From 4ecfea6cfb6aa176329e54c7932302cfeb95827d2881aab24192465f8c8a63af Mon Sep 17 00:00:00 2001 From: Late Night Defender Date: Mon, 25 Nov 2024 01:40:28 +0700 Subject: [PATCH] Add Belle's Butane config --- Belle.bu | 122 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 Belle.bu diff --git a/Belle.bu b/Belle.bu new file mode 100644 index 0000000..d072bc0 --- /dev/null +++ b/Belle.bu @@ -0,0 +1,122 @@ +# Fedora CoreOS Butane config for Belle +# This will: +# 1. Set up "core" user with ssh pubkeys +# 2. Disable Password login over ssh +# 3. Set up rootless access for serial converters and set symlinks +# 4. Set up zram with default configuration +# 5. Set manual LAN IP on eno1 to 192.168.10.41/24, gateway and DNS to 192.168.10.254, there is no firewall on CoreOS +# 6. Set kargs rhgb quiet pcie_aspm=off audit=0 intel_iommu=on +# TODO: Enable linger for user "core": `loginctl enable-linger` +# TODO: enable podman socket for user "core" + +variant: fcos +version: 1.5.0 +passwd: + users: + - name: core + ssh_authorized_keys: + - ssh-ed25519 ... + +kernel_arguments: + should_exist: + - "rhgb" + - "quiet" + - "pcie_aspm=off" + - "audit=0" + - "intel_iommu=on" + +storage: + links: + - path: /etc/localtime + target: ../usr/share/zoneinfo/Asia/Bangkok + files: + - path: /etc/NetworkManager/system-connections/eno1.nmconnection + mode: 0600 + contents: + inline: | + [connection] + id= + uuid= + type=ethernet + interface-name= + timestamp= + + [ethernet] + + [ipv4] + address1=192.168.10.41/24,192.168.10.254 + dns=192.168.10.254; + method=manual + + [ipv6] + addr-gen-mode=eui64 + method=auto + + [proxy] + - path: /etc/hostname + mode: 0644 + contents: + inline: belle + - path: /etc/udev/rules.d/51-smartmeter.rules + mode: 0644 + contents: + inline: SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", MODE="0777", SYMLINK+="ttyUSB_FT232" + - path: /etc/udev/rules.d/50-arduino.rules + mode: 0644 + contents: + inline: SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", MODE="0777", SYMLINK+="ttyUSB_CH340" + - path: /etc/systemd/zram-generator.conf + mode: 0644 + contents: + inline: | + # This config file enables a /dev/zram0 device with the default settings + [zram0] + - path: /etc/sysctl.d/50-unpriv-port.conf + mode: 0644 + contents: + inline: | + net.ipv4.ip_unprivileged_port_start=80 + - path: /etc/ssh/sshd_config.d/60-disable-password-login.conf + mode: 0644 + contents: + inline: | + ChallengeResponseAuthentication no + PasswordAuthentication no + PermitRootLogin no + +systemd: + units: + # Install TTT Starter Pack (htop, git, lm_sensors, smartmontools) + - name: rpm-ostree-install-ttt-starterpack.service + enabled: true + contents: | + [Unit] + Description=Install TTT Starter Pack + Wants=network-online.target + After=network-online.target + Before=zincati.service + ConditionPathExists=!/var/lib/%N.stamp + + [Service] + Type=oneshot + RemainAfterExit=yes + ExecStart=/usr/bin/rpm-ostree install htop git lm_sensors smartmontools + ExecStart=/usr/bin/touch /var/lib/%N.stamp + ExecStart=/usr/bin/systemctl --no-block reboot + + [Install] + WantedBy=multi-user.target + - name: run-media-core-Data1.mount + enabled: true + contents: | + [Unit] + Description=Mount Data1 + + [Mount] + What=UUID= + Where=/run/media/core/Data1 + Type=ext4 + Options=defaults + + [Install] + WantedBy=multi-user.target default.target