu-ports-proxy/ubuntu-ports"
+          arches: [s390x, arm64, armhf, powerpc, ppc64el, riscv64]
+  late-commands:
+    # Because we're using preserve_hostname to allow manual setting of the
+    # hostname, set an initial hostname manually - the identity block requires
+    # a username and it doesn't support flexible enough configuration
+    # NOTE: 'curtin in-target' doesn't invoke a shell, so you need to run
+    # commands within a shell that need redirection.
+    - curtin in-target -- sh -c 'echo wendy-NUC10i5FNH > /etc/hostname'
+    # Seed the already ran marker for gnome-initial-setup so new users inherit
+    - curtin in-target -- mkdir -p /etc/skel/.config
+    - curtin in-target -- touch /etc/skel/.config/gnome-initial-setup-done
+    # Run updates at our own cadence
+    - curtin in-target -- systemctl disable apt-daily.timer
+    - curtin in-target -- systemctl disable apt-daily-upgrade.timer
+    - curtin in-target -- systemctl mask apt-daily.service
+    - curtin in-target -- systemctl mask apt-daily-upgrade.service
+    - curtin in-target -- sh -c 'sed -i "s/^APT::Periodic::Update-Package-Lists.*/APT::Periodic::Update-Package-Lists \"0\";/g" /etc/apt/apt.conf.d/20auto-upgrades'
+    - curtin in-target -- sh -c 'sed -i "s/^APT::Periodic::Unattended-Upgrade.*/APT::Periodic::Unattended-Upgrade \"0\";/g" /etc/apt/apt.conf.d/20auto-upgrades'
+    - curtin in-target -- sh -c 'sed -i "s/^APT::Periodic::.Download-Upgradeable-Packages */APT::Periodic::Download-Upgradeable-Packages \"0\";/g" /etc/apt/apt.conf.d/20auto-upgrades'
+    - curtin in-target -- sh -c 'sed -i "s/^APT::Periodic::.AutocleanInterval */APT::Periodic::AutocleanInterval \"0\";/g" /etc/apt/apt.conf.d/20auto-upgrades'
+    - curtin in-target -- sh -c 'snap refresh --hold || true'
+    - curtin in-target -- sh -c 'echo "Hidden=true" >> /etc/xdg/autostart/update-notifier.desktop'
+    - curtin in-target -- systemctl disable update-notifier-download.timer || true
+    - curtin in-target -- systemctl disable update-notifier-motd.timer || true
+  user-data: # cloud-init starts here
+    preserve_hostname: true
+    users:
+      # Temporary user used for initial bootstrapping with CM tool
+      - name: autobot
+        uid: 63112
+        primary_group: users
+        groups: users
+        shell: /bin/bash
+        # Testing with a plaintext password
+        plain_text_passwd: superseekret
+        # Replace with your generated salted SHA-512 hash using 'openssl passwd -6'
+        # passwd: "$6$W32sh2s3EDp01J$ajF/6iHYX1Ef2pF5mPi..zBFiU4Qzvnif.hT2MB.dZ9mSx6txdPiz..."
+        sudo: ALL=(ALL) NOPASSWD:ALL
+        lock_passwd: false
+        ssh_authorized_keys:
+          # taylor
+          - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWerEkujoB7ipGnWJwnPGFu3DuUQJtc1zB6YqjGRziE sheila
+          - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINRK4hkcpUiaSkiLEytgwMYcKylBioXPLx1TnwJFrLPl mahowald
+    chpasswd: {expire: false}
+    ssh_pwauth: true
+    # DBus doesn't appear to be active in late-commands, so wait to configure
+    # power saving defaults until cloud-init time, plus cloud-init has
+    # a nice module to write out files
+    write_files:
+      # Configure system-wide defaults to disable screen blanking
+      - path: /etc/dconf/db/local.d/00-screensaver
+        content: |
+          [org/gnome/desktop/session]
+          idle-delay=uint32 0
+
+          [org/gnome/desktop/screensaver]
+          lock-enabled=false
+          idle-activation-enabled=false
+
+          [org/gnome/settings-daemon/plugins/power]
+          sleep-inactive-ac-type="nothing"
+          sleep-inactive-battery-type="nothing"
+          idle-dim=false
+      # Configure system to refer to user settings in ~/.config/dconf/user
+      # database first, then look for system-wide defaults in
+      # /etc/dconf/db/local
+      - path: /etc/dconf/profile/user
+        content: |
+          user-db:user
+          system-db:local
+    runcmd:
+      # Update the GNOME system database with the changes to /etc/dconf
+      # above 
+      - dconf update

