feat: New instance

2024-01-04 17:36:47 +01:00 · 2024-01-04 17:36:47 +01:00 · 248683b813
commit 248683b813
parent 02534685a1
5 changed files with 105 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -1,3 +1,11 @@
 # coreos

-Contient les fichiers d'initialisation de CoreOS.
+Contient les fichiers d'initialisation de CoreOS.
+
+## Butane
+
+To convert yml in ignition file, use this command:
+
+```bash
+$ file=borgwarehouse-pumbaa.gaia.ykn.local; bin/butane-x86_64-unknown-linux-gnu --output $file.ign $file.yml
+```
--- a/bin/butane-x86_64-unknown-linux-gnu
+++ b/bin/butane-x86_64-unknown-linux-gnu
--- a/bin/ignition-validate-x86_64-linux
+++ b/bin/ignition-validate-x86_64-linux
--- a/borgwarehouse-pumbaa.gaia.ykn.local.ign
+++ b/borgwarehouse-pumbaa.gaia.ykn.local.ign
@ -0,0 +1 @@
+{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"name":"core","shouldExist":false},{"groups":["sudo"],"name":"ansible","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNxxMmKSUHibYrlwyhx6UzyEAIPrghuQ/2fiCvcGAfh ansible","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPerG1LAvNuuwuMnlExCyfsRwGqrM1U3C/aUtuXqhyu bot_ansible"]},{"groups":["sudo"],"name":"alegall","passwordHash":"$y$j9T$61LMkIUWS6N.UQv3U4pxM1$Eodnc23AtXOvQMqm/qgqv7blGot4/8.OUsgIZazV9ND","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXrbcIwTQkJPlURJTePjQXAE4Q1lCjPp2JW/Y/oxXzp alegall@mufasa","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP/JatXrf/HkF8HAnL5JmC05DHmUcgB7/eptDeD7kAP5 alegall@zazu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFI2/UosyrHbR3NVB8JDWbhNnmTLMS6EuCRG52hP50Vh alegall@smartphone","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINwBIdvpiFgEzP2B+h3KIFmmxh1l7MVetGy2cThmpxcP alegall@sightcall"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/profile.d/zz-default-editor.sh","contents":{"compression":"","source":"data:,export%20EDITOR%3Dvim%0A"}},{"path":"/etc/hostname","contents":{"compression":"","source":"data:,borgwarehouse-pumbaa.gaia.ykn.local"},"mode":420},{"path":"/etc/vconsole.conf","contents":{"compression":"","source":"data:,KEYMAP%3Dfr"},"mode":420},{"path":"/etc/NetworkManager/system-connections/ens3.nmconnection","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/3SPwW7DIAyG7zzLYCHtqiYVT1L14IIJaGAiMJvy9lOaw6RJO9r6/X+f77YQoeVY6CGiM0jtJHhb0SAHrIQsIjFWDxYlQcYjIe5x/To/BDhXsTVt9DQqfbkqrfTwPp7ffufx4yxcsKsMpfGr4Vnq8g0VQ+kN5drzE0AtEEFtn6RSsZCEo2b0dFJaD+qq1XTbN7IhVBvMn2xcqFSU0LnI/Y5rR5Fhkx5iMh5SQ5GRQ3EmA3VIh/7l0JcLkszFoXHooSd+sUcY/OztdZjn6fYP4ajcfxM/AQAA//8KiTIVRwEAAA=="},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nDescription=Layer vim with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\n# We run before `zincati.service` to avoid conflicting rpm-ostree\n# transactions.\nBefore=zincati.service\nConditionPathExists=!/var/lib/%N.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\n# `--allow-inactive` ensures that rpm-ostree does not return an error\n# if the package is already installed. This is useful if the package is\n# added to the root image in a future Fedora CoreOS release as it will\n# prevent the service from failing.\nExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive vim vim-airline\nExecStart=/bin/touch /var/lib/%N.stamp\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"rpm-ostree-install-vim.service"}]}}
--- a/borgwarehouse-pumbaa.gaia.ykn.local.yml
+++ b/borgwarehouse-pumbaa.gaia.ykn.local.yml
@ -0,0 +1,95 @@
+---
+
+variant: fcos
+version: 1.5.0
+systemd:
+  units:
+    # Installing vim as a layered package with rpm-ostree
+    - name: rpm-ostree-install-vim.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Layer vim with rpm-ostree
+        Wants=network-online.target
+        After=network-online.target
+        # We run before `zincati.service` to avoid conflicting rpm-ostree
+        # transactions.
+        Before=zincati.service
+        ConditionPathExists=!/var/lib/%N.stamp
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=yes
+        # `--allow-inactive` ensures that rpm-ostree does not return an error
+        # if the package is already installed. This is useful if the package is
+        # added to the root image in a future Fedora CoreOS release as it will
+        # prevent the service from failing.
+        ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive vim vim-airline
+        ExecStart=/bin/touch /var/lib/%N.stamp
+
+        [Install]
+        WantedBy=multi-user.target
+storage:
+  files:
+    # Set vim as default editor
+    # We use `zz-` as prefix to make sure this is processed last in order to
+    # override any previously set defaults.
