feat: add cloud-init Go parser (Phase 2)

Implement a lightweight cloud-init system for first-boot configuration:
- Go parser for YAML config (hostname, network, KubeSolo settings)
- Static/DHCP network modes with DNS override
- KubeSolo extra flags and API server SAN configuration
- Portainer Edge Agent and air-gapped deployment support
- New init stage 45-cloud-init.sh runs before network/hostname stages
- Stages 50/60 skip gracefully when cloud-init has already applied
- Build script compiles static Linux/amd64 binary (~2.7 MB)
- 17 unit tests covering parsing, validation, and example files
- Full documentation at docs/cloud-init.md

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

init/lib/45-cloud-init.sh

@@ -0,0 +1,35 @@
+#!/bin/sh
+# 45-cloud-init.sh — Apply cloud-init configuration
+#
+# Runs the kubesolo-cloudinit binary to parse cloud-init.yaml and apply:
+#   - hostname (/etc/hostname, /etc/hosts)
+#   - network (static IP or DHCP)
+#   - KubeSolo settings (/etc/kubesolo/extra-flags, config.yaml)
+#   - persistent configs saved to data partition
+#
+# If no cloud-init file is found, this stage is a no-op and later stages
+# (50-network, 60-hostname) handle defaults.
+
+CLOUDINIT_BIN="/usr/lib/kubesolo-os/kubesolo-cloudinit"
+CLOUDINIT_FILE="${KUBESOLO_CLOUDINIT:-$DATA_MOUNT/etc-kubesolo/cloud-init.yaml}"
+
+if [ ! -x "$CLOUDINIT_BIN" ]; then
+    log_warn "cloud-init binary not found at $CLOUDINIT_BIN — skipping"
+    return 0
+fi
+
+if [ ! -f "$CLOUDINIT_FILE" ]; then
+    log "No cloud-init config found at $CLOUDINIT_FILE — skipping"
+    return 0
+fi
+
+log "Applying cloud-init from: $CLOUDINIT_FILE"
+
+if "$CLOUDINIT_BIN" apply "$CLOUDINIT_FILE"; then
+    log_ok "cloud-init applied successfully"
+    # Signal to later stages that cloud-init handled network/hostname
+    CLOUDINIT_APPLIED=1
+    export CLOUDINIT_APPLIED
+else
+    log_err "cloud-init apply failed — later stages will use defaults"
+fi

init/lib/50-network.sh

@@ -1,6 +1,12 @@
 #!/bin/sh
 # 50-network.sh — Configure networking
-# Priority: persistent config > cloud-init > DHCP fallback
+# Priority: cloud-init (stage 45) > saved config > DHCP fallback
+
+# If cloud-init already configured networking, skip this stage
+if [ "$CLOUDINIT_APPLIED" = "1" ]; then
+    log "Network already configured by cloud-init — skipping"
+    return 0
+fi
 
 # Check for saved network config (from previous boot or cloud-init)
 if [ -f "$DATA_MOUNT/network/interfaces.sh" ]; then
@@ -9,15 +15,6 @@ if [ -f "$DATA_MOUNT/network/interfaces.sh" ]; then
     return 0
 fi
 
-# Check for cloud-init network config
-CLOUDINIT_FILE="${KUBESOLO_CLOUDINIT:-$DATA_MOUNT/etc-kubesolo/cloud-init.yaml}"
-if [ -f "$CLOUDINIT_FILE" ]; then
-    log "Cloud-init found: $CLOUDINIT_FILE"
-    # Phase 1: simple parsing — extract network stanza
-    # TODO: Replace with proper cloud-init parser (Go binary) in Phase 2
-    log_warn "Cloud-init network parsing not yet implemented — falling back to DHCP"
-fi
-
 # Fallback: DHCP on first non-loopback interface
 log "Configuring network via DHCP"
 

init/lib/60-hostname.sh

@@ -1,5 +1,15 @@
 #!/bin/sh
 # 60-hostname.sh — Set system hostname
+# If cloud-init (stage 45) already set the hostname, skip this stage.
+
+# Cloud-init writes /etc/hostname and saves to data partition
+if [ "$CLOUDINIT_APPLIED" = "1" ] && [ -f /etc/hostname ]; then
+    HOSTNAME="$(cat /etc/hostname)"
+    if [ -n "$HOSTNAME" ]; then
+        log "Hostname already set by cloud-init: $HOSTNAME"
+        return 0
+    fi
+fi
 
 if [ -f "$DATA_MOUNT/etc-kubesolo/hostname" ]; then
     HOSTNAME="$(cat "$DATA_MOUNT/etc-kubesolo/hostname")"