autoinstall/snuc/nuc10i5fnh/ubuntu-desktop-2404/dual-boot/grub.cfg

@@ -0,0 +1,30 @@
+set timeout=30
+
+loadfont unicode
+
+set menu_color_normal=white/black
+set menu_color_highlight=black/light-gray
+
+menuentry "Ubuntu Desktop Autoinstalll" {
+	set gfxpayload=keep
+	linux	/casper/vmlinuz autoinstall  --- quiet splash
+	initrd	/casper/initrd
+}
+menuentry "Ubuntu (safe graphics)" {
+	set gfxpayload=keep
+	linux	/casper/vmlinuz nomodeset  --- quiet splash
+	initrd	/casper/initrd
+}
+grub_platform
+if [ "$grub_platform" = "efi" ]; then
+menuentry 'Boot from next volume' {
+	exit 1
+}
+menuentry 'UEFI Firmware Settings' {
+	fwsetup
+}
+else
+menuentry 'Test memory' {
+	linux16 /boot/memtest86+x64.bin
+}
+fi

autoinstall/snuc/nuc10i5fnh/ubuntu-desktop-2404/dual-boot/loopback.cfg

@@ -0,0 +1,11 @@
+
+menuentry "Try or Install Ubuntu" {
+	set gfxpayload=keep
+	linux	/casper/vmlinuz  iso-scan/filename=${iso_path} --- quiet splash
+	initrd	/casper/initrd
+}
+menuentry "Ubuntu (safe graphics)" {
+	set gfxpayload=keep
+	linux	/casper/vmlinuz nomodeset  iso-scan/filename=${iso_path} --- quiet splash
+	initrd	/casper/initrd
+}

autoinstall/snuc/nuc10i5fnh/ubuntu-desktop-2404/dual-boot/test/controls/ubuntu.rb

@@ -0,0 +1,53 @@
+describe package('openssh-server') do
+  it { should be_installed }
+end
+
+target_user = input('target_user', value: 'autobot')
+
+control 'gsettings-available' do
+  impact 1.0
+  title 'gsettings binary and required schemas exist'
+  desc  'Ensure gsettings is present and the GNOME schemas we query are available'
+
+  describe command('which gsettings') do
+    its('exit_status') { should eq 0 }
+  end
+
+  # Check schemas exist (skip tests if not)
+  %w[
+    org.gnome.desktop.session
+    org.gnome.desktop.screensaver
+    org.gnome.settings-daemon.plugins.power
+  ].each do |schema|
+    describe command("sudo -iu #{target_user} gsettings list-schemas | grep -Fx '#{schema}'") do
+      its('exit_status') { should eq 0 }
+    end
+  end
+end
+
+control 'gnome-screensaver-and-power-settings' do
+  impact 1.0
+  title 'Verify GNOME idle/screensaver/power settings via gsettings'
+  only_if('gsettings not found') { command('which gsettings').exit_status == 0 }
+
+  checks = [
+    # schema, key, expected stdout (exactly as gsettings prints it)
+    ['org.gnome.desktop.session',                    'idle-delay',                 'uint32 0'],
+    ['org.gnome.desktop.screensaver',                'lock-enabled',               'false'],
+    ['org.gnome.desktop.screensaver',                'idle-activation-enabled',    'false'],
+    ['org.gnome.settings-daemon.plugins.power',      'sleep-inactive-ac-type',     "'nothing'"],
+    ['org.gnome.settings-daemon.plugins.power',      'sleep-inactive-battery-type',"'nothing'"],
+    ['org.gnome.settings-daemon.plugins.power',      'idle-dim',                   'false'],
+  ]
+
+  checks.each do |schema, key, expected|
+    desc_str = "#{schema} #{key} should be #{expected}"
+    describe(desc_str) do
+      cmd = command("sudo -iu #{target_user} gsettings get #{schema} #{key}")
+      it "has expected value (#{expected})" do
+        expect(cmd.exit_status).to eq(0)
+        expect(cmd.stdout.strip).to eq(expected)
+      end
+    end
+  end
+end