diff --git a/f-coreos.bu b/f-coreos.bu new file mode 100644 index 0000000..a4ef461 --- /dev/null +++ b/f-coreos.bu @@ -0,0 +1,63 @@ +variant: fcos +version: 1.6.0 + +# We don't want any user capable of logging in on a production system, only provide this when debugging/developing +# https://docs.fedoraproject.org/en-US/fedora-coreos/authentication/ +# Use this on your local machine (with docker installed) to generate your hashed password: docker run --rm -it ulikoehler/mkpasswd + +# # Temporary user to allow troubleshooting some resource/performance issues, this should generally be commented out +# passwd: +# users: +# - name: core +# groups: +# - sudo +# - wheel +# password_hash: ... +# ssh_authorized_keys: +# - ssh-rsa ... + +passwd: + users: + - name: admin + groups: + - "sudo" + - "docker" + - "wheel" + ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4G1BFBIcYZroqWvjC7ZlT0rL5cSGg1JQK1BtWCFgff cphipps@basement-pc.home.cahaa.net + +storage: + files: + # Set the machine hostname + - path: /etc/hostname + mode: 0644 + contents: + inline: f-coreos.home.cahaa.net + + # Without this, all I/O is directed to the console so console access becomes tough + - path: /etc/sysctl.d/20-silence-audit.conf + mode: 0644 + contents: + inline: | + # hide audit messages from interactive console + # by changing log level from DEBUG to WARNING + kernel.printk=4 + + # Set a "mildly cautious" update strategy (0.5 is middle of the road, 1 is most cautious) that will + # only take place during a defined maintenance window + - path: /etc/zincati/config.d/51-rollout-wariness.toml + mode: 0600 + contents: + inline: | + [identity] + rollout_wariness = 0.5 + + [updates] + strategy="periodic" + + [updates.periodic] + time_zone = "America/Chicago" + + [[updates.periodic.window]] + start_time = "04:30" + length_minutes = 240 \ No newline at end of file