Commit c2eb368e846c
Changed files (21)
docs
kubernetes
microk8s
ops
secrets
shells
docs/kubernetes/microk8s/ubnt1/preseed.cfg
@@ -1,89 +0,0 @@
-### Localization
-# Locale sets language and country.
-d-i debian-installer/locale string en_US
-# Keyboard selection.
-d-i keyboard-configuration/layoutcode string fr
-d-i keyboard-configuration/modelcode string bepo
-d-i keyboard-configuration/variantcode string
-
-### Network configuration
-# netcfg will choose an interface that has link if possible. This makes it
-# skip displaying a list if there is more than one interface.
-d-i netcfg/choose_interface select auto
-# Any hostname and domain names assigned from dhcp take precedence over
-# values set here. However, setting the values still prevents the questions
-# from being shown, even if values come from dhcp.
-d-i netcfg/get_hostname string ubnt1
-d-i netcfg/get_domain string home
-# Disable that annoying WEP key dialog.
-d-i netcfg/wireless_wep string
-
-### Mirror settings
-d-i mirror/country string manual
-d-i mirror/http/hostname string us.archive.ubuntu.com
-d-i mirror/http/directory string /ubuntu
-d-i mirror/http/proxy string
-
-### Partitioning
-# Encrypt your home directory?
-d-i user-setup/encrypt-home boolean false
-# Alternatively, you can specify a disk to partition. The device name
-# can be given in either devfs or traditional non-devfs format.
-d-i partman-auto/disk string /dev/vda
-# In addition, you'll need to specify the method to use.
-# The presently available methods are: "regular", "lvm" and "crypto"
-d-i partman-auto/method string regular
-# You can choose from any of the predefined partitioning recipes.
-d-i partman-auto/choose_recipe select atomic
-# This makes partman automatically partition without confirmation, provided
-# that you told it what to do using one of the methods above.
-d-i partman-partitioning/confirm_write_new_label boolean true
-d-i partman/choose_partition select finish
-d-i partman/confirm boolean true
-d-i partman/confirm_nooverwrite boolean true
-
-### Clock and time zone setup
-# Controls whether or not the hardware clock is set to UTC.
-d-i clock-setup/utc boolean true
-# You may set this to any valid setting for $TZ; see the contents of
-# /usr/share/zoneinfo/ for valid values.
-d-i time/zone string Europe/Paris
-
-### Account setup
-# Skip creation of a root account (normal user account will be able to
-# use sudo).
-d-i passwd/root-login boolean false
-
-# To create a normal user account.
-d-i passwd/user-fullname string Vincent
-d-i passwd/username string vincent
-# Normal user's password, either in clear text
-# or encrypted using an MD5 hash.
-d-i passwd/user-password-crypted password $6$4Puk4u221EHgeLBK$gVYPwH3b6OW0Ic1aZUNYkSrFcfj6mbgigGenACVUVxnO3V6MKgV0mTq4COZGtoZLdlIhy1ggXLLEZaZT6Fnpm/
-
-# This is fairly safe to set, it makes grub install automatically to the MBR
-# if no other operating system is detected on the machine.
-d-i grub-installer/only_debian boolean true
-
-### Package selection
-d-i tasksel/first multiselect standard
-# Individual additional packages to install
-d-i pkgsel/include string openssh-server snapd
-
-### Finishing up installation
-d-i preseed/late_command string \
- mkdir -p /target/home/vincent/.ssh; \
- wget https://github.com/vdemeester.keys -O /target/home/vincent/.ssh/authorized_keys; \
- chown -R 1000 /target/home/vincent/; \
- chmod 600 /target/home/vincent/.ssh/authorized_keys; \
- mkdir -p /target/root/.ssh; \
- cp /target/home/vincent/.ssh/authorized_keys /target/root/.ssh; \
- chmod 600 /target/home/vincent/.ssh/authorized_keys; \
- echo 'vincent ALL=(ALL) NOPASSWD: ALL' > /target/etc/sudoers.d/vincent ; \
- chmod 440 /target/etc/sudoers.d/vincent ;
-
-### Finishing up the first stage install
-# Avoid that last message about the install being complete.
-d-i finish-install/reboot_in_progress note
-# How do you want to manage upgrades on this system?
