From db3cf0017a2593a7d407508c19146f6cc5be36cb Mon Sep 17 00:00:00 2001 From: Jac <11658632+UnconventionalMindset@users.noreply.github.com> Date: Mon, 12 Dec 2022 03:29:28 +0100 Subject: [PATCH] Latest development (#1) * Update install.bu * Update create-ipxe-iso.sh * Update coreos-install.ipxe * Update create-ipxe-iso.sh * temporary sample * triggering action * Update docker-image.yml * Automate ignition file generation from butane * restores previous butane * Automate ignition file generation from butane * Tries to keep var partition * Automate ignition file generation from butane * Adds compose files for apps * Automate ignition file generation from butane * Update coreos-install.ipxe * Automate ignition file generation from butane * Update coreos.bu * Automate ignition file generation from butane * Update coreos-install.ipxe * Automate ignition file generation from butane * Upgrades version * Automate ignition file generation from butane * Adds vim and docker compose * Automate ignition file generation from butane * Update coreos-install.ipxe * Automate ignition file generation from butane * Update README.md * Automate ignition file generation from butane * Automates containers creation * Automate ignition file generation from butane * UID and GID in NFS * Automate ignition file generation from butane * remove binding * Automate ignition file generation from butane * Update coreos.bu * Automate ignition file generation from butane * adds guid * group * removes pcloud due to issues * fixes uid and guid * Fixes group and user * Automate ignition file generation from butane * fixes port * Automate ignition file generation from butane * mariadb install and enable (prototype) * Automate ignition file generation from butane * removes mariadb, changes guid to 1000 * Automate ignition file generation from butane * fixes * Automate ignition file generation from butane * fixes z2mqtt permission, adds dialout group * Automate ignition file generation from butane * no need to create dialout (ignition would fail * Automate ignition file generation from butane * testing group without name * Automate ignition file generation from butane * removing due to coreos bug: https://github.com/coreos/fedora-coreos-tracker/issues/155 * Automate ignition file generation from butane * depends * Automate ignition file generation from butane * jellyfin folders * Automate ignition file generation from butane * rename * Automate ignition file generation from butane * removes old option * Automate ignition file generation from butane * password not needed anymore (was temporary) * Automate ignition file generation from butane * new github action for multiple butane files * fixes paths * action * fixes action * Automate ignition file generation from butane * Splits butane into multiple configs * fixes butane * Fixes remote butanes * Automate ignition file generation from butane --- .github/workflows/docker-image.yml | 14 +-- README.md | 1 - apps/hass/docker-compose.yml | 17 ++++ apps/jellyfin/docker-compose.yml | 22 ++++ apps/mosquitto/docker-compose.yml | 15 +++ apps/zigbee2mqtt/docker-compose.yml | 19 ++++ butane/apps.bu | 109 ++++++++++++++++++++ butane/coreos.bu | 75 ++++++++++++++ butane/install-programs.bu | 64 ++++++++++++ install.bu => butane/install.bu | 2 +- butane/network.bu | 31 ++++++ butane/nfs.bu | 19 ++++ butane/users_and_groups.bu | 14 +++ coreos-install.ipxe | 6 +- coreos.bu | 150 ---------------------------- coreos.ign | 88 ---------------- create-ipxe-iso.sh | 5 +- ignition/coreos.ign | 67 +++++++++++++ install.ign => ignition/install.ign | 2 +- 19 files changed, 467 insertions(+), 253 deletions(-) create mode 100644 apps/hass/docker-compose.yml create mode 100644 apps/jellyfin/docker-compose.yml create mode 100644 apps/mosquitto/docker-compose.yml create mode 100644 apps/zigbee2mqtt/docker-compose.yml create mode 100644 butane/apps.bu create mode 100644 butane/coreos.bu create mode 100644 butane/install-programs.bu rename install.bu => butane/install.bu (78%) create mode 100644 butane/network.bu create mode 100644 butane/nfs.bu create mode 100644 butane/users_and_groups.bu delete mode 100644 coreos.bu delete mode 100644 coreos.ign create mode 100644 ignition/coreos.ign rename install.ign => ignition/install.ign (69%) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index f74332a..5bef667 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -1,4 +1,4 @@ -name: Docker Buton to Ignite +name: Docker Butane to Ignite on: push: @@ -16,12 +16,12 @@ jobs: - uses: actions/checkout@v3 - name: Build the Docker image run: | - rm -f coreos.ign - rm -f install.ign - docker run -i --rm quay.io/coreos/butane:release --pretty --strict < coreos.bu > coreos.ign - docker run -i --rm quay.io/coreos/butane:release --pretty --strict < install.bu > install.ign - docker run -i --rm quay.io/coreos/ignition-validate:release - < coreos.ign - docker run -i --rm quay.io/coreos/ignition-validate:release - < install.ign + for entry in "butane"/* + do + filename=$(basename $entry .bu) + docker run -i --rm quay.io/coreos/butane:release --pretty --strict < butane/$filename.bu > ignition/$filename.ign + docker run -i --rm quay.io/coreos/ignition-validate:release - < ignition/$filename.ign + done git config --global user.name 'UnconventionalMindset' git config --global user.email '11658632+UnconventionalMindset@users.noreply.github.com' git commit --allow-empty -am "Automate ignition file generation from butane" diff --git a/README.md b/README.md index 82221aa..300ea04 100644 --- a/README.md +++ b/README.md @@ -4,4 +4,3 @@ - [x] Github action to convert Butane to Ignite. - [x] Creation of ISO image that automatically install Fedora Core OS using the `coreos.ign` present in this repo from its url. Used for provisioning in my Proxmox. -Current script to embed the ignite to the iso is here: https://gist.github.com/UnconventionalMindset/632f3892e2149ac826af90892d0cca13 diff --git a/apps/hass/docker-compose.yml b/apps/hass/docker-compose.yml new file mode 100644 index 0000000..c6fc23b --- /dev/null +++ b/apps/hass/docker-compose.yml @@ -0,0 +1,17 @@ +--- +version: "3" +services: + homeassistant: + image: lscr.io/linuxserver/homeassistant:latest + container_name: hass + network_mode: host + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Zurich + volumes: + - /var/mnt/shared/apps/docker/homeassistant/config:/config + # ports: + # - 8123:8123 + restart: unless-stopped + privileged: true diff --git a/apps/jellyfin/docker-compose.yml b/apps/jellyfin/docker-compose.yml new file mode 100644 index 0000000..5dfd775 --- /dev/null +++ b/apps/jellyfin/docker-compose.yml @@ -0,0 +1,22 @@ +--- +version: "3.3" +services: + jellyfin: + image: lscr.io/linuxserver/jellyfin:latest + container_name: jellyfin + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Zurich + - JELLYFIN_PublishedServerUrl=192.168.31.200 #optional + volumes: + - /var/mnt/shared/apps/docker/jellyfin/config:/config + - /var/mnt/shared/apps/files/series:/data/tvshows + - /var/mnt/shared/apps/files/films:/data/movies + ports: + - 8096:8096 + - 8920:8920 + - 7359:7359/udp + - 1901:1900/udp + restart: unless-stopped + privileged: true \ No newline at end of file diff --git a/apps/mosquitto/docker-compose.yml b/apps/mosquitto/docker-compose.yml new file mode 100644 index 0000000..c64cf03 --- /dev/null +++ b/apps/mosquitto/docker-compose.yml @@ -0,0 +1,15 @@ +services: + mosquitto: + container_name: mosquitto + image: eclipse-mosquitto:2 + volumes: + - /var/mnt/shared/apps/docker/mosquitto/config/:/mosquitto/config/:rw + - /var/mnt/shared/apps/docker/mosquitto/log/:/mosquitto/log/ + - /var/mnt/shared/apps/docker/mosquitto/data/:/mosquitto/data/ + ports: + - 1883:1883 + - 9002:9001 + privileged: true + +volumes: + data: ~ \ No newline at end of file diff --git a/apps/zigbee2mqtt/docker-compose.yml b/apps/zigbee2mqtt/docker-compose.yml new file mode 100644 index 0000000..b575bb9 --- /dev/null +++ b/apps/zigbee2mqtt/docker-compose.yml @@ -0,0 +1,19 @@ +version: '3.8' +services: + zigbee2mqtt: + container_name: zigbee2mqtt + image: koenkk/zigbee2mqtt + restart: unless-stopped + user: 1000:1000 + depends_on: + - mosquitto + volumes: + - /var/mnt/shared/apps/docker/z2mqtt/config:/app/data + - /run/udev:/run/udev:ro + ports: + # Frontend port + - 8080:8080 + environment: + - TZ=Europe/Zurich + devices: + - /dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_22fe32bb2286ec118b52631719c2d21c-if00-port0:/dev/ttyUSB0 \ No newline at end of file diff --git a/butane/apps.bu b/butane/apps.bu new file mode 100644 index 0000000..87f4952 --- /dev/null +++ b/butane/apps.bu @@ -0,0 +1,109 @@ +variant: fcos +version: 1.4.0 +storage: + files: + - path: /var/home/core/download-apps-docker-composes.sh + overwrite: true + contents: + inline: | + #!