~tcarrio/fcos-templates

bea8fb13121403835c2c1a3519a9a5740a700578 — Tom Carrio 4 years ago cf0b84f
Messing around with Fedora CoreOS Configurations for various systems
4 files changed, 255 insertions(+), 6 deletions(-)

A .gitignore
M base/sudo.fcc
A image.sh
A networking/networking.fcc
A .gitignore => .gitignore +1 -0
@@ 0,0 1,1 @@
config.ign

M base/sudo.fcc => base/sudo.fcc +1 -6
@@ 3,12 3,7 @@ version: 1.0.0
passwd:
  users:
    - name: core
      password_hash: "$6$rounds=656000$snqbxprkpbmcsjty$i47NNiKtLCs29kIIIZ2.FKiTwbxlfaNvZ73UzBzPP4dR2Z.UrWmd.4KY9jhKV5/pFvLmrIgvQYl08hDM2.5Jw/"
      ssh_authorized_keys:
        - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwWh/r0uIecKBu8B7ZaoKPZbfimAarWI2WYMsIIeOumJUyXNk8nEUzLRUvpak60QNWy1m7sTyEUhQZDoKT0q0oZzG+yNKBWgA4Q+A2ISBtBW4uil/OTK3ZrIQKmTzUYFYChQfZkjj4j/bdpzdxlyaNC7bnxS4T3Lia0LBjMDlPaXPOKbliV2rTlm81wF6SN3a9SPNjLrpDv8SJFU4qEY5ZTv8LXHABWmRN4TZTRMO6Or6OrYl9o/uBtGlQGpwsbl2CCaAlrpub/oaYCm15uCKmMwbmqo+zsBmAcpwbg43zBDy4PL9AZUhyyaLlF5/5Ypb4JkRdplObLmwzp6P7uUGn5mEIsLJrU25M0Bc6iIOxu1WZzEfrBRJblTx8501//FVJwVHdl+oYWG/BdF06ELTvUhWnjuhUu2wCaSfeeZxBegBJKz7lfjtCCvSPM64H6J/jqVPbJJuOUu4n0nv7Wizyn2JudlfyUqZ/D1B5z2KExScLrRH5IFebLTLRA6/HTpjltjb5bc+T+CB/rvXWVrfMRogVRixpcgzKwlFjgj5WcP+jBxDiU6te+5KuJrHZc+3m5HXkC4lFDYX42fSSnae40a11YAYu5OKBcOszVok1TFZD5Lhw5k0XrAUN28mRUzbUKbxfxHI+X5OU7ekSfcqNNy6yY5wvy9ZpLI1p6NloGw== tom@carrio.dev"
      groups: [sudo, docker]
storage:
  files:
    - path: /etc/hostname
      overwrite: true
      contents:
        inline: custom-hostname
\ No newline at end of file

A image.sh => image.sh +73 -0
@@ 0,0 1,73 @@
#!/usr/bin/env sh

fcc_file="$1"
blk_file="$2"

tgt_file="$(dirname $0)/config.ign"
cmd_name="$(basename $0)"

function help() {
  echo """
========= ${cmd_name} =========

Utility shell script for installing a Fedora CoreOS provided
a given Fedora CoreOS Configuration file and block device

Usage: ${cmd_name} fcc_file_path block_device_path
"""
}

function exit_because() {
  code=1

  if [ -z "$1" ]
  then
    exit 0
    return
  fi

  echo "Error: $1"

  help
  exit 1
}

function which_silent() {
  which $@ 1>/dev/null 2>/dev/null
  return $?
}

if [ -z "${fcc_file}" ]
then
  exit_because "No argument provided for Fedora CoreOS Configuration file"
fi

if [ -z "${blk_file}" ]
then
  exit_because "No argument provided for block device file"
fi

if ! which_silent podman || ! which_silent fcct
then
  exit_because "!$ is not installed!"
fi

if [ ! -f "${fcc_file}" ]
then
  exit_because "Fedora CoreOS config file (${fcc_file}) was not found!"
fi

if [ ! -b "${blk_file}" ]
then
  exit_because "Block device (${blk_file}) was not a valid block device"
fi

fcct -o "${tgt_file}" "${fcc_file}"

sudo podman run --pull=always --privileged --rm \
    -v /dev:/dev \
    -v /run/udev:/run/udev \
    -v .:/data \
    -w /data \
    quay.io/coreos/coreos-installer:release \
    install "${blk_file}" -i "${tgt_file}"