+    - path: /etc/profile.d/zz-default-editor.sh
+      overwrite: true
+      contents:
+        inline: |
+          export EDITOR=vim
+
+    - path: /etc/hostname
+      mode: 0644
+      contents:
+        inline: borgwarehouse-pumbaa.gaia.ykn.local
+
+    - path: /etc/vconsole.conf
+      mode: 0644
+      contents:
+        inline: KEYMAP=fr
+
+    - path: /etc/NetworkManager/system-connections/ens3.nmconnection
+      mode: 0600
+      contents:
+        inline: |
+          [connection]
+          id=ens3
+          type=ethernet
+          interface-name=ens3
+
+          [ipv4]
+          address1=192.168.1.10/24,192.168.1.254
+          dhcp-hostname=borgwarehouse-pumbaa.gaia.ykn.local
+          dns=193.110.81.9;
+          dns-search=gaia.ykn.local
+          ignore-auto-dns=true
+          may-fail=false
+          method=manual
+
+          [ipv6]
+          addr-gen-mode=default
+          dns=2a0f:fc80::9;
+          ignore-auto-dns=true
+          method=dhcp
+
+passwd:
+  users:
+    - name: core
+      should_exist: false
+    - name: ansible
+      groups:
+        - sudo
+      ssh_authorized_keys:
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNxxMmKSUHibYrlwyhx6UzyEAIPrghuQ/2fiCvcGAfh ansible
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPerG1LAvNuuwuMnlExCyfsRwGqrM1U3C/aUtuXqhyu bot_ansible
+    - name: alegall
+      password_hash: $y$j9T$61LMkIUWS6N.UQv3U4pxM1$Eodnc23AtXOvQMqm/qgqv7blGot4/8.OUsgIZazV9ND
+      groups:
+        - sudo
+      ssh_authorized_keys: 
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXrbcIwTQkJPlURJTePjQXAE4Q1lCjPp2JW/Y/oxXzp alegall@mufasa
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP/JatXrf/HkF8HAnL5JmC05DHmUcgB7/eptDeD7kAP5 alegall@zazu
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFI2/UosyrHbR3NVB8JDWbhNnmTLMS6EuCRG52hP50Vh alegall@smartphone
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINwBIdvpiFgEzP2B+h3KIFmmxh1l7MVetGy2cThmpxcP alegall@sightcall
				`@ -0,0 +1 @@`
				{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"name":"core","shouldExist":false},{"groups":["sudo"],"name":"ansible","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNxxMmKSUHibYrlwyhx6UzyEAIPrghuQ/2fiCvcGAfh ansible","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPerG1LAvNuuwuMnlExCyfsRwGqrM1U3C/aUtuXqhyu bot_ansible"]},{"groups":["sudo"],"name":"alegall","passwordHash":"$y$j9T$61LMkIUWS6N.UQv3U4pxM1$Eodnc23AtXOvQMqm/qgqv7blGot4/8.OUsgIZazV9ND","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXrbcIwTQkJPlURJTePjQXAE4Q1lCjPp2JW/Y/oxXzp alegall@mufasa","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP/JatXrf/HkF8HAnL5JmC05DHmUcgB7/eptDeD7kAP5 alegall@zazu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFI2/UosyrHbR3NVB8JDWbhNnmTLMS6EuCRG52hP50Vh alegall@smartphone","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINwBIdvpiFgEzP2B+h3KIFmmxh1l7MVetGy2cThmpxcP alegall@sightcall"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/profile.d/zz-default-editor.sh","contents":{"compression":"","source":"data:,export%20EDITOR%3Dvim%0A"}},{"path":"/etc/hostname","contents":{"compression":"","source":"data:,borgwarehouse-pumbaa.gaia.ykn.local"},"mode":420},{"path":"/etc/vconsole.conf","contents":{"compression":"","source":"data:,KEYMAP%3Dfr"},"mode":420},{"path":"/etc/NetworkManager/system-connections/ens3.nmconnection","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/3SPwW7DIAyG7zzLYCHtqiYVT1L14IIJaGAiMJvy9lOaw6RJO9r6/X+f77YQoeVY6CGiM0jtJHhb0SAHrIQsIjFWDxYlQcYjIe5x/To/BDhXsTVt9DQqfbkqrfTwPp7ffufx4yxcsKsMpfGr4Vnq8g0VQ+kN5drzE0AtEEFtn6RSsZCEo2b0dFJaD+qq1XTbN7IhVBvMn2xcqFSU0LnI/Y5rR5Fhkx5iMh5SQ5GRQ3EmA3VIh/7l0JcLkszFoXHooSd+sUcY/OztdZjn6fYP4ajcfxM/AQAA//8KiTIVRwEAAA=="},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nDescription=Layer vim with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\n# We run before `zincati.service` to avoid conflicting rpm-ostree\n# transactions.\nBefore=zincati.service\nConditionPathExists=!/var/lib/%N.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\n# `--allow-inactive` ensures that rpm-ostree does not return an error\n# if the package is already installed. This is useful if the package is\n# added to the root image in a future Fedora CoreOS release as it will\n# prevent the service from failing.\nExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive vim vim-airline\nExecStart=/bin/touch /var/lib/%N.stamp\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"rpm-ostree-install-vim.service"}]}}