/usr/bin/bash + git clone --filter=blob:none --branch dev --no-checkout --depth 1 --sparse https://github.com/UnconventionalMindset/coreos-setup.git /var/home/core/coreos-setup + cd /var/home/core/coreos-setup + git sparse-checkout set apps + git checkout + mkdir /etc/docker/compose/ + mv /var/home/core/coreos-setup/apps/* /etc/docker/compose/ + rm -rf /var/home/core/coreos-setup + - path: /var/home/core/deploy-stack.sh + overwrite: true + contents: + inline: | + #!/usr/bin/bash + composes=($(ls /etc/docker/compose/)) + for (( i = 0; i < ${#composes[@]} ; i++ )); do + systemctl start docker-compose@${composes[$i]} + done + +systemd: + units: + - name: download-apps-docker-composes.service + enabled: true + contents: | + [Unit] + Description=Downloads apps docker composes + Wants=network-online.target + After=network-online.target + ConditionPathExists=!/var/lib/%N.stamp + + [Service] + Type=oneshot + RemainAfterExit=yes + ExecStart=/usr/bin/bash /var/home/core/download-apps-docker-composes.sh + ExecStart=/bin/touch /var/lib/%N.stamp + + [Install] + WantedBy=multi-user.target + - name: docker-compose@.service + contents: | + [Unit] + Description=%i service with docker compose + PartOf=docker.service + Wants=network-online.target docker.service rpm-ostree-install-docker-compose.service + After=network-online.target rpm-ostree-install-docker-compose.service + + [Service] + Type=oneshot + RemainAfterExit=true + WorkingDirectory=/etc/docker/compose/%i + ExecStart=/usr/bin/docker-compose up -d --remove-orphans + ExecStop=/usr/bin/docker-compose down + + [Install] + WantedBy=multi-user.target + - name: deploy-stack.service + enabled: true + contents: | + [Unit] + Description=Deploy stack with docker compose + Wants=network-online.target docker.service rpm-ostree-install-docker-compose.service download-apps-docker-composes.service + After=network-online.target rpm-ostree-install-docker-compose.service download-apps-docker-composes.service + + [Service] + Type=oneshot + RemainAfterExit=true + ExecStart=/usr/bin/bash /var/home/core/deploy-stack.sh + + [Install] + WantedBy=multi-user.target + - name: docker.portainer.service + enabled: true + contents: |- + [Unit] + Description=Portainer Admin Container + After=docker.service var-mnt-shared.mount + Requires=docker.service network.target network-online.target + + [Service] + Type=oneshot + RemainAfterExit=yes + TimeoutStartSec=0 + ExecStartPre=-/usr/bin/docker stop %n + ExecStartPre=-/usr/bin/docker rm %n + ExecStartPre=/usr/bin/docker pull portainer/portainer-ce:latest + ExecStart=-/usr/bin/mkdir -p /mnt/shared/apps/docker/portainer + # Privileged mode is required for binding to local socket to work due to SELINUX (https://github.com/portainer/portainer/issues/849) + ExecStart=/usr/bin/docker run \ + --privileged=true \ + -d \ + -p 9000:9000 \ + --name %n \ + --restart always \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v /mnt/shared/apps/docker/portainer:/data \ + portainer/portainer-ce:latest \ + --templates https://raw.githubusercontent.com/UnconventionalMindset/portainer/main/template.json \ + --admin-password-file /data/.secrets/portainer_pass + ExecStop=/usr/bin/docker stop -t 15 %n + + [Install] + WantedBy=multi-user.target diff --git a/butane/coreos.bu b/butane/coreos.bu new file mode 100644 index 0000000..03724cb --- /dev/null +++ b/butane/coreos.bu @@ -0,0 +1,75 @@ +variant: fcos +version: 1.4.0 +ignition: + config: + merge: + - source: https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/apps.ign + - source: https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/install-programs.ign + - source: https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/network.ign + - source: https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/nfs.ign + - source: https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/users_and_groups.ign + +storage: + files: + - path: /etc/profile.d/systemd-pager.sh + mode: 0644 + contents: + inline: | + # Tell systemd to not use a pager when printing information + export SYSTEMD_PAGER=cat + - path: /etc/sysctl.d/20-silence-audit.conf + mode: 0644 + contents: + inline: | + # Raise console message logging level from DEBUG (7) to WARNING (4) + # to hide audit messages from the interactive console + kernel.printk=4 + +systemd: + units: + - name: serial-getty@ttyS0.service + dropins: + - name: autologin-core.conf + contents: | + [Service] + # Override Execstart in main unit + ExecStart= + # Add new Execstart with `-` prefix to ignore failure + ExecStart=-/usr/sbin/agetty --autologin core --noclear %I $TERM + TTYVTDisallocate=no + - name: failure.service + enabled: true + contents: | + [Service] + Type=oneshot + ExecStart=/usr/bin/false + RemainAfterExit=yes + + [Install] + WantedBy=multi-user.target + - name: etcd-member.service + enabled: true + contents: | + [Unit] + Description=Run a single node etcd + After=network-online.target + Wants=network-online.target + + [Service] + ExecStartPre=mkdir -p /var/lib/etcd + ExecStartPre=-/bin/podman kill etcd + ExecStartPre=-/bin/podman rm etcd + ExecStartPre=-/bin/podman pull quay.io/coreos/etcd + ExecStart=/bin/podman run --name etcd --net=host \ + --volume /var/lib/etcd:/etcd-data:z \ + quay.io/coreos/etcd:latest /usr/local/bin/etcd \ + --data-dir /etcd-data --name node1 \ + --initial-advertise-peer-urls http://127.0.0.1:2380 \ + --listen-peer-urls http://127.0.0.1:2380 \ + --advertise-client-urls http://127.0.0.1:2379 \ + --listen-client-urls http://127.0.0.1:2379 \ + --initial-cluster node1=http://127.0.0.1:2380 + ExecStop=/bin/podman stop etcd + + [Install] + WantedBy=multi-user.target diff --git a/butane/install-programs.bu b/butane/install-programs.bu new file mode 100644 index 0000000..120b934 --- /dev/null +++ b/butane/install-programs.bu @@ -0,0 +1,64 @@ +variant: fcos +version: 1.4.0 +storage: + files: + # Set vim as default editor + # We use `zz-` as prefix to make sure this is processed last in order to + # override any previously set defaults. + - path: /etc/profile.d/zz-default-editor.sh + overwrite: true + contents: + inline: | + export EDITOR=vim +systemd: + units: + # Installing vim as a layered package with rpm-ostree + - name: rpm-ostree-install-vim.service + enabled: true + contents: | + [Unit] + Description=Layer vim with rpm-ostree + Wants=network-online.target + After=network-online.target + # We run before `zincati.service` to avoid conflicting rpm-ostree + # transactions. + Before=zincati.service rpm-ostree-install-docker-compose.service + ConditionPathExists=!/var/lib/%N.stamp + + [Service] + Type=oneshot + RemainAfterExit=yes + # `--allow-inactive` ensures that rpm-ostree does not return an error + # if the package is already installed. This is useful if the package is + # added to the root image in a future Fedora CoreOS release as it will + # prevent the service from failing. + ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive vim + ExecStart=/bin/touch /var/lib/%N.stamp + + [Install] + WantedBy=multi-user.target + # Installing docker-compose as a layered package with rpm-ostree + - name: rpm-ostree-install-docker-compose.service + enabled: true + contents: | + [Unit] + Description=Layer docker-compose with rpm-ostree + Wants=network-online.target + After=network-online.target + # We run before `zincati.service` to avoid conflicting rpm-ostree + # transactions. + Before=zincati.service + ConditionPathExists=!/var/lib/%N.stamp + + [Service] + Type=oneshot + RemainAfterExit=yes + # `--allow-inactive` ensures that rpm-ostree does not return an error + # if the package is already installed. This is useful if the package is + # added to the root image in a future Fedora CoreOS release as it will + # prevent the service from failing. + ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive docker-compose + ExecStart=/bin/touch /var/lib/%N.stamp + + [Install] + WantedBy=multi-user.target \ No newline at end of file diff --git a/install.bu b/butane/install.bu similarity index 78% rename from install.bu rename to butane/install.bu index 837059c..0f19788 100644 --- a/install.bu +++ b/butane/install.bu @@ -5,5 +5,5 @@ storage: - path: /etc/coreos/installer.d/custom.yaml contents: inline: | - ignition-url: https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/main/coreos.ign + ignition-url: https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/coreos.ign dest-device: /dev/sda diff --git a/butane/network.bu