A networking/networking.fcc => networking/networking.fcc +180 -0
@@ 0,0 1,180 @@
variant: fcos
version: 1.0.0
passwd:
  users:
    - name: core
      ssh_authorized_keys:
        - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwWh/r0uIecKBu8B7ZaoKPZbfimAarWI2WYMsIIeOumJUyXNk8nEUzLRUvpak60QNWy1m7sTyEUhQZDoKT0q0oZzG+yNKBWgA4Q+A2ISBtBW4uil/OTK3ZrIQKmTzUYFYChQfZkjj4j/bdpzdxlyaNC7bnxS4T3Lia0LBjMDlPaXPOKbliV2rTlm81wF6SN3a9SPNjLrpDv8SJFU4qEY5ZTv8LXHABWmRN4TZTRMO6Or6OrYl9o/uBtGlQGpwsbl2CCaAlrpub/oaYCm15uCKmMwbmqo+zsBmAcpwbg43zBDy4PL9AZUhyyaLlF5/5Ypb4JkRdplObLmwzp6P7uUGn5mEIsLJrU25M0Bc6iIOxu1WZzEfrBRJblTx8501//FVJwVHdl+oYWG/BdF06ELTvUhWnjuhUu2wCaSfeeZxBegBJKz7lfjtCCvSPM64H6J/jqVPbJJuOUu4n0nv7Wizyn2JudlfyUqZ/D1B5z2KExScLrRH5IFebLTLRA6/HTpjltjb5bc+T+CB/rvXWVrfMRogVRixpcgzKwlFjgj5WcP+jBxDiU6te+5KuJrHZc+3m5HXkC4lFDYX42fSSnae40a11YAYu5OKBcOszVok1TFZD5Lhw5k0XrAUN28mRUzbUKbxfxHI+X5OU7ekSfcqNNy6yY5wvy9ZpLI1p6NloGw== tom@carrio.dev"
      groups: [sudo, docker]

systemd:
  units:
    - name: pihole.service
      enabled: true
      contents: |
        [Unit]
        Description=MyApp
        After=network-online.target
        Wants=network-online.target

        [Service]
        TimeoutStartSec=0
        ExecStartPre=-/bin/podman kill pihole0
        ExecStartPre=-/bin/podman rm pihole0
        ExecStartPre=/bin/podman pull pihole/pihole:latest
        ExecStart=/bin/podman run --name pihole0 pihole/pihole:latest

        [Install]
        WantedBy=multi-user.target

    - name: tftp.service
      enabled: true
      contents: |
        [Unit]
        Description=tftp-hpa
        After=network-online.target
        Wants=network-online.target

        [Service]
        ExecStartPre=/usr/sbin/modprobe nf_conntrack_tftp
        ExecStartPre=/usr/sbin/modprobe nf_nat_tftp
        ExecStartPre=-/bin/podman kill tftp0
        ExecStartPre=-/bin/podman rm tftp0
        ExecStartPre=/bin/podman pull pihole/pihole:latest
        ExecStart=/usr/bin/podman run \
          --name tftp0 \
          -p 69:69/udp \
          jumanjiman/tftp-hpa:latest
        RestartSec=5s
        Restart=always

        [Install]
        WantedBy=multi-user.target

    - name: pihole.service
      enabled: true
      contents: |
        [Unit]
        Description=MyApp
        After=network-online.target
        Wants=network-online.target

