infrastructure/setup.bu

101 lines
3.1 KiB
Plaintext
Raw Normal View History

---
variant: fcos
version: 1.4.0
systemd:
units:
# Installing vim as a layered package with rpm-ostree
- name: rpm-ostree-install-pkg.service
enabled: true
contents: |
[Unit]
Description=Layer packages with rpm-ostree
Wants=network-online.target
After=network-online.target
# We run before `zincati.service` to avoid conflicting rpm-ostree
# transactions.
Before=zincati.service
# Otherwise vagrant will try to run the playbook before we got python
Before=sshd.service
ConditionPathExists=!/var/lib/%N.stamp
[Service]
Type=oneshot
RemainAfterExit=yes
# `--allow-inactive` ensures that rpm-ostree does not return an error
# if the package is already installed. This is useful if the package is
# added to the root image in a future Fedora CoreOS release as it will
# prevent the service from failing.
ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive vim python docker-compose borgbackup
ExecStart=/bin/touch /var/lib/%N.stamp
[Install]
WantedBy=multi-user.target
# Make sure docker is actually starting without a call to the socket.
- name: docker.service
enabled: true
- name: borgbackup.service
contents: |
[Unit]
Description=Run Backup of /var/lib/docker
[Service]
ExecStart=/usr/bin/bash /root/backup.sh
[Install]
WantedBy=multi-user.target
- name: borgbackup.timer
enabled: true
contents: |
[Unit]
Description=Daily backup
[Timer]
OnCalendar=daily
Persistent=true
[Install]
WantedBy=timers.target
storage:
filesystems:
- device: /dev/disk/by-partlabel/root
wipe_filesystem: true
format: ext4
label: root
files:
# Set vim as default editor
# We use `zz-` as prefix to make sure this is processed last in order to
# override any previously set defaults.
- path: /etc/profile.d/zz-default-editor.sh
overwrite: true
contents:
inline: |
export EDITOR=vim
- path: /etc/hostname
mode: 0644
contents:
inline: host.nc.chaoswg.org
- path: /etc/zincati/config.d/55-updates-strategy.toml
contents:
inline: |
[updates]
strategy = "periodic"
[[updates.periodic.window]]
days = [ "Fri", "Sat" ]
start_time = "23:30"
length_minutes = 60
links:
- path: /etc/localtime
target: /usr/share/zoneinfo/Europe/Berlin
passwd:
users:
- name: core
groups:
- docker
ssh_authorized_keys:
- cert-authority,principals="rad4day,rad4day@chaoswg.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUN/Ik3CqhsVLGEkl2rJLUhC0AXFmVp6BgETaqgVKq5 user-ca@chaoswg.org
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhzs4vCOhy3yH2TF2bO5Qalt2P4WG4nDYTLarPKFrdM ansible@provisioner
- name: borgbackup
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEeiXrwUxnzo/MLn3PdT3shFIJu7zia8uwlcQhyPautw borgbackup@remote
...