-d-i pkgsel/update-policy select none
docs/kubernetes/microk8s/ubnt2/preseed.cfg
@@ -1,88 +0,0 @@
-### Localization
-# Locale sets language and country.
-d-i debian-installer/locale string en_US
-# Keyboard selection.
-d-i keyboard-configuration/layoutcode string fr
-d-i keyboard-configuration/modelcode string bepo
-d-i keyboard-configuration/variantcode string
-
-### Network configuration
-# netcfg will choose an interface that has link if possible. This makes it
-# skip displaying a list if there is more than one interface.
-d-i netcfg/choose_interface select auto
-# Any hostname and domain names assigned from dhcp take precedence over
-# values set here. However, setting the values still prevents the questions
-# from being shown, even if values come from dhcp.
-d-i netcfg/get_hostname string ubnt2
-d-i netcfg/get_domain string home
-# Disable that annoying WEP key dialog.
-d-i netcfg/wireless_wep string
-
-### Mirror settings
-d-i mirror/country string manual
-d-i mirror/http/hostname string us.archive.ubuntu.com
-d-i mirror/http/directory string /ubuntu
-d-i mirror/http/proxy string
-
-### Partitioning
-# Encrypt your home directory?
-d-i user-setup/encrypt-home boolean false
-# Alternatively, you can specify a disk to partition. The device name
-# can be given in either devfs or traditional non-devfs format.
-d-i partman-auto/disk string /dev/vda
-# In addition, you'll need to specify the method to use.
-# The presently available methods are: "regular", "lvm" and "crypto"
-d-i partman-auto/method string regular
-# You can choose from any of the predefined partitioning recipes.
-d-i partman-auto/choose_recipe select atomic
-# This makes partman automatically partition without confirmation, provided
-# that you told it what to do using one of the methods above.
-d-i partman-partitioning/confirm_write_new_label boolean true
-d-i partman/choose_partition select finish
-d-i partman/confirm boolean true
-d-i partman/confirm_nooverwrite boolean true
-
-### Clock and time zone setup
-# Controls whether or not the hardware clock is set to UTC.
-d-i clock-setup/utc boolean true
-# You may set this to any valid setting for $TZ; see the contents of
-# /usr/share/zoneinfo/ for valid values.
-d-i time/zone string Europe/Paris
-
-### Account setup
-# Skip creation of a root account (normal user account will be able to
-# use sudo).
-d-i passwd/root-login boolean false
-
-# To create a normal user account.
-d-i passwd/user-fullname string Vincent
-d-i passwd/username string vincent
-# Normal user's password, either in clear text
-# or encrypted using an MD5 hash.
-d-i passwd/user-password-crypted password $6$4Puk4u221EHgeLBK$gVYPwH3b6OW0Ic1aZUNYkSrFcfj6mbgigGenACVUVxnO3V6MKgV0mTq4COZGtoZLdlIhy1ggXLLEZaZT6Fnpm/
-
-# This is fairly safe to set, it makes grub install automatically to the MBR
-# if no other operating system is detected on the machine.
-d-i grub-installer/only_debian boolean true
-
-### Package selection
-d-i tasksel/first multiselect standard
-# Individual additional packages to install
-d-i pkgsel/include string openssh-server snapd
-
-### Finishing up installation
-d-i preseed/late_command string \
- mkdir -p /target/home/vincent/.ssh; \
- wget https://github.com/vdemeester.keys -O /target/home/vincent/.ssh/authorized_keys; \
- chown -R 1000 /target/home/vincent/; \
- chmod 600 /target/home/vincent/.ssh/authorized_keys; \
- mkdir -p /target/root/.ssh; \
- cp /target/home/vincent/.ssh/authorized_keys /target/root/.ssh; \
- chmod 600 /target/home/vincent/.ssh/authorized_keys; \
- echo 'vincent ALL=(ALL) NOPASSWD: ALL' > /target/etc/sudoers.d/vincent ; \
- chmod 440 /target/etc/sudoers.d/vincent
-### Finishing up the first stage install
-# Avoid that last message about the install being complete.
-d-i finish-install/reboot_in_progress note
-# How do you want to manage upgrades on this system?
