# =================================================================
#  Harmony Discovery Agent - Kickstart File (inventory.kickstart)
# =================================================================
#
# This Kickstart file configures the CentOS Stream 9 live environment.
# It does NOT install to disk. It sets up SSH for remote access
# and downloads and runs the harmony-inventory-agent.
#

# --- System Configuration
lang en_US.UTF-8
keyboard --xlayouts='us'
timezone America/New_York --isUtc

# --- Network Configuration
# Ensure the network is activated using DHCP.
network --bootproto=dhcp --device=link --activate

# --- Security Configuration
# Disable the firewall for this isolated provisioning network.
firewall --disabled
# Disable SELinux for simplicity in the live environment.
selinux --disabled
# Disable password-based root login for security.
rootpw --lock

# --- Service Configuration
# Ensure the SSH daemon is enabled.
services --enabled="sshd"

# We are running a live environment, so no disk partitioning.
# The 'liveimg' command would be used here if booting from a squashfs,
# but since we are booting from kernel/initrd, we just use the %post.

# Do not run the graphical initial setup wizard.
firstboot --disable

# --- Post-Boot Scripting
# This section runs after the live environment has booted into RAM.
%post --log=/root/ks-post.log

echo "Harmony Kickstart: Post-boot script started."

# 1. Configure SSH Access
# Create the .ssh directory and set correct permissions.
echo "  - Setting up SSH authorized_keys..."
mkdir -p /root/.ssh
chmod 700 /root/.ssh

# Download the public key and place it in authorized_keys.
curl -sSL "http://{{ gateway_ip }}:8080/{{ cluster_pubkey_filename }}" -o /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys

# SELinux context is handled by 'selinux --disabled' above,
# but if SELinux were enabled, this would be essential:
# restorecon -R /root/.ssh

# 2. Download the Harmony Inventory Agent
echo "  - Downloading harmony-inventory-agent..."
curl -sSL "http://{{ gateway_ip }}:8080/{{ harmony_inventory_agent }}" -o /usr/local/bin/harmony-inventory-agent
chmod +x /usr/local/bin/harmony-inventory-agent

# 3. Create a systemd service to run the agent persistently
echo "  - Creating systemd service for the agent..."
cat > /etc/systemd/system/harmony-agent.service << EOF
[Unit]
Description=Harmony Inventory Agent
After=network-online.target
Wants=network-online.target

[Service]
ExecStart=/usr/local/bin/harmony-inventory-agent
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

# 4. Enable and start the service
echo "  - Enabling and starting harmony-agent.service..."
systemctl daemon-reload
systemctl enable --now harmony-agent.service

echo "Harmony Kickstart: Post-boot script finished. The inventory agent is running."

curl localhost:8080/inventory | tee -a /tmp/harmony_inventory.json

%end

# Do not automatically reboot or poweroff.
# The machine should remain running for inventory scraping.