mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 13:40:45 +00:00
Alex Palaistras
231a6f529b
This allows for semi-unattended updates for home-server configuration for managed systems, and is run once every hour by default.
99 lines
3.2 KiB
Plaintext
99 lines
3.2 KiB
Plaintext
variant: fcos
|
|
version: 1.3.0
|
|
ignition:
|
|
config:
|
|
merge:
|
|
- local: common/common.ign
|
|
- local: common/logging.ign
|
|
- local: service/redis/spec.ign
|
|
- local: service/mariadb/spec.ign
|
|
- local: service/nginx/spec.ign
|
|
- local: service/letsencrypt/spec.ign
|
|
- local: service/git/spec.ign
|
|
- local: service/dovecot/spec.ign
|
|
- local: service/postfix/spec.ign
|
|
- local: service/rspamd/spec.ign
|
|
- local: service/prosody/spec.ign
|
|
- local: service/biboumi/spec.ign
|
|
- local: service/discord-ircd/spec.ign
|
|
- local: service/spectrum/spec.ign
|
|
- local: service/radicale/spec.ign
|
|
- local: private/spec.ign
|
|
|
|
passwd:
|
|
users:
|
|
- name: core
|
|
ssh_authorized_keys:
|
|
- ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAD46O1S/DSegplXd2Py5loFW2ZYahNvmUYGaFesR8Bo+A+vdmNur7eJ2Ke18j86E2VrVCnzze7EL3dqG1WmseektgClfyeDau+wSvvL8DPNc8JZFdoSd//Kk/OGmJcFfZjag0EXYqYuO/sgHE6yystnwB5ya5PaChNCDr7nG6j5qBJtYw==
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkzmZlPFoz3pN5S0J4z+OIuEx/vyXySfm1Y+KJzPt5kS7CGQ5SvJG8LItssmT5WRsflfEvGtlqKFPwpx3HXeiGpBonAmRnwPIZjmi0oP1SoiB2HIyiErL1pxq5Eodno9AVTEjDjau6/W3SpXlxEzunqDG0VnihTzFYa/p7K/8MiwNk6vaiLcdNjK0wsaFo4yWaN7kqyk2EGspdT0hzqENwQy/x/hdsQxZxAScatgVz5OXW626eoHd9PtmYppwj/WLa5nORoi63UCdlwhFKgJ55eTxeRMCiq9HHwlAvCe4IZ+dRbypg0gO2TNvHvvue2uVvT8BwMEujW62nx4Qen5kI9JvxiZt5aifKLCwyOgBsb/DIUP+ZcN51vwAmp/bCLW6IQqXMGH3BxIpml+bW/qxtmjAoh1+osWngsgtpZkhqRf+hTTJ5Om4QII4jDZxkBv0pysUl1W/krOr2a2DjfHGPyc11GqEPGb0FaFv3Q1SWuh3HTnr5YsA1Ig58UJQWhTm3bJKlH/Unl1+vwAU25Ger0j/JFsjJHVZF5Lkmu5hr84EhZ5S51FhEzRBVjhKBcZpKGRauCmO+SENFXnuTDPauiA3myEgTrVYSVTCbX9/RSz6pvVTkrBz/L1r6G7F8E+4DOL5/niXr+koBWsSiF3C8PNICT8gLsCD/d0mQo2nSsw==
|
|
|
|
storage:
|
|
disks:
|
|
- device: /dev/disk/by-path/pci-0000:00:1f.2-ata-1
|
|
wipe_table: true
|
|
partitions:
|
|
- label: data-1
|
|
|
|
- device: /dev/disk/by-path/pci-0000:00:1f.2-ata-2
|
|
wipe_table: true
|
|
partitions:
|
|
- label: data-2
|
|
|
|
raid:
|
|
- name: data
|
|
level: raid1
|
|
devices:
|
|
- /dev/disk/by-partlabel/data-1
|
|
- /dev/disk/by-partlabel/data-2
|
|
|
|
filesystems:
|
|
- device: /dev/md/data
|
|
path: /var
|
|
format: ext4
|
|
with_mount_unit: true
|
|
|
|
files:
|
|
- path: /etc/hostname
|
|
mode: 0644
|
|
contents:
|
|
inline: lhr01srv
|
|
|
|
- path: /etc/coreos-home-server/host.env
|
|
mode: 0600
|
|
contents:
|
|
local: lhr01srv.env.gpg
|
|
|
|
- path: /etc/NetworkManager/system-connections/eno1.nmconnection
|
|
mode: 0600
|
|
contents:
|
|
inline: |
|
|
[connection]
|
|
id=eno1
|
|
type=ethernet
|
|
interface-name=eno1
|
|
|
|
[ipv4]
|
|
address1=192.168.2.2/24,192.168.2.1
|
|
dhcp-hostname=lhr01srv
|
|
dns=1.1.1.1;1.0.0.1;8.8.8.8;
|
|
dns-search=
|
|
may-fail=false
|
|
method=manual
|
|
|
|
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
|
contents:
|
|
inline: |
|
|
[identity]
|
|
rollout_wariness = 0.8
|
|
|
|
- path: /etc/zincati/config.d/55-update-strategy.toml
|
|
contents:
|
|
inline: |
|
|
[updates]
|
|
strategy = "periodic"
|
|
|
|
[[updates.periodic.window]]
|
|
days = ["Sat", "Sun"]
|
|
start_time = "22:30"
|
|
length_minutes = 60
|