home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

commit dd4ddffdcf910c0bd9f548c3f71b1a5bbcdd0721
parent dcc23d468109f4304249850a02673bfce91404ee
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Thu,  4 Jan 2024 18:03:56 +0100

fcos: add some Fedora CoreOS configuration

Those files are generated from my notes.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
M.gitignore | 5+++--
Aops/fcos/fcos-master.bu | 120+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aops/fcos/fcos-master1.ign | 1+
Aops/fcos/fcos-master2.ign | 1+
4 files changed, 125 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore @@ -16,4 +16,5 @@ networking.nix hardware-configuration.nix /key.bin /tools/emacs/nix-buffer/ -/tools/emacs/var/backup- \ No newline at end of file +/tools/emacs/var/backup +*.qcow2+ \ No newline at end of file diff --git a/ops/fcos/fcos-master.bu b/ops/fcos/fcos-master.bu @@ -0,0 +1,120 @@ +variant: fcos +version: 1.4.0 +passwd: + users: + - name: core + ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832 + - name: robot + password_hash: "$y$j9T$8AHcgGEznx/VnaNnbHufj/$zE.UJBpbrZiIKS3FcVLg.VBawvflIDZYn1dzKhJb7x0" + ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832 + groups: [ sudo ] +storage: + directories: + - path: /var/cache/rpm-ostree-install + files: + # CRI-O DNF module + - path: /etc/dnf/modules.d/cri-o.module + mode: 0644 + overwrite: true + contents: + inline: | + [cri-o] + name=cri-o + stream=1.29 + profiles= + state=enabled + # YUM repository for kubeadm, kubelet and kubectl + - path: /etc/yum.repos.d/kubernetes.repo + mode: 0644 + overwrite: true + contents: + inline: | + [kubernetes] + name=Kubernetes + baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 + enabled=1 + gpgcheck=1 + gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg + # configuring automatic loading of br_netfilter on startup + - path: /etc/modules-load.d/br_netfilter.conf + mode: 0644 + overwrite: true + contents: + inline: br_netfilter + # setting kernel parameters required by kubelet + - path: /etc/sysctl.d/kubernetes.conf + mode: 0644 + overwrite: true + contents: + inline: | + net.bridge.bridge-nf-call-iptables=1 + net.ipv4.ip_forward=1 + - path: /etc/hostname + mode: 0644 + contents: + inline: ~HOSTNAME~ + disks: + - # The link to the block device the OS was booted from. + device: /dev/disk/by-id/coreos-boot-disk + # We do not want to wipe the partition table since this is the primary + # device. + wipe_table: false + partitions: + - number: 4 + label: root + size_mib: 10240 # 10GB + resize: true + - size_mib: 0 + # We assign a descriptive label to the partition. This is important + # for referring to it in a device-agnostic way in other parts of the + # configuration. + label: var + filesystems: + - path: /var + device: /dev/disk/by-partlabel/var + # We can select the filesystem we'd like. + format: ext4 + # Ask Butane to generate a mount unit for us so that this filesystem + # gets mounted in the real root. + with_mount_unit: true + +systemd: + units: + - name: rpm-ostree-install@.service + enabled: true + contents: | + [Unit] + Description=Layer %i with rpm-ostree + Wants=network-online.target + After=network-online.target + Before=zincati.service + ConditionPathExists=!/var/cache/rpm-ostree-install/%i.stamp + + [Service] + Type=oneshot + RemainAfterExit=yes + ExecStart=/usr/bin/flock /var/cache/rpm-ostree-install/.lock -c "/usr/bin/rpm-ostree install --assumeyes --idempotent --apply-live --allow-inactive %i | tee /var/cache/rpm-ostree-install/%i.stamp" + + [Install] + WantedBy=multi-user.target + - name: rpm-ostree-install@python3.service + enabled: true + - name: rpm-ostree-install@libselinux-python3.service + enabled: true + - name: rpm-ostree-install@kubeadm.service + enabled: true + - name: rpm-ostree-install@kubelet.service + enabled: true + - name: rpm-ostree-install@kubectl.service + enabled: true + - name: rpm-ostree-install@cri-o.service + enabled: true + - name: rpm-ostree-install@htop.service + enabled: true diff --git a/ops/fcos/fcos-master1.ign b/ops/fcos/fcos-master1.ign @@ -0,0 +1 @@ +{"ignition":{"version":"3.3.0"},"passwd":{"users":[{"name":"core","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]},{"groups":["sudo"],"name":"robot","passwordHash":"$y$j9T$8AHcgGEznx/VnaNnbHufj/$zE.UJBpbrZiIKS3FcVLg.VBawvflIDZYn1dzKhJb7x0","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]}]},"storage":{"directories":[{"path":"/var/cache/rpm-ostree-install"}],"disks":[{"device":"/dev/disk/by-id/coreos-boot-disk","partitions":[{"label":"root","number":4,"resize":true,"sizeMiB":10240},{"label":"var","sizeMiB":0}],"wipeTable":false}],"files":[{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/4yMUcrCMBCE33OKXiAJP/xUEXoCjyAi6XbYQpLukjRgby+i1Nc+zTDM991iG1EWrKh3s4SM4boPZgwVraRhXletF+81UAyM6ihJmxyLcIIjyX5r2ReoVP/zWaSTfZ77R/9vsIQxYRr+DCvTDIqfGrEdtE9C77QRm2Nl03XHuaLZfl87/woAAP//5RZjlPkAAAA="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"path":"/etc/hostname","contents":{"compression":"","source":"data:,fcos-master1"},"mode":420}],"filesystems":[{"device":"/dev/disk/by-partlabel/var","format":"ext4","path":"/var"}]},"systemd":{"units":[{"contents":"# Generated by Butane\n[Unit]\nRequires=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\nAfter=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\n\n[Mount]\nWhere=/var\nWhat=/dev/disk/by-partlabel/var\nType=ext4\n\n[Install]\nRequiredBy=local-fs.target","enabled":true,"name":"var.mount"},{"contents":"[Unit]\nDescription=Layer %i with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\nBefore=zincati.service\nConditionPathExists=!/var/cache/rpm-ostree-install/%i.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/flock /var/cache/rpm-ostree-install/.lock -c \"/usr/bin/rpm-ostree install --assumeyes --idempotent --apply-live --allow-inactive %i | tee /var/cache/rpm-ostree-install/%i.stamp\"\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"rpm-ostree-install@.service"},{"enabled":true,"name":"rpm-ostree-install@python3.service"},{"enabled":true,"name":"rpm-ostree-install@libselinux-python3.service"},{"enabled":true,"name":"rpm-ostree-install@kubeadm.service"},{"enabled":true,"name":"rpm-ostree-install@kubelet.service"},{"enabled":true,"name":"rpm-ostree-install@kubectl.service"},{"enabled":true,"name":"rpm-ostree-install@cri-o.service"},{"enabled":true,"name":"rpm-ostree-install@htop.service"}]}} diff --git a/ops/fcos/fcos-master2.ign b/ops/fcos/fcos-master2.ign @@ -0,0 +1 @@ +{"ignition":{"version":"3.3.0"},"passwd":{"users":[{"name":"core","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]},{"groups":["sudo"],"name":"robot","passwordHash":"$y$j9T$8AHcgGEznx/VnaNnbHufj/$zE.UJBpbrZiIKS3FcVLg.VBawvflIDZYn1dzKhJb7x0","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]}]},"storage":{"directories":[{"path":"/var/cache/rpm-ostree-install"}],"disks":[{"device":"/dev/disk/by-id/coreos-boot-disk","partitions":[{"label":"root","number":4,"resize":true,"sizeMiB":10240},{"label":"var","sizeMiB":0}],"wipeTable":false}],"files":[{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/4yMUcrCMBCE33OKXiAJP/xUEXoCjyAi6XbYQpLukjRgby+i1Nc+zTDM991iG1EWrKh3s4SM4boPZgwVraRhXletF+81UAyM6ihJmxyLcIIjyX5r2ReoVP/zWaSTfZ77R/9vsIQxYRr+DCvTDIqfGrEdtE9C77QRm2Nl03XHuaLZfl87/woAAP//5RZjlPkAAAA="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"path":"/etc/hostname","contents":{"compression":"","source":"data:,fcos-master2"},"mode":420}],"filesystems":[{"device":"/dev/disk/by-partlabel/var","format":"ext4","path":"/var"}]},"systemd":{"units":[{"contents":"# Generated by Butane\n[Unit]\nRequires=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\nAfter=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\n\n[Mount]\nWhere=/var\nWhat=/dev/disk/by-partlabel/var\nType=ext4\n\n[Install]\nRequiredBy=local-fs.target","enabled":true,"name":"var.mount"},{"contents":"[Unit]\nDescription=Layer %i with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\nBefore=zincati.service\nConditionPathExists=!/var/cache/rpm-ostree-install/%i.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/flock /var/cache/rpm-ostree-install/.lock -c \"/usr/bin/rpm-ostree install --assumeyes --idempotent --apply-live --allow-inactive %i | tee /var/cache/rpm-ostree-install/%i.stamp\"\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"rpm-ostree-install@.service"},{"enabled":true,"name":"rpm-ostree-install@python3.service"},{"enabled":true,"name":"rpm-ostree-install@libselinux-python3.service"},{"enabled":true,"name":"rpm-ostree-install@kubeadm.service"},{"enabled":true,"name":"rpm-ostree-install@kubelet.service"},{"enabled":true,"name":"rpm-ostree-install@kubectl.service"},{"enabled":true,"name":"rpm-ostree-install@cri-o.service"},{"enabled":true,"name":"rpm-ostree-install@htop.service"}]}}