-d-i pkgsel/update-policy select none
docs/kubernetes/microk8s/bootstrap.sh
@@ -1,53 +0,0 @@
-#!/usr/bin/env bash
-set -euxo pipefail
-QEMU_URI=${QEMU_URI:-qemu+ssh://wakasu.home/system}
-declare -A addrs=( ["ubnt1"]="30" ["ubnt2"]="31")
-
-token="$(pwgen -1 32)"
-
-bootstrap() {
- machine=$1
- virt-install --connect="${QEMU_URI}" \
- --name="${machine}" --vcpus=4 --ram=4192 \
- --disk path=/var/lib/libvirt/images/${machine}.qcow2,bus=virtio,size=120 \
- --network bridge=br1,mac.address=52:54:00:dd:a3:${addrs[${machine}]} \
- --os-variant ubuntu20.04 \
- --location 'http://archive.ubuntu.com/ubuntu/dists/focal/main/installer-amd64/' \
- --initrd-inject ${machine}/preseed.cfg \
- --video=vga \
- --wait=-1 \
- --extra-args 'ks=file:/preseed.cfg /console=ttyS0,115200n8 serial'
-# --graphics none \
-# --console pty,target_type=serial \
-# --extra-args 'ks=file:/preseed.cfg /console=ttyS0,115200n8 serial'
-}
-
-configure-ubnt1() {
- ssh -o "StrictHostKeyChecking=no" -t vincent@192.168.1.130 sudo snap install microk8s --classic --channel=1.22
- ssh -t root@192.168.1.130 microk8s status --wait-ready
- ssh -t root@192.168.1.130 usermod -a -G microk8s vincent
- ssh -t root@192.168.1.130 microk8s enable dns ingress storage registry rbac
- ssh -t root@192.168.1.130 mkdir -p /root/.kube
- # ssh -t root@192.168.1.130 microk8s config > /root/.kube/config.microk8s
- # FIXME: Parse the output to get the full url to join
- ssh -t root@192.168.1.130 microk8s add-node --token-ttl=-1 --token=${token}
-}
-
-configure-ubnt2() {
- ssh -o "StrictHostKeyChecking=no" -t root@192.168.1.131 sudo snap install microk8s --classic --channel=1.22
- ssh -t root@192.168.1.130 microk8s status --wait-ready
- ssh -t root@192.168.1.130 usermod -a -G microk8s vincent
- ssh -t root@192.168.1.131 microk8s join 192.168.1.130:250000/${token}
-}
-
-for m in ubnt*; do
- set +e
- virsh --connect="${QEMU_URI}" list | grep $m
- if [[ $? -gt 0 ]]; then
- set -e
- bootstrap $m
- echo "bootstrap machine $m"
- sleep 60
- configure-$m
- fi
-done
docs/kubernetes/microk8s.org
@@ -1,259 +0,0 @@
-#+TITLE: microk8s
-
-[[https://microk8s.io/][=microk8s=]] is a lightweight version of [[file:kubernetes.org][Kubernetes]] done by [[file:canonical.org][Canonical]].
-
-* Setup on libvirt VMs
-:LOGBOOK:
-CLOCK: [2020-10-30 Fri 19:00]--[2020-10-31 Sat 00:20] => 5:20
-CLOCK: [2020-10-30 Fri 16:58]--[2020-10-30 Fri 18:59] => 2:01
-:END:
-
-#+begin_src text :mkdirp yes :tangle ../../ops/k8s/microk8s/ubnt1/preseed.cfg
-### Localization
-# Locale sets language and country.
-d-i debian-installer/locale string en_US
-# Keyboard selection.
-d-i keyboard-configuration/layoutcode string fr
-d-i keyboard-configuration/modelcode string bepo
-d-i keyboard-configuration/variantcode string
-
-### Network configuration
-# netcfg will choose an interface that has link if possible. This makes it
-# skip displaying a list if there is more than one interface.
-d-i netcfg/choose_interface select auto
-# Any hostname and domain names assigned from dhcp take precedence over
-# values set here. However, setting the values still prevents the questions
-# from being shown, even if values come from dhcp.
-d-i netcfg/get_hostname string ubnt1.home
-d-i netcfg/get_domain string home
-# Disable that annoying WEP key dialog.
-d-i netcfg/wireless_wep string
-
-### Mirror settings
-d-i mirror/country string manual
-d-i mirror/http/hostname string us.archive.ubuntu.com
-d-i mirror/http/directory string /ubuntu
-d-i mirror/http/proxy string
-
-### Partitioning
-# Encrypt your home directory?
