Flatcar ignition file
This snippet shows a YAML configuration for system user management and network settings. It defines user groups, passwords, and SSH keys, along with network interface configurations including IP address and DNS settings. This example can help in automating system setups for servers.
EthraZa
yaml
9 months ago
9.5 kB
97
No Index
passwd:
groups:
- name: sailor
gid: 1000
users:
- name: core
groups:
- wheel
- sudo
- docker
- systemd-journal
- core
- sailor
password_hash: "$6$rounds=4096$Vd0....3jo/"
ssh_authorized_keys:
- ssh-rsa AAAAB3N...LQ== Admin01
- ssh-rsa AAAAB...5qQ== Admin02
networkd:
units:
- name: 00-eth1.network
contents: |
[Match]
Name=eth1
[Network]
Address=192.168.0.3/24
DNS=108.61.10.10
DNS=1.1.1.1
storage:
filesystems:
- name: corefs
mount:
device: /dev/disk/by-partlabel/ROOT
format: xfs
wipe_filesystem: true
label: ROOT
files:
- path: /etc/ssh/sshd_config
filesystem: root
mode: 0600
contents:
inline: |
UsePrivilegeSeparation sandbox
Subsystem sftp internal-sftp
UseDNS no
PermitRootLogin no
AllowUsers core
AuthenticationMethods publickey
TCPKeepAlive yes
ClientAliveInterval 120
ClientAliveCountMax 2
- path: /etc/docker/daemon.json
filesystem: root
mode: 0644
contents:
inline: |
{
"insecure-registries" : ["reg.i.domain.com.br:5000"]
}
- path: /etc/hostname
filesystem: root
mode: 0644
contents:
inline: do.a.domain.com.br
- path: /etc/hosts
filesystem: root
mode: 0644
contents:
inline: |
127.0.0.1 localhost.localdomain localhost
::1 localhost.localdomain localhost
192.168.0.3 do.i.domain.com.br do
192.168.0.4 re.i.domain.com.br re
192.168.0.5 mi.i.domain.com.br mi
192.168.0.6 fa.i.domain.com.br fa
192.168.0.7 sol.i.domain.com.br sol
192.168.0.8 la.i.domain.com.br la
192.168.0.9 si.i.domain.com.br si
192.168.0.3 reg.i.domain.com.br reg
192.168.0.4 db1.i.domain.com.br db1
- path: /etc/timezone
filesystem: root
mode: 0644
contents:
inline: America/Sao_Paulo
- path: /etc/sysctl.d/80-swappiness.conf
filesystem: root
mode: 0644
contents:
inline: vm.swappiness=100
- path: /etc/sysctl.d/90-override.conf
filesystem: root
mode: 0644
contents:
inline: fs.inotify.max_user_watches=204800
- path: /etc/modules-load.d/zram.conf
filesystem: root
mode: 0644
contents:
inline: zram
- path: /etc/modules-load.d/nfs.conf
filesystem: root
mode: 0644
contents:
inline: nfs
- path: /etc/modules-load.d/nfsd.conf
filesystem: root
mode: 0644
contents:
inline: nfsd
- path: /opt/bin/htop
filesystem: root
mode: 0755
contents:
inline: |
#!/bin/sh
# Usage: htop [CONTAINER_ID]
if [ -z "${1}" ]; then
CNTPID=host
else
CNTPID="container:${1}"
fi
docker run -v $HOME/.config/htop:/.config/htop -it --rm --net host --pid="${CNTPID}" --ipc host --log-driver none defnotgustavom/htop
directories:
- path: /var/apps/syncthing/docker/var/syncthing/config
filesystem: root
mode: 0755
user:
id: 1000
group:
id: 1000
- path: /var/apps/syncthing/docker/var/syncthing/config/do.a.domain.com.br
filesystem: root
mode: 0755
user:
id: 1000
group:
id: 1000
- path: /var/apps/syncthing/docker/var/syncthing/config/re.a.domain.com.br
filesystem: root
mode: 0755
user:
id: 1000
group:
id: 1000
- path: /var/apps/syncthing/docker/var/syncthing/config/mi.a.domain.com.br
filesystem: root
mode: 0755
user:
id: 1000
group:
id: 1000
- path: /var/apps/syncthing/docker/var/syncthing/config/fa.a.domain.com.br
filesystem: root
mode: 0755
user:
id: 1000
group:
id: 1000
- path: /var/apps/syncthing/docker/var/syncthing/config/sol.a.domain.com.br
filesystem: root
mode: 0755
