122 lines
3.4 KiB
Text
122 lines
3.4 KiB
Text
# Fedora CoreOS Butane config for Belle
|
|
# This will:
|
|
# 1. Set up "core" user with ssh pubkeys
|
|
# 2. Disable Password login over ssh
|
|
# 3. Set up rootless access for serial converters and set symlinks
|
|
# 4. Set up zram with default configuration
|
|
# 5. Set manual LAN IP on eno1 to 192.168.10.41/24, gateway and DNS to 192.168.10.254, there is no firewall on CoreOS
|
|
# 6. Set kargs rhgb quiet pcie_aspm=off audit=0 intel_iommu=on
|
|
# TODO: Enable linger for user "core": `loginctl enable-linger`
|
|
# TODO: enable podman socket for user "core"
|
|
|
|
variant: fcos
|
|
version: 1.5.0
|
|
passwd:
|
|
users:
|
|
- name: core
|
|
ssh_authorized_keys:
|
|
- ssh-ed25519 ...
|
|
|
|
kernel_arguments:
|
|
should_exist:
|
|
- "rhgb"
|
|
- "quiet"
|
|
- "pcie_aspm=off"
|
|
- "audit=0"
|
|
- "intel_iommu=on"
|
|
|
|
storage:
|
|
links:
|
|
- path: /etc/localtime
|
|
target: ../usr/share/zoneinfo/Asia/Bangkok
|
|
files:
|
|
- path: /etc/NetworkManager/system-connections/eno1.nmconnection
|
|
mode: 0600
|
|
contents:
|
|
inline: |
|
|
[connection]
|
|
id=
|
|
uuid=
|
|
type=ethernet
|
|
interface-name=
|
|
timestamp=
|
|
|
|
[ethernet]
|
|
|
|
[ipv4]
|
|
address1=192.168.10.41/24,192.168.10.254
|
|
dns=192.168.10.254;
|
|
method=manual
|
|
|
|
[ipv6]
|
|
addr-gen-mode=eui64
|
|
method=auto
|
|
|
|
[proxy]
|
|
- path: /etc/hostname
|
|
mode: 0644
|
|
contents:
|
|
inline: belle
|
|
- path: /etc/udev/rules.d/51-smartmeter.rules
|
|
mode: 0644
|
|
contents:
|
|
inline: SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", MODE="0777", SYMLINK+="ttyUSB_FT232"
|
|
- path: /etc/udev/rules.d/50-arduino.rules
|
|
mode: 0644
|
|
contents:
|
|
inline: SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", MODE="0777", SYMLINK+="ttyUSB_CH340"
|
|
- path: /etc/systemd/zram-generator.conf
|
|
mode: 0644
|
|
contents:
|
|
inline: |
|
|
# This config file enables a /dev/zram0 device with the default settings
|
|
[zram0]
|
|
- path: /etc/sysctl.d/50-unpriv-port.conf
|
|
mode: 0644
|
|
contents:
|
|
inline: |
|
|
net.ipv4.ip_unprivileged_port_start=80
|
|
- path: /etc/ssh/sshd_config.d/60-disable-password-login.conf
|
|
mode: 0644
|
|
contents:
|
|
inline: |
|
|
ChallengeResponseAuthentication no
|
|
PasswordAuthentication no
|
|
PermitRootLogin no
|
|
|
|
systemd:
|
|
units:
|
|
# Install TTT Starter Pack (htop, git, lm_sensors, smartmontools)
|
|
- name: rpm-ostree-install-ttt-starterpack.service
|
|
enabled: true
|
|
contents: |
|
|
[Unit]
|
|
Description=Install TTT Starter Pack
|
|
Wants=network-online.target
|
|
After=network-online.target
|
|
Before=zincati.service
|
|
ConditionPathExists=!/var/lib/%N.stamp
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart=/usr/bin/rpm-ostree install htop git lm_sensors smartmontools
|
|
ExecStart=/usr/bin/touch /var/lib/%N.stamp
|
|
ExecStart=/usr/bin/systemctl --no-block reboot
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
- name: run-media-core-Data1.mount
|
|
enabled: true
|
|
contents: |
|
|
[Unit]
|
|
Description=Mount Data1
|
|
|
|
[Mount]
|
|
What=UUID=
|
|
Where=/run/media/core/Data1
|
|
Type=ext4
|
|
Options=defaults
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target default.target
|