From 420f6ca62f50dbada514fa03c7a136a389cc95fe Mon Sep 17 00:00:00 2001
From: juvdiaz <juvenal.diaz@oracle.com>
Date: Tue, 26 May 2026 14:42:30 -0600
Subject: [PATCH] Fix Pimox template post-install boot

---
 bootstrap/provisioning/main.tf                   | 16 +++++++++++++---
 .../templates/golden-node-prepare.sh.tftpl       |  1 +
 .../provisioning/templates/preseed.cfg.tftpl     |  2 +-
 bootstrap/provisioning/variables.tf              |  2 +-
 4 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/bootstrap/provisioning/main.tf b/bootstrap/provisioning/main.tf
index 2540333..3684e2f 100644
--- a/bootstrap/provisioning/main.tf
+++ b/bootstrap/provisioning/main.tf
@@ -124,7 +124,7 @@ resource "null_resource" "pimox_template_vm_create" {
     pimox_user       = var.pimox_user
     ssh_key_path     = var.pimox_ssh_key_path
     qm_bin           = var.pimox_qm_bin
-    builder_version  = "3"
+    builder_version  = "4"
     vmid             = tostring(var.pimox_template_vmid)
     name             = var.pimox_template_name
     cores            = tostring(var.pimox_template_cores)
@@ -195,7 +195,7 @@ fi
 sudo "$qm_cmd" create "$vmid" \
   --name "${self.triggers.name}" \
   --bios ovmf \
-  --boot "order=net0;scsi0" \
+  --boot "order=scsi0;net0" \
   --cores "${self.triggers.cores}" \
   --memory "${self.triggers.memory}" \
   --net0 "${self.triggers.net0}" \
@@ -228,7 +228,7 @@ resource "null_resource" "pimox_template_vm_seal" {
     guest_host      = var.pimox_template_build_host
     guest_user      = var.pimox_template_build_user
     guest_key_path  = var.pimox_template_build_ssh_key_path
-    seal_version    = "3"
+    seal_version    = "4"
     timeout         = var.pimox_template_build_timeout
     timeout_seconds = tostring(var.pimox_template_build_timeout_seconds)
     guest_ip_prefix = var.pimox_template_guest_ip_prefix
@@ -301,6 +301,7 @@ if ssh_pimox "sudo '$pimox_qm_bin' config '$vmid' | grep -q '^template: 1$'"; th
 fi
 
 deadline=$((SECONDS + timeout_seconds))
+next_log=$SECONDS
 while (( SECONDS < deadline )); do
   if [ -z "$guest_host" ]; then
     guest_host="$(guest_ip_from_agent || true)"
@@ -308,6 +309,15 @@ while (( SECONDS < deadline )); do
   if [ -n "$guest_host" ] && ssh_guest "test -x /usr/local/sbin/homelab-prepare-template.sh"; then
     break
   fi
+  if (( SECONDS >= next_log )); then
+    elapsed=$((timeout_seconds - (deadline - SECONDS)))
+    if [ -n "$guest_host" ]; then
+      echo "Waiting for SSH and template preparation script on VM $vmid at $guest_host ($${elapsed}s elapsed)..."
+    else
+      echo "Waiting for VM $vmid to boot the installed guest and report an IP through qemu-guest-agent ($${elapsed}s elapsed)..."
+    fi
+    next_log=$((SECONDS + 60))
+  fi
   sleep 15
 done
 
diff --git a/bootstrap/provisioning/templates/golden-node-prepare.sh.tftpl b/bootstrap/provisioning/templates/golden-node-prepare.sh.tftpl
index 8229a69..5ca9d77 100644
--- a/bootstrap/provisioning/templates/golden-node-prepare.sh.tftpl
+++ b/bootstrap/provisioning/templates/golden-node-prepare.sh.tftpl
@@ -13,6 +13,7 @@ install_ssh_key() {
 }
 
 configure_sudo() {
+  usermod -p '*' '${template_user}' >/dev/null 2>&1 || true
   printf '%s ALL=(ALL) NOPASSWD:ALL\n' '${template_user}' >/etc/sudoers.d/90-homelab-${template_user}
   chmod 0440 /etc/sudoers.d/90-homelab-${template_user}
 }
diff --git a/bootstrap/provisioning/templates/preseed.cfg.tftpl b/bootstrap/provisioning/templates/preseed.cfg.tftpl
index 8daa4ce..6a9503b 100644
--- a/bootstrap/provisioning/templates/preseed.cfg.tftpl
+++ b/bootstrap/provisioning/templates/preseed.cfg.tftpl
@@ -30,6 +30,6 @@ d-i pkgsel/include string ${template_package_list}
 d-i pkgsel/update-policy select none
 popularity-contest popularity-contest/participate boolean false
 d-i grub-installer/only_debian boolean true
-d-i grub-installer/bootdev string default
+d-i grub-installer/bootdev string ${template_disk}
 d-i preseed/late_command string wget -O /target/usr/local/sbin/homelab-golden-node-prepare.sh ${provisioning_script_url}; chmod 0755 /target/usr/local/sbin/homelab-golden-node-prepare.sh; in-target /usr/local/sbin/homelab-golden-node-prepare.sh; wget -O /target/usr/local/sbin/homelab-prepare-template.sh ${prepare_template_script_url}; chmod 0755 /target/usr/local/sbin/homelab-prepare-template.sh
 d-i finish-install/reboot_in_progress note
diff --git a/bootstrap/provisioning/variables.tf b/bootstrap/provisioning/variables.tf
index 4b3acb1..485d7e3 100644
--- a/bootstrap/provisioning/variables.tf
+++ b/bootstrap/provisioning/variables.tf
@@ -94,7 +94,7 @@ variable "template_user_full_name" {
 
 variable "template_user_password_hash" {
   type    = string
-  default = "!"
+  default = "*"
 }
 
 variable "template_user_ssh_public_key_path" {