-d-i user-setup/encrypt-home boolean false
-# Alternatively, you can specify a disk to partition. The device name
-# can be given in either devfs or traditional non-devfs format.
-d-i partman-auto/disk string /dev/vda
-# In addition, you'll need to specify the method to use.
-# The presently available methods are: "regular", "lvm" and "crypto"
-d-i partman-auto/method string regular
-# You can choose from any of the predefined partitioning recipes.
-d-i partman-auto/choose_recipe select atomic
-# This makes partman automatically partition without confirmation, provided
-# that you told it what to do using one of the methods above.
-d-i partman-partitioning/confirm_write_new_label boolean true
-d-i partman/choose_partition select finish
-d-i partman/confirm boolean true
-d-i partman/confirm_nooverwrite boolean true
-
-### Clock and time zone setup
-# Controls whether or not the hardware clock is set to UTC.
-d-i clock-setup/utc boolean true
-# You may set this to any valid setting for $TZ; see the contents of
-# /usr/share/zoneinfo/ for valid values.
-d-i time/zone string Europe/Paris
-
-### Account setup
-# Skip creation of a root account (normal user account will be able to
-# use sudo).
-d-i passwd/root-login boolean false
-
-# To create a normal user account.
-d-i passwd/user-fullname string Vincent
-d-i passwd/username string vincent
-# Normal user's password, either in clear text
-# or encrypted using an MD5 hash.
-d-i passwd/user-password-crypted password $6$4Puk4u221EHgeLBK$gVYPwH3b6OW0Ic1aZUNYkSrFcfj6mbgigGenACVUVxnO3V6MKgV0mTq4COZGtoZLdlIhy1ggXLLEZaZT6Fnpm/
-
-# This is fairly safe to set, it makes grub install automatically to the MBR
-# if no other operating system is detected on the machine.
-d-i grub-installer/only_debian boolean true
-
-### Package selection
-d-i tasksel/first multiselect standard
-# Individual additional packages to install
-d-i pkgsel/include string openssh-server snapd
-
-### Finishing up installation
-d-i preseed/late_command string \
- mkdir -p /target/home/vincent/.ssh; \
- wget https://github.com/vdemeester.keys -O /target/home/vincent/.ssh/authorized_keys; \
- chown -R 1000 /target/home/vincent/; \
- chmod 600 /target/home/vincent/.ssh/authorized_keys; \
- mkdir -p /target/root/.ssh; \
- cp /target/home/vincent/.ssh/authorized_keys /target/root/.ssh; \
- chmod 600 /target/home/vincent/.ssh/authorized_keys; \
- echo 'vincent ALL=(ALL) NOPASSWD: ALL' > /target/etc/sudoers.d/vincent ; \
- chmod 440 /target/etc/sudoers.d/vincent ;
-
-### Finishing up the first stage install
-# Avoid that last message about the install being complete.
-d-i finish-install/reboot_in_progress note
-# How do you want to manage upgrades on this system?
-d-i pkgsel/update-policy select none
-#+end_src
-#+begin_src text :mkdirp yes :tangle ../../ops/k8s/microk8s/ubnt2/preseed.cfg
-### Localization
-# Locale sets language and country.
-d-i debian-installer/locale string en_US
-# Keyboard selection.
-d-i keyboard-configuration/layoutcode string fr
-d-i keyboard-configuration/modelcode string bepo
-d-i keyboard-configuration/variantcode string
-
-### Network configuration
-# netcfg will choose an interface that has link if possible. This makes it
-# skip displaying a list if there is more than one interface.
-d-i netcfg/choose_interface select auto
-# Any hostname and domain names assigned from dhcp take precedence over
-# values set here. However, setting the values still prevents the questions
-# from being shown, even if values come from dhcp.
-d-i netcfg/get_hostname string ubnt2.home
-d-i netcfg/get_domain string home
-# Disable that annoying WEP key dialog.
-d-i netcfg/wireless_wep string
-
-### Mirror settings
-d-i mirror/country string manual
-d-i mirror/http/hostname string us.archive.ubuntu.com
-d-i mirror/http/directory string /ubuntu
-d-i mirror/http/proxy string
-
-### Partitioning
-# Encrypt your home directory?