b/butane/network.bu new file mode 100644 index 0000000..177534e --- /dev/null +++ b/butane/network.bu @@ -0,0 +1,31 @@ +variant: fcos +version: 1.4.0 +storage: + files: + - path: /etc/NetworkManager/system-connections/wired.nmconnection + mode: 0600 + contents: + inline: | + [connection] + id=wired + uuid=0391d81b-ad5d-3f48-a41b-f157cefe7cb1 + type=ethernet + autoconnect-priority=-999 + interface-name=enp6s18 + + [ethernet] + + [ipv4] + address1=192.168.31.200/24,192.168.31.1 + dns=192.168.31.1;8.8.8.8; + may-fail=false + method=manual + + [ipv6] + addr-gen-mode=stable-privacy + method=auto + - path: /etc/hostname + mode: 0644 + contents: + inline: | + coreos \ No newline at end of file diff --git a/butane/nfs.bu b/butane/nfs.bu new file mode 100644 index 0000000..e741182 --- /dev/null +++ b/butane/nfs.bu @@ -0,0 +1,19 @@ +variant: fcos +version: 1.4.0 +systemd: + units: + - name: var-mnt-shared.mount + enabled: true + contents: | + [Unit] + # After specifies the execution order because Require does not wait for depndencies to finish execution before starting the current service. + After=NetworkManager-wait-online.service + # Depend and start another service. + Wants=NetworkManager-wait-online.service + [Mount] + What=192.168.31.109:/mnt/hdd1tb/shared + Where=/var/mnt/shared + Type=nfs + Options=_netdev,auto + [Install] + WantedBy=local-fs.target \ No newline at end of file diff --git a/butane/users_and_groups.bu b/butane/users_and_groups.bu new file mode 100644 index 0000000..f06f5a1 --- /dev/null +++ b/butane/users_and_groups.bu @@ -0,0 +1,14 @@ +variant: fcos +version: 1.4.0 +passwd: + groups: + - name: homeuser + gid: 1000 + users: + - name: core + uid: 1000 + groups: + - docker + - homeuser + ssh_authorized_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCoPJQAHkfSRIfS05ptesdKwTX7ererHcTZ7pKWi7yUqOQv1e2xpfNBcfx/trwzITJe9N7bwp7t6gpPY2/yBr8F6TenigFWhDaF3Qi9kdSlv64eOsPv6iTg0URH7RE4RQwdArPuwAEBA79BOVoJ0qG/zgn0LOlqYGE/EameYxtgzDJNjXPWOi6OkPKhOEc00+wWGucsCw/8a6rzaMbQHn647yiS7XUJ9/QgMwZ5tqT+Fw/1dxzV4zrWK5MVEXlN5wRZEzukadPQJKyZhhhx3o7MqEVOsTHvyBln6NVJGFawQY7B+ffN/+9n6pEuskWCqngywqAvDXyRS7zD/Dxqv5pjzSQI2fkyuM21oRcKlSYx2AB4L46J6MRJ4ZLA5dhY0fwv868F5VFmJZ2AsDmaGFCqdXTMCv6VRnghJo75oybv+/eoV53NETrTeB4XsPOxSZOHmK93zJzGw2hT4X/ZTvyVbnCyU+Z4sg2iU8ZVE3pHJi8ZQ3hadW0N+CAAmVQ+zsE= nousername diff --git a/coreos-install.ipxe b/coreos-install.ipxe index 6ab43f2..ebe7b15 100644 --- a/coreos-install.ipxe +++ b/coreos-install.ipxe @@ -1,10 +1,10 @@ #!ipxe -set BRANCH main +set BRANCH dev set STREAM stable -set VERSION 36.20221001.3.0 -set CONFIGURL https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/${BRANCH}/coreos.ign +set VERSION 37.20221106.3.0 +set CONFIGURL https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/${BRANCH}/ignition/install.ign set BASEURL https://builds.coreos.fedoraproject.org/prod/streams/${STREAM}/builds/${VERSION}/x86_64 diff --git a/coreos.bu b/coreos.bu deleted file mode 100644 index 6d072a5..0000000 --- a/coreos.bu +++ /dev/null @@ -1,150 +0,0 @@ -variant: fcos -version: 1.4.0 -passwd: - users: - - name: core - groups: - - docker - password_hash: $y$j9T$OVO6S5zyKdrnoYOq99WD31$L/mPYI9vAHqTqRDyT6sVjiMVoov/9GVQoKuRoIEPvNA - ssh_authorized_keys: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCoPJQAHkfSRIfS05ptesdKwTX7ererHcTZ7pKWi7yUqOQv1e2xpfNBcfx/trwzITJe9N7bwp7t6gpPY2/yBr8F6TenigFWhDaF3Qi9kdSlv64eOsPv6iTg0URH7RE4RQwdArPuwAEBA79BOVoJ0qG/zgn0LOlqYGE/EameYxtgzDJNjXPWOi6OkPKhOEc00+wWGucsCw/8a6rzaMbQHn647yiS7XUJ9/QgMwZ5tqT+Fw/1dxzV4zrWK5MVEXlN5wRZEzukadPQJKyZhhhx3o7MqEVOsTHvyBln6NVJGFawQY7B+ffN/+9n6pEuskWCqngywqAvDXyRS7zD/Dxqv5pjzSQI2fkyuM21oRcKlSYx2AB4L46J6MRJ4ZLA5dhY0fwv868F5VFmJZ2AsDmaGFCqdXTMCv6VRnghJo75oybv+/eoV53NETrTeB4XsPOxSZOHmK93zJzGw2hT4X/ZTvyVbnCyU+Z4sg2iU8ZVE3pHJi8ZQ3hadW0N+CAAmVQ+zsE= nousername - -storage: - files: - - path: /etc/NetworkManager/system-connections/wired.nmconnection - mode: 0600 - contents: - inline: | - [connection] - id=wired - uuid=0391d81b-ad5d-3f48-a41b-f157cefe7cb1 - type=ethernet - autoconnect-priority=-999 - interface-name=enp6s18 - - [ethernet] - - [ipv4] - address1=192.168.31.200/24,192.168.31.1 - dns=192.168.31.1;8.8.8.8; - may-fail=false - method=manual - - [ipv6] - addr-gen-mode=stable-privacy - method=auto - - path: /etc/hostname - mode: 0644 - contents: - inline: | - coreos - - path: /etc/profile.d/systemd-pager.sh - mode: 0644 - contents: - inline: | - # Tell systemd to not use a pager when printing information - export SYSTEMD_PAGER=cat - - path: /etc/sysctl.d/20-silence-audit.conf - mode: 0644 - contents: - inline: | - # Raise console message logging level from DEBUG (7) to WARNING (4) - # to hide audit messages from the interactive console - kernel.printk=4 - -systemd: - units: - - name: var-mnt-shared.mount - enabled: true - contents: | - [Unit] - # After specifies the execution order because Require does not wait for depndencies to finish execution before starting the current service. - After=NetworkManager-wait-online.service - # Depend and start another service. - Wants=NetworkManager-wait-online.service - [Mount] - What=192.168.31.109:/mnt/hdd1tb/shared - Where=/var/mnt/shared - Type=nfs - Options=_netdev,auto - [Install] - WantedBy=local-fs.target - - name: docker.portainer.service - enabled: true - contents: |- - [Unit] - Description=Portainer Admin Container - After=docker.service var-mnt-shared.mount - Requires=docker.service network.target network-online.target - - [Service] - Type=oneshot - RemainAfterExit=yes - TimeoutStartSec=0 - ExecStartPre=-/usr/bin/docker stop %n - ExecStartPre=-/usr/bin/docker rm %n - ExecStartPre=/usr/bin/docker pull portainer/portainer-ce:latest - ExecStart=-/usr/bin/mkdir -p /mnt/shared_nfs/portainer_data - # Privileged mode is required for binding to local socket to work due to SELINUX (https://github.com/portainer/portainer/issues/849) - ExecStart=/usr/bin/docker run \ - --privileged=true \ - -d \ - -p 9000:9000 \ - --name %n \ - --restart always \ - -v /var/run/docker.sock:/var/run/docker.sock \ - -v /mnt/shared/apps-volume/docker/portainer:/data \ - portainer/portainer-ce:latest \ - --templates https://raw.githubusercontent.com/UnconventionalMindset/portainer/main/template.json \ - --admin-password-file /data/.secrets/portainer_pass - ExecStop=/usr/bin/docker stop -t 15 %n - - [Install] - WantedBy=multi-user.target - - - name: serial-getty@ttyS0.service - dropins: - - name: autologin-core.conf - contents: | - [Service] - # Override Execstart in main unit - ExecStart= - # Add new Execstart with `-` prefix to ignore failure - ExecStart=-/usr/sbin/agetty --autologin core --noclear %I $TERM - TTYVTDisallocate=no - - name: failure.service - enabled: true - contents: | - [Service] - Type=oneshot - ExecStart=/usr/bin/false - RemainAfterExit=yes - - [Install] - WantedBy=multi-user.target - - name: etcd-member.service - enabled: true - contents: | - [Unit] - Description=Run a single node etcd - After=network-online.target - Wants=network-online.target - - [Service] - ExecStartPre=mkdir -p /var/lib/etcd - ExecStartPre=-/bin/podman kill etcd - ExecStartPre=-/bin/podman rm etcd - ExecStartPre=-/bin/podman pull quay.io/coreos/etcd - ExecStart=/bin/podman run --name etcd --net=host \ - --volume /var/lib/etcd:/etcd-data:z \ - quay.io/coreos/etcd:latest /usr/local/bin/etcd \ - --data-dir /etcd-data --name node1 \ - --initial-advertise-peer-urls http://127.0.0.1:2380 \ - --listen-peer-urls http://127.0.0.1:2380 \ - --advertise-client-urls http://127.0.0.1:2379 \ - --listen-client-urls http://127.0.0.1:2379 \ - --initial-cluster node1=http://127.0.0.1:2380 - ExecStop=/bin/podman stop etcd - - [Install] - WantedBy=multi-user.target diff --git a/coreos.ign b/coreos.ign deleted file mode 100644 index 4f0b2c7..0000000 --- a/coreos.ign +++ /dev/null @@ -1,88 +0,0 @@ -{ - "ignition": { - "version": "3.3.0" - }, - "passwd": { - "users": [ - { - "groups": [ - "docker" - ], - "name": "core", - "passwordHash": "$y$j9T$OVO6S5zyKdrnoYOq99WD31$L/mPYI9vAHqTqRDyT6sVjiMVoov/9GVQoKuRoIEPvNA", - "sshAuthorizedKeys": [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCoPJQAHkfSRIfS05ptesdKwTX7ererHcTZ7pKWi7yUqOQv1e2xpfNBcfx/trwzITJe9N7bwp7t6gpPY2/yBr8F6TenigFWhDaF3Qi9kdSlv64eOsPv6iTg0URH7RE4RQwdArPuwAEBA79BOVoJ0qG/zgn0LOlqYGE/EameYxtgzDJNjXPWOi6OkPKhOEc00+wWGucsCw/8a6rzaMbQHn647yiS7XUJ9/QgMwZ5tqT+Fw/1dxzV4zrWK5MVEXlN5wRZEzukadPQJKyZhhhx3o7MqEVOsTHvyBln6NVJGFawQY7B+ffN/+9n6pEuskWCqngywqAvDXyRS7zD/Dxqv5pjzSQI2fkyuM21oRcKlSYx2AB4L46J6MRJ4ZLA5dhY0fwv868F5VFmJZ2AsDmaGFCqdXTMCv6VRnghJo75oybv+/eoV53NETrTeB4XsPOxSZOHmK93zJzGw2hT4X/ZTvyVbnCyU+Z4sg2iU8ZVE3pHJi8ZQ3hadW0N+CAAmVQ+zsE= nousername" - ] - } - ] - }, - "storage": { - "files": [ - { - "path": "/etc/NetworkManager/system-connections/wired.nmconnection", - "contents": { - "compression": "gzip", - "source": "data:;base64,H4sIAAAAAAAC/0yPUY6rMAxF/72WFx4GSkFVVoL4MLEzjQQOSkJH7H7U6VSq/Gf5+Nw7uagqroSoMwS23yEJw3EEtnU7Ig+4GOILm9Z3g6EOF+PxcnXi5eoWhHLuYqXcJakUoKPEv4dmTyGmUE5rxnGEoEWSJydGaRMruvcZB4Dpzc4AU9gf3QzEnCRntDg2FfZD1WLV1PX/pvv3sUFgzZ8neBuq37nBRqfxFFbrac0Cm5R7ZLuRHrS+NP1LY75EzRZZbC60rPIM/SB3vpFnH/gJAAD///kksWgjAQAA" - }, - "mode": 384 - }, - { - "path": "/etc/hostname", - "contents": { - "compression": "", - "source": "data:,coreos%0A" - }, - "mode": 420 - }, - { - "path": "/etc/profile.d/systemd-pager.sh", - "contents": { - "compression": "", - "source": "data:,%23%20Tell%20systemd%20to%20not%20use%20a%20pager%20when%20printing%20information%0Aexport%20SYSTEMD_PAGER%3Dcat%0A" - }, - "mode": 420 - }, - { - "path": "/etc/sysctl.d/20-silence-audit.conf", - "contents": { - "compression": "", - "source": "data:,%23%20Raise%20console%20message%20logging%20level%20from%20DEBUG%20(7)%20to%20WARNING%20(4)%0A%23%20to%20hide%20audit%20messages%20from%20the%20interactive%20console%0Akernel.printk%3D4%0A" - }, - "mode": 420 - } - ] - }, - "systemd": { - "units": [ - { - "contents": "[Unit]\n# After specifies the execution order because Require does not wait for depndencies to finish execution before starting the current service.\nAfter=NetworkManager-wait-online.service\n# Depend and start another service.\nWants=NetworkManager-wait-online.service\n[Mount]\nWhat=192.168.31.109:/mnt/hdd1tb/shared\nWhere=/var/mnt/shared\nType=nfs\nOptions=_netdev,auto\n[Install]\nWantedBy=local-fs.target\n", - "enabled": true, - "name": "var-mnt-shared.mount" - }, - { - "contents": "[Unit]\nDescription=Portainer Admin Container\nAfter=docker.service var-mnt-shared.mount\nRequires=docker.service network.target network-online.target\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nTimeoutStartSec=0\nExecStartPre=-/usr/bin/docker stop %n\nExecStartPre=-/usr/bin/docker rm %n\nExecStartPre=/usr/bin/docker pull portainer/portainer-ce:latest\nExecStart=-/usr/bin/mkdir -p /mnt/shared_nfs/portainer_data\n# Privileged mode is required for binding to local socket to work due to SELINUX (https://github.com/portainer/portainer/issues/849)\nExecStart=/usr/bin/docker run \\\n --privileged=true \\\n -d \\\n -p 9000:9000 \\\n --name %n \\\n --restart always \\\n -v /var/run/docker.sock:/var/run/docker.sock \\\n -v /mnt/shared/apps-volume/docker/portainer:/data \\\n portainer/portainer-ce:latest \\\n --templates https://raw.githubusercontent.com/UnconventionalMindset/portainer/main/template.json \\\n --admin-password-file /data/.secrets/portainer_pass\nExecStop=/usr/bin/docker stop -t 15 %n\n\n[Install]\nWantedBy=multi-user.target", - "enabled": true, - "name": "docker.portainer.service" - }, - { - "dropins": [ - { - "contents": "[Service]\n# Override Execstart in main unit\nExecStart=\n# Add new Execstart with `-` prefix to ignore failure\nExecStart=-/usr/sbin/agetty --autologin core --noclear %I $TERM\nTTYVTDisallocate=no\n", - "name": "autologin-core.conf" - } - ], - "name": "serial-getty@ttyS0.service" - }, - { - "contents": "[Service]\nType=oneshot\nExecStart=/usr/bin/false\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n", - "enabled": true, - "name": "failure.service" - }, - { - "contents": "[Unit]\nDescription=Run a single node etcd\nAfter=network-online.target\nWants=network-online.target\n\n[Service]\nExecStartPre=mkdir -p /var/lib/etcd\nExecStartPre=-/bin/podman kill etcd\nExecStartPre=-/bin/podman rm etcd\nExecStartPre=-/bin/podman pull quay.io/coreos/etcd\nExecStart=/bin/podman run --name etcd --net=host \\\n --volume /var/lib/etcd:/etcd-data:z \\\n quay.io/coreos/etcd:latest /usr/local/bin/etcd \\\n --data-dir /etcd-data --name node1 \\\n --initial-advertise-peer-urls http://127.0.0.1:2380 \\\n --listen-peer-urls http://127.0.0.1:2380 \\\n --advertise-client-urls http://127.0.0.1:2379 \\\n --listen-client-urls http://127.0.0.1:2379 \\\n --initial-cluster node1=http://127.0.0.1:2380\nExecStop=/bin/podman stop etcd\n\n[Install]\nWantedBy=multi-user.target\n", - "enabled": true, - "name": "etcd-member.service" - } - ] - } -} diff --git a/create-ipxe-iso.sh b/create-ipxe-iso.sh index