From 90313610597dbdce93b75094cf04af09c79ac374 Mon Sep 17 00:00:00 2001
From: Ada <ada@gnous.eu>
Date: Sat, 23 Mar 2024 22:55:44 +0100
Subject: [PATCH] Make alma linux install rootless

---
 packer/alma/alma-9.pkr.hcl | 13 +++++++++----
 packer/alma/http/ks.cfg    |  9 +++++++--
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/packer/alma/alma-9.pkr.hcl b/packer/alma/alma-9.pkr.hcl
index e9c2b87..0cc2b16 100644
--- a/packer/alma/alma-9.pkr.hcl
+++ b/packer/alma/alma-9.pkr.hcl
@@ -11,7 +11,6 @@ packer {
   }
 }
 
-
 variable "proxmox_user" {
   type = string
   default = "packer"
@@ -42,9 +41,15 @@ variable "ssh_password" {
     default = null
 }
 
+variable "ssh_user" {
+  type    = string
+  default = null
+}
+
+
 source "proxmox-iso" "alma-9" {
     http_content = {
-      "/ks.cfg" = templatefile("http/ks.cfg", { grub_password = var.grub_password_crypt, password_crypt = var.ssh_password_crypt })
+      "/ks.cfg" = templatefile("http/ks.cfg", { grub_password = var.grub_password_crypt, password_crypt = var.ssh_password_crypt, user = var.ssh_user,  })
     }
     
 
@@ -93,8 +98,8 @@ source "proxmox-iso" "alma-9" {
     username             = "${var.proxmox_user}"
     token                = "${var.proxmox_token}"
     proxmox_url          = "${var.proxmox_url}/api2/json"
-    ssh_username         = "root"
-    ssh_password         = "${var.ssh_password}"
+    ssh_username         = "${var.ssh_user}"
+    ssh_private_key_file = "~/.ssh/id_ed25519"
     ssh_timeout          = "15m"
     template_description = "Alma Linux 9 build by packer on ${timestamp()}"
     template_name        = "alma-9-r4"
diff --git a/packer/alma/http/ks.cfg b/packer/alma/http/ks.cfg
index 102ad47..c243df8 100644
--- a/packer/alma/http/ks.cfg
+++ b/packer/alma/http/ks.cfg
@@ -35,6 +35,7 @@ part /boot --fstype=xfs --onpart=vda3
 part / --fstype=xfs --onpart=vda4
 
 rootpw ${password_crypt} --iscrypted
+user --name=${user} --password=${password_crypt} --groups=wheel --iscrypted
 
 reboot
 
@@ -60,7 +61,11 @@ cloud-init
 
 grub2-install --target=i386-pc /dev/vda
 
-# permit root login via SSH with password authetication
-echo "PermitRootLogin yes" > /etc/ssh/sshd_config.d/01-permitrootlogin.conf
+mkdir -m0700 /home/${user}/.ssh/
+cat <<EOF >/home/${user}/.ssh/authorized_keys
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILBPOnqmExTKt8OceAq9K4d/MkVu4WsU+sqiEV7KbtyH
+EOF
+chmod 0600 /home/${user}/.ssh/authorized_keys
+chown -R ${user}:${user} /home/${user}/.ssh
 
 %end
\ No newline at end of file