-d-i user-setup/encrypt-home boolean false
-# Alternatively, you can specify a disk to partition. The device name
-# can be given in either devfs or traditional non-devfs format.
-d-i partman-auto/disk string /dev/vda
-# In addition, you'll need to specify the method to use.
-# The presently available methods are: "regular", "lvm" and "crypto"
-d-i partman-auto/method string regular
-# You can choose from any of the predefined partitioning recipes.
-d-i partman-auto/choose_recipe select atomic
-# This makes partman automatically partition without confirmation, provided
-# that you told it what to do using one of the methods above.
-d-i partman-partitioning/confirm_write_new_label boolean true
-d-i partman/choose_partition select finish
-d-i partman/confirm boolean true
-d-i partman/confirm_nooverwrite boolean true
-
-### Clock and time zone setup
-# Controls whether or not the hardware clock is set to UTC.
-d-i clock-setup/utc boolean true
-# You may set this to any valid setting for $TZ; see the contents of
-# /usr/share/zoneinfo/ for valid values.
-d-i time/zone string Europe/Paris
-
-### Account setup
-# Skip creation of a root account (normal user account will be able to
-# use sudo).
-d-i passwd/root-login boolean false
-
-# To create a normal user account.
-d-i passwd/user-fullname string Vincent
-d-i passwd/username string vincent
-# Normal user's password, either in clear text
-# or encrypted using an MD5 hash.
-d-i passwd/user-password-crypted password $6$4Puk4u221EHgeLBK$gVYPwH3b6OW0Ic1aZUNYkSrFcfj6mbgigGenACVUVxnO3V6MKgV0mTq4COZGtoZLdlIhy1ggXLLEZaZT6Fnpm/
-
-# This is fairly safe to set, it makes grub install automatically to the MBR
-# if no other operating system is detected on the machine.
-d-i grub-installer/only_debian boolean true
-
-### Package selection
-d-i tasksel/first multiselect standard
-# Individual additional packages to install
-d-i pkgsel/include string openssh-server snapd
-
-### Finishing up installation
-d-i preseed/late_command string \
- mkdir -p /target/home/vincent/.ssh; \
- wget https://github.com/vdemeester.keys -O /target/home/vincent/.ssh/authorized_keys; \
- chown -R 1000 /target/home/vincent/; \
- chmod 600 /target/home/vincent/.ssh/authorized_keys; \
- mkdir -p /target/root/.ssh; \
- cp /target/home/vincent/.ssh/authorized_keys /target/root/.ssh; \
- chmod 600 /target/home/vincent/.ssh/authorized_keys; \
- echo 'vincent ALL=(ALL) NOPASSWD: ALL' > /target/etc/sudoers.d/vincent ; \
- chmod 440 /target/etc/sudoers.d/vincent
-### Finishing up the first stage install
-# Avoid that last message about the install being complete.
-d-i finish-install/reboot_in_progress note
-# How do you want to manage upgrades on this system?
-d-i pkgsel/update-policy select none
-#+end_src
-
-#+begin_src bash :mkdirp yes :tangle ../../ops/k8s/microk8s/bootstrap.sh :tangle-mode (identity #o755)
-#!/usr/bin/env bash
-set -euxo pipefail
-QEMU_URI=${QEMU_URI:-qemu+ssh://wakasu.home/system}
-declare -A addrs=( ["ubnt1"]="30" ["ubnt2"]="31")
-
-token="$(pwgen -1 32)"
-
-bootstrap() {
- machine=$1
- virt-install --connect="${QEMU_URI}" \
- --name="${machine}" --vcpus=4 --ram=4192 \
- --disk path=/var/lib/libvirt/images/${machine}.qcow2,bus=virtio,size=120 \
- --network bridge=br1,mac.address=52:54:00:dd:a3:${addrs[${machine}]} \
- --os-variant ubuntu20.04 \
- --location 'http://archive.ubuntu.com/ubuntu/dists/focal/main/installer-amd64/' \
- --initrd-inject ${machine}/preseed.cfg \
- --video=vga \
- --wait=-1 \
- --extra-args 'ks=file:/preseed.cfg /console=ttyS0,115200n8 serial'
-# --graphics none \
-# --console pty,target_type=serial \
-# --extra-args 'ks=file:/preseed.cfg /console=ttyS0,115200n8 serial'
-}
-
-configure-ubnt1() {
