63 lines
1.9 KiB
Plaintext
63 lines
1.9 KiB
Plaintext
variant: fcos
|
|
version: 1.6.0
|
|
|
|
# We don't want any user capable of logging in on a production system, only provide this when debugging/developing
|
|
# https://docs.fedoraproject.org/en-US/fedora-coreos/authentication/
|
|
# Use this on your local machine (with docker installed) to generate your hashed password: docker run --rm -it ulikoehler/mkpasswd
|
|
|
|
# # Temporary user to allow troubleshooting some resource/performance issues, this should generally be commented out
|
|
# passwd:
|
|
# users:
|
|
# - name: core
|
|
# groups:
|
|
# - sudo
|
|
# - wheel
|
|
# password_hash: ...
|
|
# ssh_authorized_keys:
|
|
# - ssh-rsa ...
|
|
|
|
passwd:
|
|
users:
|
|
- name: core
|
|
groups:
|
|
- "sudo"
|
|
- "docker"
|
|
- "wheel"
|
|
ssh_authorized_keys:
|
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4G1BFBIcYZroqWvjC7ZlT0rL5cSGg1JQK1BtWCFgff cphipps@basement-pc.home.cahaa.net
|
|
|
|
storage:
|
|
files:
|
|
# Set the machine hostname
|
|
- path: /etc/hostname
|
|
mode: 0644
|
|
contents:
|
|
inline: f-coreos.home.cahaa.net
|
|
|
|
# Without this, all I/O is directed to the console so console access becomes tough
|
|
- path: /etc/sysctl.d/20-silence-audit.conf
|
|
mode: 0644
|
|
contents:
|
|
inline: |
|
|
# hide audit messages from interactive console
|
|
# by changing log level from DEBUG to WARNING
|
|
kernel.printk=4
|
|
|
|
# Set a "mildly cautious" update strategy (0.5 is middle of the road, 1 is most cautious) that will
|
|
# only take place during a defined maintenance window
|
|
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
|
mode: 0600
|
|
contents:
|
|
inline: |
|
|
[identity]
|
|
rollout_wariness = 0.5
|
|
|
|
[updates]
|
|
strategy="periodic"
|
|
|
|
[updates.periodic]
|
|
time_zone = "America/Chicago"
|
|
|
|
[[updates.periodic.window]]
|
|
start_time = "04:30"
|
|
length_minutes = 240 |