---
variant: fcos
version: 1.4.0
systemd:
  units:
    # Installing vim as a layered package with rpm-ostree
    - name: rpm-ostree-install-pkg.service
      enabled: true
      contents: |
        [Unit]
        Description=Layer packages with rpm-ostree
        Wants=network-online.target
        After=network-online.target
        # We run before `zincati.service` to avoid conflicting rpm-ostree
        # transactions.
        Before=zincati.service
        # Otherwise vagrant will try to run the playbook before we got python
        Before=sshd.service
        ConditionPathExists=!/var/lib/%N.stamp

        [Service]
        Type=oneshot
        RemainAfterExit=yes
        # `--allow-inactive` ensures that rpm-ostree does not return an error
        # if the package is already installed. This is useful if the package is
        # added to the root image in a future Fedora CoreOS release as it will
        # prevent the service from failing.
        ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive vim python docker-compose borgbackup btop iftop iotop
        ExecStart=/bin/touch /var/lib/%N.stamp

        [Install]
        WantedBy=multi-user.target
    # Make sure docker is actually starting without a call to the socket.
    - name: docker.service
      enabled: true
    - name: borgbackup.service
      contents: |
        [Unit]
        Description=Run Backup of /var/lib/docker

        [Service]
        ExecStart=/usr/bin/bash /root/backup.sh

        [Install]
        WantedBy=multi-user.target
    - name: borgbackup.timer
      enabled: true
      contents: |
        [Unit]
        Description=Daily backup

        [Timer]
        OnCalendar=daily
        Persistent=true

        [Install]
        WantedBy=timers.target
storage:
  disks:
    - device: /dev/disk/by-id/coreos-boot-disk
      wipe_table: false
      partitions:
      - number: 4
        label: root
        size_mib: 8192
        resize: true
      - label: swap
        size_mib: 3072
      - label: var  # not specifying "number", so this will go after the root partition
        size_mib: 0 # means "use the rest of the space on the disk"
  filesystems:
    - path: /var
      device: /dev/disk/by-partlabel/var
      format: xfs
      wipe_filesystem: true # preserve /var on reinstall (this is the default, but be explicit)
      with_mount_unit: true  # mount this filesystem in the real root
    - device: /dev/disk/by-partlabel/swap
      format: swap
      wipe_filesystem: true # preserve /var on reinstall (this is the default, but be explicit)
      with_mount_unit: true  # mount this filesystem in the real root
  files:
    # Set vim as default editor
    # We use `zz-` as prefix to make sure this is processed last in order to
    # override any previously set defaults.
    - path: /etc/profile.d/zz-default-editor.sh
      overwrite: true
      contents:
        inline: |
          export EDITOR=vim
    - path: /etc/hostname
      mode: 0644
      contents:
        inline: infra.unruhig.eu
    - path: /etc/zincati/config.d/55-updates-strategy.toml
      contents:
        inline: |
          [updates]
          strategy = "periodic"
          [[updates.periodic.window]]
          days = [ "Wed", "Mon" ]
          start_time = "12:00"
          length_minutes = 60
  links:
    - path: /etc/localtime
      target: /usr/share/zoneinfo/Europe/Berlin
passwd:
  users:
    - name: core
      groups:
        - docker
      ssh_authorized_keys:
        - cert-authority,principals="rad4day,rad4day@chaoswg.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUN/Ik3CqhsVLGEkl2rJLUhC0AXFmVp6BgETaqgVKq5 user-ca@chaoswg.org
        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhzs4vCOhy3yH2TF2bO5Qalt2P4WG4nDYTLarPKFrdM ansible@provisioner
...
# vim: ft=yaml.butane