- ssh -o "StrictHostKeyChecking=no" -t vincent@192.168.1.130 sudo snap install microk8s --classic --channel=1.22
- ssh -t root@192.168.1.130 microk8s status --wait-ready
- ssh -t root@192.168.1.130 usermod -a -G microk8s vincent
- ssh -t root@192.168.1.130 microk8s enable dns ingress storage registry rbac
- ssh -t root@192.168.1.130 mkdir -p /root/.kube
- # ssh -t root@192.168.1.130 microk8s config > /root/.kube/config.microk8s
- # FIXME: Parse the output to get the full url to join
- ssh -t root@192.168.1.130 microk8s add-node --token-ttl=-1 --token=${token}
-}
-
-configure-ubnt2() {
- ssh -o "StrictHostKeyChecking=no" -t root@192.168.1.131 sudo snap install microk8s --classic --channel=1.22
- ssh -t root@192.168.1.130 microk8s status --wait-ready
- ssh -t root@192.168.1.130 usermod -a -G microk8s vincent
- ssh -t root@192.168.1.131 microk8s join 192.168.1.130:250000/${token}
-}
-
-for m in ubnt*; do
- set +e
- virsh --connect="${QEMU_URI}" list | grep $m
- if [[ $? -gt 0 ]]; then
- set -e
- bootstrap $m
- echo "bootstrap machine $m"
- sleep 60
- configure-$m
- fi
-done
-
-#+end_src
-
-I need to move this into a git repository, it's gonna be better, maybe even in =~home=.
-
-** References
-
-- [[https://pancho.dev/posts/multipass-microk8s-cluster/][Multipass Microk8s Cluster on Multiple Nodes | pancho.dev]]
-- [[https://dev.to/musabhusaini/remote-development-with-multi-node-microk8s-cluster-and-scaffold-4o1d][Remote development with multi-node MicroK8s cluster and Skaffold - DEV]]
-- [[https://microk8s.io/docs/clustering][MicroK8s - Clustering with MicroK8s]]
-- [[https://www.debuntu.org/how-to-unattended-ubuntu-deployment-over-network-page-5-preseed-file/][How-To: Unattended Ubuntu Deployment over Network โ page 5 โ Preseed File - Debuntu]]
-- [[https://agilesysadmin.wordpress.com/2013/09/09/simple-unattended-ubuntu-install-in-a-vm/][Simple unattended Ubuntu install in a VM | Agile sysadmin]]
-- [[https://www.cyberciti.biz/faq/how-to-install-kvm-on-ubuntu-20-04-lts-headless-server/][How to install KVM on Ubuntu 20.04 LTS Headless Server - nixCraft]]
docs/moving-home-to-nix-flakes.org
@@ -1,34 +0,0 @@
-#+TITLE: Moving =home= to nix flakes
-#+FILETAGS: #home nix dotfiles configuration
-
-This document is a /live/ document on moving this =monorepo= to using nix flakes. It will go
-through why as well as trying to dig around what was done for it.
-
-* Why flakes
-
-#+begin_quote
-Nix is a package manager that lets you have a more deterministic view of your software
-dependencies and build processes. One if its biggest weaknesses out of the box is that
-there are very few conventions on how projects using Nix should work together. It's like
-having a build system but also having to configure systems to run software yourself. This
-could mean copying a NixOS module out of the project's git repo, writing your own or
-more. In contrast to this, Nix flakes define a set of conventions for how software can be
-build, run, integrated and deployed without having to rely on external tools such as Niv
-or Lorri to help you do basic tasks in a timely manner.
-โ from [[https://christine.website/blog/nix-flakes-1-2022-02-21]]
-#+end_quote
-
-Nix flakes seems to be more and more stable and usable, and thus, as I needed to
-re-install one of my laptop powered by NixOS, I felt I would migrate the repository
-towards nix flakes.
-
-The idea is to make this repository a "flake-enabled" repository while still working with
-the current setup I have (=niv=, =morph=, โฆ).
-
-* Digging into the flake
-
-- Going with flake-utils-plus. Why ?
- For a "configuration" repository, I think it makes perfect sense. For standalone flakes,
- like projects, โฆ I wouldn't say the same but for this one it does.
