# Fedora CoreOS Butane config for Belle # This will: # 1. Set up "core" user with ssh pubkeys # 2. Disable Password login over ssh # 3. Set up rootless access for serial converters and set symlinks # 4. Set up zram with default configuration # 5. Set manual LAN IP on eno1 to 192.168.10.41/24, gateway and DNS to 192.168.10.254, there is no firewall on CoreOS # 6. Set kargs rhgb quiet pcie_aspm=off audit=0 intel_iommu=on # TODO: Enable linger for user "core": `loginctl enable-linger` # TODO: enable podman socket for user "core" variant: fcos version: 1.5.0 passwd: users: - name: core ssh_authorized_keys: - ssh-ed25519 ... kernel_arguments: should_exist: - "rhgb" - "quiet" - "pcie_aspm=off" - "audit=0" - "intel_iommu=on" storage: links: - path: /etc/localtime target: ../usr/share/zoneinfo/Asia/Bangkok files: - path: /etc/NetworkManager/system-connections/eno1.nmconnection mode: 0600 contents: inline: | [connection] id= uuid= type=ethernet interface-name= timestamp= [ethernet] [ipv4] address1=192.168.10.41/24,192.168.10.254 dns=192.168.10.254; method=manual [ipv6] addr-gen-mode=eui64 method=auto [proxy] - path: /etc/hostname mode: 0644 contents: inline: belle - path: /etc/udev/rules.d/51-smartmeter.rules mode: 0644 contents: inline: SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", MODE="0777", SYMLINK+="ttyUSB_FT232" - path: /etc/udev/rules.d/50-arduino.rules mode: 0644 contents: inline: SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", MODE="0777", SYMLINK+="ttyUSB_CH340" - path: /etc/systemd/zram-generator.conf mode: 0644 contents: inline: | # This config file enables a /dev/zram0 device with the default settings [zram0] - path: /etc/sysctl.d/50-unpriv-port.conf mode: 0644 contents: inline: | net.ipv4.ip_unprivileged_port_start=80 - path: /etc/ssh/sshd_config.d/60-disable-password-login.conf mode: 0644 contents: inline: | ChallengeResponseAuthentication no PasswordAuthentication no PermitRootLogin no systemd: units: # Install TTT Starter Pack (htop, git, lm_sensors, smartmontools) - name: rpm-ostree-install-ttt-starterpack.service enabled: true contents: | [Unit] Description=Install TTT Starter Pack Wants=network-online.target After=network-online.target Before=zincati.service ConditionPathExists=!/var/lib/%N.stamp [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/bin/rpm-ostree install htop git lm_sensors smartmontools ExecStart=/usr/bin/touch /var/lib/%N.stamp ExecStart=/usr/bin/systemctl --no-block reboot [Install] WantedBy=multi-user.target - name: run-media-core-Data1.mount enabled: true contents: | [Unit] Description=Mount Data1 [Mount] What=UUID= Where=/run/media/core/Data1 Type=ext4 Options=defaults [Install] WantedBy=multi-user.target default.target