user:
id: 1000
group:
id: 1000
- path: /var/apps/syncthing/docker/var/syncthing/config/la.a.domain.com.br
filesystem: root
mode: 0755
user:
id: 1000
group:
id: 1000
- path: /var/apps/syncthing/docker/var/syncthing/config/si.a.domain.com.br
filesystem: root
mode: 0755
user:
id: 1000
group:
id: 1000
systemd:
units:
- name: settimezone.service
enabled: true
contents: |
[Unit]
Description=Set the time zone
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/bin/timedatectl set-timezone America/Sao_Paulo
[Install]
WantedBy=multi-user.target
- name: docker-tcp.socket
enabled: true
contents: |
[Unit]
Description=Docker Socket for the API
[Socket]
ListenStream=2375
BindIPv6Only=both
Service=docker.service
[Install]
WantedBy=sockets.target
- name: dockerps.service
enabled: true
contents: |
[Unit]
Description=Run docker ps after reboot to workaround it getting down to swarm
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/bin/sh -c '/usr/bin/docker ps > /dev/null'
[Install]
WantedBy=multi-user.target
- name: dev-zram0.swap
enabled: true
contents: |
[Unit]
Description=Turn on zram swap
Requires=create-zram.service
After=create-zram.service
[Swap]
What=/dev/zram0
[Install]
WantedBy=multi-user.target
- name: create-zram.service
contents: |
[Unit]
Description=Create zram in memory compressed swap of size 50%
RequiresMountsFor=/dev
[Service]
Type=oneshot
RemainAfterExit=true
ExecStartPre=/usr/bin/sh -c "/usr/sbin/zramctl -f -s $$(($$(free -m|grep -E '^Mem'|tr -s ' '|cut -d' ' -f2)/2))MiB"
ExecStartPre=/usr/sbin/mkswap /dev/zram0
ExecStart=/usr/sbin/swapon /dev/zram0
ExecStop=/usr/sbin/swapoff /dev/zram0
- name: install_stuff.service
enabled: true
contents: |
[Unit]
Description=Install or Update Stuff on Boot
Wants=network-online.target
After=network.target network-online.target
[Service]
Type=oneshot
RemainAfterExit=true
ExecStartPre=/bin/sh -c 'until ping -c1 github.com; do sleep 1; done;'
ExecStartPre=/usr/bin/mkdir -p /opt/bin
ExecStartPre=/usr/bin/wget https://github.com/docker/compose/releases/latest/download/docker-compose-Linux-x86_64 -O /opt/bin/docker-compose
ExecStart=/usr/bin/chmod -R +x /opt/bin
[Install]
WantedBy=multi-user.target
- name: mnt-dbs.mount
enabled: false
contents: |
[Unit]
Description=Mount DB Storage to /mnt/dbs
Before=local-fs.target
[Mount]
What=/dev/disk/by-label/dbs
Where=/mnt/dbs
Type=xfs
Options=defaults,noatime
[Install]
WantedBy=local-fs.target
RequiredBy=docker.service
- name: mnt-dbs.mount
enabled: false
contents: |
[Unit]
Description=Mount disk storage to /mnt/storage
Before=local-fs.target
[Mount]
What=/dev/disk/by-label/storage
Where=/mnt/storage
Type=xfs
Options=defaults,noatime
[Install]
WantedBy=local-fs.target
RequiredBy=docker.service
- name: nfs-storage.mount
enabled: false
contents: |
[Unit]
Description=Mount NFS storage to /mnt/storage
Before=remote-fs.target
[Mount]
What=do:/mnt/storage
Where=/mnt/storage
Type=nfs
Options=auto,nofail,noatime,nolock,intr,tcp,actimeo=900,timeo=7,retrans=10
[Install]
WantedBy=remote-fs.target
RequiredBy=docker.service
# etcd:
# name: "{HOSTNAME}"
# advertise_client_urls: "http://{PRIVATE_IPV4}:2379"
# initial_advertise_peer_urls: "http://{PRIVATE_IPV4}:2380"
# listen_client_urls: "http://0.0.0.0:2379"
# listen_peer_urls: "http://{PRIVATE_IPV4}:2380"
# initial_cluster: "{HOSTNAME}=http://{PRIVATE_IPV4}:2380"
update:
group: "stable"
locksmith:
reboot_strategy: "etcd-lock"
window_start: "Sun 3:00"
window_length: "3h"Editor is loading...
Leave a Comment