---
variant: fcos
version: 1.4.0
systemd:
  units:
    # Installing vim as a layered package with rpm-ostree
    - name: rpm-ostree-install-pkg.service
      enabled: true
      contents: |
        [Unit]
        Description=Layer packages with rpm-ostree
        Wants=network-online.target
        After=network-online.target
        # We run before `zincati.service` to avoid conflicting rpm-ostree
        # transactions.
        Before=zincati.service
        # Otherwise vagrant will try to run the playbook before we got python
        Before=sshd.service
        ConditionPathExists=!/var/lib/%N.stamp

        [Service]
        Type=oneshot
        RemainAfterExit=yes
        # `--allow-inactive` ensures that rpm-ostree does not return an error
        # if the package is already installed. This is useful if the package is
        # added to the root image in a future Fedora CoreOS release as it will
        # prevent the service from failing.
        ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive vim python docker-compose borgbackup btop iftop iotop
        ExecStart=/bin/touch /var/lib/%N.stamp

        [Install]
        WantedBy=multi-user.target
    # Make sure docker is actually starting without a call to the socket.
    - name: docker.service
      enabled: true
    - name: borgbackup.service
      contents: |
        [Unit]
        Description=Run Backup of /var/lib/docker

        [Service]
        ExecStart=/usr/bin/bash /root/backup.sh

        [Install]
        WantedBy=multi-user.target
    - name: borgbackup.timer
      enabled: true
      contents: |
        [Unit]
        Description=Daily backup

        [Timer]
        OnCalendar=daily
        Persistent=true

        [Install]
        WantedBy=timers.target
storage:
  filesystems:
    - device: /dev/disk/by-partlabel/root
      wipe_filesystem: true
      format: ext4
      label: root
  files:
    # Set vim as default editor
    # We use `zz-` as prefix to make sure this is processed last in order to
    # override any previously set defaults.
    - path: /etc/profile.d/zz-default-editor.sh
      overwrite: true
      contents:
        inline: |
          export EDITOR=vim
    - path: /etc/hostname
      mode: 0644
      contents:
        inline: mon1.hel1.chaoswg.org
    - path: /etc/zincati/config.d/55-updates-strategy.toml
      contents:
        inline: |
          [updates]
          strategy = "periodic"
          [[updates.periodic.window]]
          days = [ "Fri", "Sat" ]
          start_time = "23:30"
          length_minutes = 60
  links:
    - path: /etc/localtime
      target: /usr/share/zoneinfo/Europe/Berlin
passwd:
  users:
    - name: core
      groups:
        - docker
      ssh_authorized_keys:
        - cert-authority,principals="rad4day,rad4day@chaoswg.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUN/Ik3CqhsVLGEkl2rJLUhC0AXFmVp6BgETaqgVKq5 user-ca@chaoswg.org
        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhzs4vCOhy3yH2TF2bO5Qalt2P4WG4nDYTLarPKFrdM ansible@provisioner
...