A .gitignore => .gitignore +1 -0
@@ 0,0 1,1 @@
+config.ign
M base/sudo.fcc => base/sudo.fcc +1 -6
@@ 3,12 3,7 @@ version: 1.0.0
passwd:
users:
- name: core
+ password_hash: "$6$rounds=656000$snqbxprkpbmcsjty$i47NNiKtLCs29kIIIZ2.FKiTwbxlfaNvZ73UzBzPP4dR2Z.UrWmd.4KY9jhKV5/pFvLmrIgvQYl08hDM2.5Jw/"
ssh_authorized_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwWh/r0uIecKBu8B7ZaoKPZbfimAarWI2WYMsIIeOumJUyXNk8nEUzLRUvpak60QNWy1m7sTyEUhQZDoKT0q0oZzG+yNKBWgA4Q+A2ISBtBW4uil/OTK3ZrIQKmTzUYFYChQfZkjj4j/bdpzdxlyaNC7bnxS4T3Lia0LBjMDlPaXPOKbliV2rTlm81wF6SN3a9SPNjLrpDv8SJFU4qEY5ZTv8LXHABWmRN4TZTRMO6Or6OrYl9o/uBtGlQGpwsbl2CCaAlrpub/oaYCm15uCKmMwbmqo+zsBmAcpwbg43zBDy4PL9AZUhyyaLlF5/5Ypb4JkRdplObLmwzp6P7uUGn5mEIsLJrU25M0Bc6iIOxu1WZzEfrBRJblTx8501//FVJwVHdl+oYWG/BdF06ELTvUhWnjuhUu2wCaSfeeZxBegBJKz7lfjtCCvSPM64H6J/jqVPbJJuOUu4n0nv7Wizyn2JudlfyUqZ/D1B5z2KExScLrRH5IFebLTLRA6/HTpjltjb5bc+T+CB/rvXWVrfMRogVRixpcgzKwlFjgj5WcP+jBxDiU6te+5KuJrHZc+3m5HXkC4lFDYX42fSSnae40a11YAYu5OKBcOszVok1TFZD5Lhw5k0XrAUN28mRUzbUKbxfxHI+X5OU7ekSfcqNNy6yY5wvy9ZpLI1p6NloGw== tom@carrio.dev"
groups: [sudo, docker]
-storage:
- files:
- - path: /etc/hostname
- overwrite: true
- contents:
- inline: custom-hostname>
\ No newline at end of file
A image.sh => image.sh +73 -0
@@ 0,0 1,73 @@
+#!/usr/bin/env sh
+
+fcc_file="$1"
+blk_file="$2"
+
+tgt_file="$(dirname $0)/config.ign"
+cmd_name="$(basename $0)"
+
+function help() {
+ echo """
+========= ${cmd_name} =========
+
+Utility shell script for installing a Fedora CoreOS provided
+a given Fedora CoreOS Configuration file and block device
+
+Usage: ${cmd_name} fcc_file_path block_device_path
+"""
+}
+
+function exit_because() {
+ code=1
+
+ if [ -z "$1" ]
+ then
+ exit 0
+ return
+ fi
+
+ echo "Error: $1"
+
+ help
+ exit 1
+}
+
+function which_silent() {
+ which $@ 1>/dev/null 2>/dev/null
+ return $?
+}
+
+if [ -z "${fcc_file}" ]
+then
+ exit_because "No argument provided for Fedora CoreOS Configuration file"
+fi
+
+if [ -z "${blk_file}" ]
+then
+ exit_because "No argument provided for block device file"
+fi
+
+if ! which_silent podman || ! which_silent fcct
+then
+ exit_because "!$ is not installed!"
+fi
+
+if [ ! -f "${fcc_file}" ]
+then
+ exit_because "Fedora CoreOS config file (${fcc_file}) was not found!"
