variant: fcos
version: 1.6.0

# We don't want any user capable of logging in on a production system, only provide this when debugging/developing
# https://docs.fedoraproject.org/en-US/fedora-coreos/authentication/
# Use this on your local machine (with docker installed) to generate your hashed password: docker run --rm -it ulikoehler/mkpasswd

# # Temporary user to allow troubleshooting some resource/performance issues, this should generally be commented out
# passwd:
#  users:
#    - name: core
#      groups:
#        - sudo
#        - wheel
#      password_hash: ...
#      ssh_authorized_keys:
#        - ssh-rsa ...

passwd:
  users:
    - name: core
      groups:
        - "sudo"
        - "docker"
        - "wheel"
      ssh_authorized_keys:
        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4G1BFBIcYZroqWvjC7ZlT0rL5cSGg1JQK1BtWCFgff cphipps@basement-pc.home.cahaa.net

storage:
  files:
    # Set the machine hostname
    - path: /etc/hostname
      mode: 0644
      contents:
        inline: f-coreos.home.cahaa.net

    # Without this, all I/O is directed to the console so console access becomes tough
    - path: /etc/sysctl.d/20-silence-audit.conf
      mode: 0644
      contents:
        inline: |
          # hide audit messages from interactive console
          # by changing log level from DEBUG to WARNING
          kernel.printk=4          

    # Set a "mildly cautious" update strategy (0.5 is middle of the road, 1 is most cautious) that will
    # only take place during a defined maintenance window
    - path: /etc/zincati/config.d/51-rollout-wariness.toml
      mode: 0600
      contents:
        inline: |
          [identity]
          rollout_wariness = 0.5

          [updates]
          strategy="periodic"

          [updates.periodic]
          time_zone = "America/Chicago"

          [[updates.periodic.window]]
          start_time = "04:30"
          length_minutes = 240