-
-#+include: "../flake.nix" src nix
ops/fcos/fcos-master.bu
@@ -1,120 +0,0 @@
-variant: fcos
-version: 1.4.0
-passwd:
- users:
- - name: core
- ssh_authorized_keys:
- - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu
- - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku
- - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832
- - name: robot
- password_hash: "$y$j9T$8AHcgGEznx/VnaNnbHufj/$zE.UJBpbrZiIKS3FcVLg.VBawvflIDZYn1dzKhJb7x0"
- ssh_authorized_keys:
- - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu
- - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku
- - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832
- groups: [ sudo ]
-storage:
- directories:
- - path: /var/cache/rpm-ostree-install
- files:
- # CRI-O DNF module
- - path: /etc/dnf/modules.d/cri-o.module
- mode: 0644
- overwrite: true
- contents:
- inline: |
- [cri-o]
- name=cri-o
- stream=1.29
- profiles=
- state=enabled
- # YUM repository for kubeadm, kubelet and kubectl
- - path: /etc/yum.repos.d/kubernetes.repo
- mode: 0644
- overwrite: true
- contents:
- inline: |
- [kubernetes]
- name=Kubernetes
- baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
- enabled=1
- gpgcheck=1
- gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
- https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
- # configuring automatic loading of br_netfilter on startup
- - path: /etc/modules-load.d/br_netfilter.conf
- mode: 0644
- overwrite: true
- contents:
- inline: br_netfilter
- # setting kernel parameters required by kubelet
- - path: /etc/sysctl.d/kubernetes.conf
- mode: 0644
- overwrite: true
- contents:
- inline: |
- net.bridge.bridge-nf-call-iptables=1
- net.ipv4.ip_forward=1
- - path: /etc/hostname
- mode: 0644
- contents:
- inline: ~HOSTNAME~
- disks:
- - # The link to the block device the OS was booted from.
- device: /dev/disk/by-id/coreos-boot-disk
- # We do not want to wipe the partition table since this is the primary
- # device.
- wipe_table: false
- partitions:
- - number: 4
- label: root
- size_mib: 10240 # 10GB
- resize: true
- - size_mib: 0
- # We assign a descriptive label to the partition. This is important
- # for referring to it in a device-agnostic way in other parts of the
- # configuration.
- label: var
- filesystems:
- - path: /var
- device: /dev/disk/by-partlabel/var
- # We can select the filesystem we'd like.
- format: ext4
- # Ask Butane to generate a mount unit for us so that this filesystem
- # gets mounted in the real root.
- with_mount_unit: true
-
-systemd:
- units:
- - name: rpm-ostree-install@.service
- enabled: true
- contents: |
- [Unit]
- Description=Layer %i with rpm-ostree
- Wants=network-online.target
- After=network-online.target
- Before=zincati.service
- ConditionPathExists=!/var/cache/rpm-ostree-install/%i.stamp
-
- [Service]
- Type=oneshot
- RemainAfterExit=yes
- ExecStart=/usr/bin/flock /var/cache/rpm-ostree-install/.lock -c "/usr/bin/rpm-ostree install --assumeyes --idempotent --apply-live --allow-inactive %i | tee /var/cache/rpm-ostree-install/%i.stamp"
-
- [Install]
- WantedBy=multi-user.target
- - name: rpm-ostree-install@python3.service
- enabled: true
- - name: rpm-ostree-install@libselinux-python3.service
- enabled: true
- - name: rpm-ostree-install@kubeadm.service
- enabled: true
- - name: rpm-ostree-install@kubelet.service
- enabled: true
- - name: rpm-ostree-install@kubectl.service
- enabled: true
- - name: rpm-ostree-install@cri-o.service
- enabled: true
- - name: rpm-ostree-install@htop.service
- enabled: true
ops/fcos/fcos-master1.ign
@@ -1,1 +0,0 @@