+fi
+
+if [ ! -b "${blk_file}" ]
+then
+ exit_because "Block device (${blk_file}) was not a valid block device"
+fi
+
+fcct -o "${tgt_file}" "${fcc_file}"
+
+sudo podman run --pull=always --privileged --rm \
+ -v /dev:/dev \
+ -v /run/udev:/run/udev \
+ -v .:/data \
+ -w /data \
+ quay.io/coreos/coreos-installer:release \
+ install "${blk_file}" -i "${tgt_file}"
A networking/networking.fcc => networking/networking.fcc +180 -0
@@ 0,0 1,180 @@
+variant: fcos
+version: 1.0.0
+passwd:
+ users:
+ - name: core
+ ssh_authorized_keys:
+ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwWh/r0uIecKBu8B7ZaoKPZbfimAarWI2WYMsIIeOumJUyXNk8nEUzLRUvpak60QNWy1m7sTyEUhQZDoKT0q0oZzG+yNKBWgA4Q+A2ISBtBW4uil/OTK3ZrIQKmTzUYFYChQfZkjj4j/bdpzdxlyaNC7bnxS4T3Lia0LBjMDlPaXPOKbliV2rTlm81wF6SN3a9SPNjLrpDv8SJFU4qEY5ZTv8LXHABWmRN4TZTRMO6Or6OrYl9o/uBtGlQGpwsbl2CCaAlrpub/oaYCm15uCKmMwbmqo+zsBmAcpwbg43zBDy4PL9AZUhyyaLlF5/5Ypb4JkRdplObLmwzp6P7uUGn5mEIsLJrU25M0Bc6iIOxu1WZzEfrBRJblTx8501//FVJwVHdl+oYWG/BdF06ELTvUhWnjuhUu2wCaSfeeZxBegBJKz7lfjtCCvSPM64H6J/jqVPbJJuOUu4n0nv7Wizyn2JudlfyUqZ/D1B5z2KExScLrRH5IFebLTLRA6/HTpjltjb5bc+T+CB/rvXWVrfMRogVRixpcgzKwlFjgj5WcP+jBxDiU6te+5KuJrHZc+3m5HXkC4lFDYX42fSSnae40a11YAYu5OKBcOszVok1TFZD5Lhw5k0XrAUN28mRUzbUKbxfxHI+X5OU7ekSfcqNNy6yY5wvy9ZpLI1p6NloGw== tom@carrio.dev"
+ groups: [sudo, docker]
+
+systemd:
+ units:
+ - name: pihole.service
+ enabled: true
+ contents: |
+ [Unit]
+ Description=MyApp
+ After=network-online.target
+ Wants=network-online.target
+
+ [Service]
+ TimeoutStartSec=0
+ ExecStartPre=-/bin/podman kill pihole0
+ ExecStartPre=-/bin/podman rm pihole0
+ ExecStartPre=/bin/podman pull pihole/pihole:latest
+ ExecStart=/bin/podman run --name pihole0 pihole/pihole:latest
+
+ [Install]
+ WantedBy=multi-user.target
+
+ - name: tftp.service
+ enabled: true
+ contents: |
+ [Unit]
+ Description=tftp-hpa
+ After=network-online.target
+ Wants=network-online.target
+
+ [Service]
+ ExecStartPre=/usr/sbin/modprobe nf_conntrack_tftp
+ ExecStartPre=/usr/sbin/modprobe nf_nat_tftp
+ ExecStartPre=-/bin/podman kill tftp0
+ ExecStartPre=-/bin/podman rm tftp0
+ ExecStartPre=/bin/podman pull pihole/pihole:latest
+ ExecStart=/usr/bin/podman run \
+ --name tftp0 \
+ -p 69:69/udp \
+ jumanjiman/tftp-hpa:latest
+ RestartSec=5s
+ Restart=always
+
+ [Install]
+ WantedBy=multi-user.target
+
+ - name: pihole.service
+ enabled: true
+ contents: |
+ [Unit]
+ Description=MyApp
+ After=network-online.target
+ Wants=network-online.target
+
+ [Service]
+ TimeoutStartSec=0
+ ExecStartPre=-/bin/podman kill pihole0
+ ExecStartPre=-/bin/podman rm pihole0
+ ExecStartPre=/bin/podman pull pihole/pihole:latest
+ ExecStart=/bin/podman run --name pihole0 pihole/pihole:latest
+
+ [Install]
+ WantedBy=multi-user.target
+
+storage:
+ files:
+ - path: /etc/hostname
+ overwrite: true
+ contents:
+ inline: network0.int.carrio.dev
+ - path: /tmp/tftp-config
+ overwrite: true
+ contents:
+ inline: ''
+ - path: /tmp/dhcp-config
+ overwrite: true
+ contents:
+ inline: |
+ option domain-name "example.org";
+ option domain-name-servers ns1.example.org, ns2.example.org;
+
+ default-lease-time 60;
+ max-lease-time 600;
+
+ # The ddns-updates-style parameter controls whether or not the server will
+ # attempt to do a DNS update when a lease is confirmed. We default to the
+ # behavior of the version 2 packages ('none', since DHCP v2 didn't
+ # have support for DDNS.)
