-
Notifications
You must be signed in to change notification settings - Fork 0
/
bootstrap.yml
59 lines (53 loc) · 1.64 KB
/
bootstrap.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
variant: fcos
version: 1.0.0
ignition:
config:
merge:
- source: https://raw.githubusercontent.com/gtherond/ignition/master/build/runtime.ign
# Allowing a remote privileged user login for DEBUG and RECOVERY purpose, this key should be stored securely and only available to
# a restricted amount of authorized and properly identified people.
passwd:
users:
- name: core
ssh_authorized_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuOd04cEYQXzbnR+bXsKWhHqrcUkTMOodP62JcZPMN2"
- name: zincati
system: true
no_create_home: true
groups:
- zincati
# Create an update wariness and reboot strategy, as we're not in a clustered environment we don't use fleet_lock reboot strategy.
# Give the seedbox a static name as it needs to be easily discoverable either using DNS or mDNS.
# Install required common containers.
storage:
files:
- path: /etc/hostname
mode: 0640
contents:
inline: |
ns1.bitswalk.net
- path: /etc/zincati/config.d/51-rollout-wariness.toml
mode: 0640
user:
name: zincati
group:
name: zincati
contents:
inline: |
[identity]
rollout_wariness = 0.5
- path: /etc/zincati/config.d/55-updates-strategy.toml
mode: 0640
user:
name: zincati
group:
name: zincati
contents:
inline: |
[updates]
strategy = "immediate"
- path: /var/lib/vault/config/config.json
mode: 0640
overwrite: true
contents:
source: https://raw.githubusercontent.com/gtherond/ignition/master/config/secretsManager/config.json