openbsd: add site.tgz to further customize the installation

2 files changed, 23 insertions, 2 deletions

diff --git a/roles/installer/openbsd/autoinstall/templates/auto_install.conf.j2 b/roles/installer/openbsd/autoinstall/templates/auto_install.conf.j2
index 46a87cc8..18e85a80 100644
--- a/roles/installer/openbsd/autoinstall/templates/auto_install.conf.j2
+++ b/roles/installer/openbsd/autoinstall/templates/auto_install.conf.j2
@@ -16,9 +16,9 @@ Change the default console to {{ obsd_autoinstall_serial_device }} = yes
 Which speed should {{ obsd_autoinstall_serial_device }} use = {{ obsd_autoinstall_tty_serial | default(115200) }}
 {% endif %}
 
-{# TODO: what if there are more than one ssh keys? #}
+{# we will install only one key for now, install.site will install the rest #}
 Public ssh key for root account = {{ ssh_keys_root[0] }}
-Password for root = !
+Password for root = this-very-very-secure-password-will-be-overwritten-by-install.site
 Setup a user = no
 Start sshd(8) by default = yes
 Allow root ssh login = prohibit-password
diff --git a/roles/installer/openbsd/autoinstall/templates/install.site.j2 b/roles/installer/openbsd/autoinstall/templates/install.site.j2
new file mode 100644
index 00000000..f4f9524d
--- /dev/null
+++ b/roles/installer/openbsd/autoinstall/templates/install.site.j2
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+## TODO: enable this once we know how this works
+## echo "Generating random root pasword"
+## openssl rand -base64 24 | passwd root
+
+echo "Installing SSH keys for root"
+cat <<EOF > /root/.ssh/authorized_keys
+{{ ssh_keys_root | join('\n') }}
+EOF
+
+{% if hostvars[hostname].ansible_port is defined %}
+echo "Setting SSH port to {{ hostvars[hostname].ansible_port }}"
+sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[hostname].ansible_port }}/' -i /etc/ssh/sshd_config
+{% endif %}
+
+echo "Installing python"
+pkg_add -Im python%3.7
+
+
+rm /install.site