+ ddns-update-style none;
+
+ authoritative;
+
+ # internal network
+ subnet 192.168.1.0 netmask 255.255.255.0 {
+ range 192.168.1.2 192.168.1.100;
+ option routers 192.168.1.1;
+ option domain-name-servers 192.168.1.200, 192.168.1.201, 1.1.1.1;
+ option domain-name "int.carrio.dev";
+ default-lease-time 1800;
+ max-lease-time 7200;
+ }
+
+ ### SHARED CONFIGURATION (duplicate across any DHCP servers)
+ # Defines the printer so vic doesn't hate me
+ host hp_printer {
+ hardware ethernet f4:30:b9:ea:4c:0f;
+ fixed-address 192.168.1.56;
+ }
+
+ # Smart switch for server board
+ host tp_link_switch {
+ hardware ethernet d8:07:b6:4f:ac:b5;
+ fixed-address 192.168.1.210;
+ }
+
+ # Defines the host configurations for the nuc array
+ class "nuc" {
+ match if substring (option vendor-class-identifier, 0, 6) = "f44d30";
+ next-server 192.168.1.240;
+ filename "fcos-base.kpxe";
+ }
+
+ # management servers
+ host mgmt_nuc00 {
+ hardware ethernet f4:4d:30:61:9b:19;
+ fixed-address 192.168.1.200;
+ next-server 192.168.1.240;
+ filename "fcos-mgmt.kpxe";
+ }
+ host mgmt_nuc01 {
+ hardware ethernet f4:4d:30:62:4c:26;
+ fixed-address 192.168.1.201;
+ next-server 192.168.1.240;
+ filename "fcos-mgmt.kpxe";
+ }
+ host mgmt_nuc02 {
+ hardware ethernet f4:4d:30:61:99:ab;
+ fixed-address 192.168.1.202;
+ next-server 192.168.1.240;
+ filename "fcos-mgmt.kpxe";
+ }
+ host mgmt_nuc03 {
+ hardware ethernet f4:4d:30:61:8c:cf;
+ fixed-address 192.168.1.203;
+ next-server 192.168.1.240;
+ filename "fcos-mgmt.kpxe";
+ }
+
+ # computing servers
+ host srvr_nuc00 {
+ hardware ethernet f4:4d:30:61:99:ad;
+ fixed-address 192.168.1.210;
+ }
+ host srvr_nuc01 {
+ hardware ethernet f4:4d:30:61:8a:9d;
+ fixed-address 192.168.1.211;
+ }
+ host srvr_nuc02 {
+ hardware ethernet f4:4d:30:62:4a:76;
+ fixed-address 192.168.1.212;
+ }
+ host srvr_nuc03 {
+ hardware ethernet f4:4d:30:62:4a:43;
+ fixed-address 192.168.1.213;
+ }
+ host srvr_nuc04 {
+ hardware ethernet f4:4d:30:61:9a:e0;
+ fixed-address 192.168.1.214;
+ }
+ host srvr_nuc05 {
+ hardware ethernet f4:4d:30:61:99:ed;
+ fixed-address 192.168.1.215;
+ }