be1bbab..8b3b511 100644 --- a/create-ipxe-iso.sh +++ b/create-ipxe-iso.sh @@ -3,6 +3,7 @@ # Check if env is passed [ $# != 1 ] && { echo "Usage: ./create-ipxe-iso.sh "; exit 1; } +branch=$1 download_folder="ipxe" scriptname="${branch}-coreos-install.ipxe" isoname="${branch}-coreos-ipxe.iso" @@ -17,7 +18,7 @@ full_path="$HOME/${download_folder}" apt -y install gcc binutils make perl liblzma-dev mtools genisoimage syslinux isolinux # Cleanup in case script fails -rm -f "$HOME/$scriptname" +rm -f "$HOME/${scriptname}" rm -rf "${full_path}/" rm -f "/var/lib/vz/template/iso/${isoname}" @@ -35,7 +36,7 @@ sed -i 's/#undef[[:space:]]*\(DOWNLOAD_PROTO_HTTPS\)/#define \1/' config/general make bin/ipxe.iso EMBED="$HOME/${scriptname}" # Puts ISO in the right folder to be available in Proxmox -mv bin/ipxe.iso /var/lib/vz/template/iso/coreos-ipxe.iso +mv bin/ipxe.iso /var/lib/vz/template/iso/${isoname} # Cleanup after succeeding rm -f "$HOME/${scriptname}" diff --git a/ignition/coreos.ign b/ignition/coreos.ign new file mode 100644 index 0000000..6ee6145 --- /dev/null +++ b/ignition/coreos.ign @@ -0,0 +1,67 @@ +{ + "ignition": { + "config": { + "merge": [ + { + "source": "https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/apps.ign" + }, + { + "source": "https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/install-programs.ign" + }, + { + "source": "https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/network.ign" + }, + { + "source": "https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/nfs.ign" + }, + { + "source": "https://raw.githubusercontent.com/UnconventionalMindset/coreos-setup/dev/ignition/users_and_groups.ign" + } + ] + }, + "version": "3.3.0" + }, + "storage": { + "files": [ + { + "path": "/etc/profile.d/systemd-pager.sh", + "contents": { + "compression": "", + "source": "data:,%23%20Tell%20systemd%20to%20not%20use%20a%20pager%20when%20printing%20information%0Aexport%20SYSTEMD_PAGER%3Dcat%0A" + }, + "mode": 420 + }, + { + "path": "/etc/sysctl.d/20-silence-audit.conf", + "contents": { + "compression": "", + "source": "data:,%23%20Raise%20console%20message%20logging%20level%20from%20DEBUG%20(7)%20to%20WARNING%20(4)%0A%23%20to%20hide%20audit%20messages%20from%20the%20interactive%20console%0Akernel.printk%3D4%0A" + }, + "mode": 420 + } + ] + }, + "systemd": { + "units": [ + { + "dropins": [ + { + "contents": "[Service]\n# Override Execstart in main unit\nExecStart=\n# Add new Execstart with `-` prefix to ignore failure\nExecStart=-/usr/sbin/agetty --autologin core --noclear %I $TERM\nTTYVTDisallocate=no\n", + "name": "autologin-core.conf" + } + ], + "name": "serial-getty@ttyS0.service" + }, + { + "contents": "[Service]\nType=oneshot\nExecStart=/usr/bin/false\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "failure.service" + }, + { + "contents": "[Unit]\nDescription=Run a single node etcd\nAfter=network-online.target\nWants=network-online.target\n\n[Service]\nExecStartPre=mkdir -p /var/lib/etcd\nExecStartPre=-/bin/podman kill etcd\nExecStartPre=-/bin/podman rm etcd\nExecStartPre=-/bin/podman pull quay.io/coreos/etcd\nExecStart=/bin/podman run --name etcd --net=host \\\n --volume /var/lib/etcd:/etcd-data:z \\\n quay.io/coreos/etcd:latest /usr/local/bin/etcd \\\n --data-dir /etcd-data --name node1 \\\n --initial-advertise-peer-urls http://127.0.0.1:2380 \\\n --listen-peer-urls http://127.0.0.1:2380 \\\n --advertise-client-urls http://127.0.0.1:2379 \\\n --listen-client-urls http://127.0.0.1:2379 \\\n --initial-cluster node1=http://127.0.0.1:2380\nExecStop=/bin/podman stop etcd\n\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "etcd-member.service" + } + ] + } +} diff --git a/install.ign b/ignition/install.ign similarity index 69% rename from install.ign rename to ignition/install.ign index 5e11ac4..58dff0f 100644 --- a/install.ign +++ b/ignition/install.ign @@ -8,7 +8,7 @@ "path": "/etc/coreos/installer.d/custom.yaml", "contents": { "compression": "", - "source": "data:,ignition-url%3A%20https%3A%2F%2Fraw.githubusercontent.com%2FUnconventionalMindset%2Fcoreos-setup%2Fmain%2Fcoreos.ign%0Adest-device%3A%20%2Fdev%2Fsda%0A" + "source": "data:,ignition-url%3A%20https%3A%2F%2Fraw.githubusercontent.com%2FUnconventionalMindset%2Fcoreos-setup%2Fdev%2Fignition%2Fcoreos.ign%0Adest-device%3A%20%2Fdev%2Fsda%0A" } } ]