        [Service]
        TimeoutStartSec=0
        ExecStartPre=-/bin/podman kill pihole0
        ExecStartPre=-/bin/podman rm pihole0
        ExecStartPre=/bin/podman pull pihole/pihole:latest
        ExecStart=/bin/podman run --name pihole0 pihole/pihole:latest

        [Install]
        WantedBy=multi-user.target

storage:
  files:
    - path: /etc/hostname
      overwrite: true
      contents:
        inline: network0.int.carrio.dev
    - path: /tmp/tftp-config
      overwrite: true
      contents:
        inline: ''
    - path: /tmp/dhcp-config
      overwrite: true
      contents:
        inline: |
          option domain-name "example.org";
          option domain-name-servers ns1.example.org, ns2.example.org;

          default-lease-time 60;
          max-lease-time 600;

          # The ddns-updates-style parameter controls whether or not the server will
          # attempt to do a DNS update when a lease is confirmed. We default to the
          # behavior of the version 2 packages ('none', since DHCP v2 didn't
          # have support for DDNS.)
          ddns-update-style none;

          authoritative;

          # internal network
          subnet 192.168.1.0 netmask 255.255.255.0 {
            range 192.168.1.2 192.168.1.100;
            option routers 192.168.1.1;
            option domain-name-servers 192.168.1.200, 192.168.1.201, 1.1.1.1;
            option domain-name "int.carrio.dev";
            default-lease-time 1800;
            max-lease-time 7200;
          }

          ### SHARED CONFIGURATION (duplicate across any DHCP servers)
          # Defines the printer so vic doesn't hate me
          host hp_printer {
            hardware ethernet f4:30:b9:ea:4c:0f;
            fixed-address 192.168.1.56;
          }

          # Smart switch for server board
          host tp_link_switch {
            hardware ethernet d8:07:b6:4f:ac:b5;
            fixed-address 192.168.1.210;
          }

          # Defines the host configurations for the nuc array
          class "nuc" {
            match if substring (option vendor-class-identifier, 0, 6) = "f44d30";
            next-server 192.168.1.240;
            filename "fcos-base.kpxe";
          }

          # management servers
          host mgmt_nuc00 {
            hardware ethernet f4:4d:30:61:9b:19;
            fixed-address 192.168.1.200;
            next-server 192.168.1.240;
            filename "fcos-mgmt.kpxe";
          }
          host mgmt_nuc01 {
            hardware ethernet f4:4d:30:62:4c:26;
            fixed-address 192.168.1.201;
            next-server 192.168.1.240;
            filename "fcos-mgmt.kpxe";
          }
          host mgmt_nuc02 {
            hardware ethernet f4:4d:30:61:99:ab;
            fixed-address 192.168.1.202;
            next-server 192.168.1.240;
            filename "fcos-mgmt.kpxe";
          }
          host mgmt_nuc03 {
            hardware ethernet f4:4d:30:61:8c:cf;
            fixed-address 192.168.1.203;
            next-server 192.168.1.240;
            filename "fcos-mgmt.kpxe";
          }

          # computing servers
          host srvr_nuc00 {
            hardware ethernet f4:4d:30:61:99:ad;
            fixed-address 192.168.1.210;
          }
          host srvr_nuc01 {
            hardware ethernet f4:4d:30:61:8a:9d;
            fixed-address 192.168.1.211;
          }
          host srvr_nuc02 {
            hardware ethernet f4:4d:30:62:4a:76;
            fixed-address 192.168.1.212;
          }
          host srvr_nuc03 {
            hardware ethernet f4:4d:30:62:4a:43;
            fixed-address 192.168.1.213;
          }
          host srvr_nuc04 {
            hardware ethernet f4:4d:30:61:9a:e0;
            fixed-address 192.168.1.214;
          }
          host srvr_nuc05 {
            hardware ethernet f4:4d:30:61:99:ed;
            fixed-address 192.168.1.215;
          }