2023-03-30 21:51:23 +02:00
|
|
|
---
|
|
|
|
variant: fcos
|
|
|
|
version: 1.4.0
|
|
|
|
systemd:
|
|
|
|
units:
|
|
|
|
# Installing vim as a layered package with rpm-ostree
|
|
|
|
- name: rpm-ostree-install-pkg.service
|
|
|
|
enabled: true
|
|
|
|
contents: |
|
|
|
|
[Unit]
|
|
|
|
Description=Layer packages with rpm-ostree
|
|
|
|
Wants=network-online.target
|
|
|
|
After=network-online.target
|
|
|
|
# We run before `zincati.service` to avoid conflicting rpm-ostree
|
|
|
|
# transactions.
|
|
|
|
Before=zincati.service
|
|
|
|
# Otherwise vagrant will try to run the playbook before we got python
|
|
|
|
Before=sshd.service
|
|
|
|
ConditionPathExists=!/var/lib/%N.stamp
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
Type=oneshot
|
|
|
|
RemainAfterExit=yes
|
|
|
|
# `--allow-inactive` ensures that rpm-ostree does not return an error
|
|
|
|
# if the package is already installed. This is useful if the package is
|
|
|
|
# added to the root image in a future Fedora CoreOS release as it will
|
|
|
|
# prevent the service from failing.
|
|
|
|
ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive vim python docker-compose borgbackup btop iftop iotop
|
|
|
|
ExecStart=/bin/touch /var/lib/%N.stamp
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
WantedBy=multi-user.target
|
|
|
|
# Make sure docker is actually starting without a call to the socket.
|
|
|
|
- name: docker.service
|
|
|
|
enabled: true
|
|
|
|
- name: borgbackup.service
|
|
|
|
contents: |
|
|
|
|
[Unit]
|
|
|
|
Description=Run Backup of /var/lib/docker
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
ExecStart=/usr/bin/bash /root/backup.sh
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
WantedBy=multi-user.target
|
|
|
|
- name: borgbackup.timer
|
|
|
|
enabled: true
|
|
|
|
contents: |
|
|
|
|
[Unit]
|
|
|
|
Description=Daily backup
|
|
|
|
|
|
|
|
[Timer]
|
|
|
|
OnCalendar=daily
|
|
|
|
Persistent=true
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
WantedBy=timers.target
|
|
|
|
storage:
|
2023-09-12 07:08:28 +02:00
|
|
|
disks:
|
|
|
|
- device: /dev/disk/by-id/coreos-boot-disk
|
|
|
|
wipe_table: false
|
|
|
|
partitions:
|
|
|
|
- number: 4
|
|
|
|
label: root
|
|
|
|
size_mib: 8192
|
|
|
|
resize: true
|
|
|
|
- label: swap
|
|
|
|
size_mib: 3072
|
|
|
|
- label: var # not specifying "number", so this will go after the root partition
|
|
|
|
size_mib: 0 # means "use the rest of the space on the disk"
|
2023-03-30 21:51:23 +02:00
|
|
|
filesystems:
|
2023-09-12 07:08:28 +02:00
|
|
|
- path: /var
|
|
|
|
device: /dev/disk/by-partlabel/var
|
|
|
|
format: xfs
|
|
|
|
wipe_filesystem: true # preserve /var on reinstall (this is the default, but be explicit)
|
|
|
|
with_mount_unit: true # mount this filesystem in the real root
|
|
|
|
- device: /dev/disk/by-partlabel/swap
|
|
|
|
format: swap
|
|
|
|
wipe_filesystem: true # preserve /var on reinstall (this is the default, but be explicit)
|
|
|
|
with_mount_unit: true # mount this filesystem in the real root
|
2023-03-30 21:51:23 +02:00
|
|
|
files:
|
|
|
|
# Set vim as default editor
|
|
|
|
# We use `zz-` as prefix to make sure this is processed last in order to
|
|
|
|
# override any previously set defaults.
|
|
|
|
- path: /etc/profile.d/zz-default-editor.sh
|
|
|
|
overwrite: true
|
|
|
|
contents:
|
|
|
|
inline: |
|
|
|
|
export EDITOR=vim
|
|
|
|
- path: /etc/hostname
|
|
|
|
mode: 0644
|
|
|
|
contents:
|
|
|
|
inline: mon1.hel1.chaoswg.org
|
|
|
|
- path: /etc/zincati/config.d/55-updates-strategy.toml
|
|
|
|
contents:
|
|
|
|
inline: |
|
|
|
|
[updates]
|
|
|
|
strategy = "periodic"
|
|
|
|
[[updates.periodic.window]]
|
2023-09-12 07:08:28 +02:00
|
|
|
days = [ "Wed", "Mon" ]
|
2023-03-30 21:51:23 +02:00
|
|
|
start_time = "23:30"
|
|
|
|
length_minutes = 60
|
|
|
|
links:
|
|
|
|
- path: /etc/localtime
|
|
|
|
target: /usr/share/zoneinfo/Europe/Berlin
|
|
|
|
passwd:
|
|
|
|
users:
|
|
|
|
- name: core
|
|
|
|
groups:
|
|
|
|
- docker
|
|
|
|
ssh_authorized_keys:
|
|
|
|
- cert-authority,principals="rad4day,rad4day@chaoswg.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUN/Ik3CqhsVLGEkl2rJLUhC0AXFmVp6BgETaqgVKq5 user-ca@chaoswg.org
|
|
|
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhzs4vCOhy3yH2TF2bO5Qalt2P4WG4nDYTLarPKFrdM ansible@provisioner
|
|
|
|
...
|