home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

fcos-worker.bu (4781B)


      1 variant: fcos
      2 version: 1.4.0
      3 passwd:
      4   users:
      5     - name: core
      6       ssh_authorized_keys:
      7         - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu
      8         - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku
      9         - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832
     10     - name: robot
     11       password_hash: "$y$j9T$8AHcgGEznx/VnaNnbHufj/$zE.UJBpbrZiIKS3FcVLg.VBawvflIDZYn1dzKhJb7x0"
     12       ssh_authorized_keys:
     13         - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu
     14         - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku
     15         - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832
     16       groups: [ sudo ]
     17 storage:
     18   directories:
     19     - path: /var/cache/rpm-ostree-install
     20   files:
     21     # CRI-O DNF module
     22     - path: /etc/dnf/modules.d/cri-o.module
     23       mode: 0644
     24       overwrite: true
     25       contents:
     26         inline: |
     27           [cri-o]
     28           name=cri-o
     29           stream=1.29
     30           profiles=
     31           state=enabled
     32     # YUM repository for kubeadm, kubelet and kubectl
     33     - path: /etc/yum.repos.d/kubernetes.repo
     34       mode: 0644
     35       overwrite: true
     36       contents:
     37         inline: |
     38           [kubernetes]
     39           name=Kubernetes
     40           baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-aarch64
     41           enabled=1
     42           gpgcheck=1
     43           gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
     44             https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
     45     # configuring automatic loading of br_netfilter on startup
     46     - path: /etc/modules-load.d/br_netfilter.conf
     47       mode: 0644
     48       overwrite: true
     49       contents:
     50         inline: br_netfilter
     51     # setting kernel parameters required by kubelet
     52     - path: /etc/sysctl.d/kubernetes.conf
     53       mode: 0644
     54       overwrite: true
     55       contents:
     56         inline: |
     57           net.bridge.bridge-nf-call-iptables=1
     58           net.ipv4.ip_forward=1
     59     - path: /etc/hostname
     60       mode: 0644
     61       contents:
     62         inline: ~HOSTNAME~
     63   disks:
     64   - # The link to the block device the OS was booted from.
     65     device: /dev/disk/by-id/coreos-boot-disk
     66     # We do not want to wipe the partition table since this is the primary
     67     # device.
     68     wipe_table: false
     69     partitions:
     70     - number: 4
     71       label: root
     72       size_mib: 15360 # 15GB
     73       resize: true
     74     - size_mib: 0
     75       # We assign a descriptive label to the partition. This is important
     76       # for referring to it in a device-agnostic way in other parts of the
     77       # configuration.
     78       label: var
     79   filesystems:
     80     - path: /var
     81       device: /dev/disk/by-partlabel/var
     82       # We can select the filesystem we'd like.
     83       format: ext4
     84       # Ask Butane to generate a mount unit for us so that this filesystem
     85       # gets mounted in the real root.
     86       with_mount_unit: true
     87 
     88 systemd:
     89   units:
     90     - name: rpm-ostree-install@.service
     91       enabled: true
     92       contents: |
     93         [Unit]
     94         Description=Layer %i with rpm-ostree
     95         Wants=network-online.target
     96         After=network-online.target
     97         Before=zincati.service
     98         ConditionPathExists=!/var/cache/rpm-ostree-install/%i.stamp
     99 
    100         [Service]
    101         Type=oneshot
    102         RemainAfterExit=yes
    103         ExecStart=/usr/bin/flock /var/cache/rpm-ostree-install/.lock -c "/usr/bin/rpm-ostree install --assumeyes --idempotent --apply-live --allow-inactive %i | tee /var/cache/rpm-ostree-install/%i.stamp"
    104 
    105         [Install]
    106         WantedBy=multi-user.target
    107     - name: rpm-ostree-install@python3.service
    108       enabled: true
    109     - name: rpm-ostree-install@libselinux-python3.service
    110       enabled: true
    111     - name: rpm-ostree-install@kubeadm.service
    112       enabled: true
    113     - name: rpm-ostree-install@kubelet.service
    114       enabled: true
    115     - name: rpm-ostree-install@kubectl.service
    116       enabled: true
    117     - name: rpm-ostree-install@cri-o.service
    118       enabled: true
    119     - name: rpm-ostree-install@htop.service
    120       enabled: true