-{"ignition":{"version":"3.3.0"},"passwd":{"users":[{"name":"core","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]},{"groups":["sudo"],"name":"robot","passwordHash":"$y$j9T$8AHcgGEznx/VnaNnbHufj/$zE.UJBpbrZiIKS3FcVLg.VBawvflIDZYn1dzKhJb7x0","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]}]},"storage":{"directories":[{"path":"/var/cache/rpm-ostree-install"}],"disks":[{"device":"/dev/disk/by-id/coreos-boot-disk","partitions":[{"label":"root","number":4,"resize":true,"sizeMiB":10240},{"label":"var","sizeMiB":0}],"wipeTable":false}],"files":[{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/4yMUcrCMBCE33OKXiAJP/xUEXoCjyAi6XbYQpLukjRgby+i1Nc+zTDM991iG1EWrKh3s4SM4boPZgwVraRhXletF+81UAyM6ihJmxyLcIIjyX5r2ReoVP/zWaSTfZ77R/9vsIQxYRr+DCvTDIqfGrEdtE9C77QRm2Nl03XHuaLZfl87/woAAP//5RZjlPkAAAA="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"path":"/etc/hostname","contents":{"compression":"","source":"data:,fcos-master1"},"mode":420}],"filesystems":[{"device":"/dev/disk/by-partlabel/var","format":"ext4","path":"/var"}]},"systemd":{"units":[{"contents":"# Generated by Butane\n[Unit]\nRequires=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\nAfter=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\n\n[Mount]\nWhere=/var\nWhat=/dev/disk/by-partlabel/var\nType=ext4\n\n[Install]\nRequiredBy=local-fs.target","enabled":true,"name":"var.mount"},{"contents":"[Unit]\nDescription=Layer %i with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\nBefore=zincati.service\nConditionPathExists=!/var/cache/rpm-ostree-install/%i.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/flock /var/cache/rpm-ostree-install/.lock -c \"/usr/bin/rpm-ostree install --assumeyes --idempotent --apply-live --allow-inactive %i | tee /var/cache/rpm-ostree-install/%i.stamp\"\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"rpm-ostree-install@.service"},{"enabled":true,"name":"rpm-ostree-install@python3.service"},{"enabled":true,"name":"rpm-ostree-install@libselinux-python3.service"},{"enabled":true,"name":"rpm-ostree-install@kubeadm.service"},{"enabled":true,"name":"rpm-ostree-install@kubelet.service"},{"enabled":true,"name":"rpm-ostree-install@kubectl.service"},{"enabled":true,"name":"rpm-ostree-install@cri-o.service"},{"enabled":true,"name":"rpm-ostree-install@htop.service"}]}}
ops/fcos/fcos-master2.ign
@@ -1,1 +0,0 @@
-{"ignition":{"version":"3.3.0"},"passwd":{"users":[{"name":"core","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]},{"groups":["sudo"],"name":"robot","passwordHash":"$y$j9T$8AHcgGEznx/VnaNnbHufj/$zE.UJBpbrZiIKS3FcVLg.VBawvflIDZYn1dzKhJb7x0","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]}]},"storage":{"directories":[{"path":"/var/cache/rpm-ostree-install"}],"disks":[{"device":"/dev/disk/by-id/coreos-boot-disk","partitions":[{"label":"root","number":4,"resize":true,"sizeMiB":10240},{"label":"var","sizeMiB":0}],"wipeTable":false}],"files":[{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/4yMUcrCMBCE33OKXiAJP/xUEXoCjyAi6XbYQpLukjRgby+i1Nc+zTDM991iG1EWrKh3s4SM4boPZgwVraRhXletF+81UAyM6ihJmxyLcIIjyX5r2ReoVP/zWaSTfZ77R/9vsIQxYRr+DCvTDIqfGrEdtE9C77QRm2Nl03XHuaLZfl87/woAAP//5RZjlPkAAAA="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"path":"/etc/hostname","contents":{"compression":"","source":"data:,fcos-master2"},"mode":420}],"filesystems":[{"device":"/dev/disk/by-partlabel/var","format":"ext4","path":"/var"}]},"systemd":{"units":[{"contents":"# Generated by Butane\n[Unit]\nRequires=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\nAfter=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\n\n[Mount]\nWhere=/var\nWhat=/dev/disk/by-partlabel/var\nType=ext4\n\n[Install]\nRequiredBy=local-fs.target","enabled":true,"name":"var.mount"},{"contents":"[Unit]\nDescription=Layer %i with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\nBefore=zincati.service\nConditionPathExists=!/var/cache/rpm-ostree-install/%i.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/flock /var/cache/rpm-ostree-install/.lock -c \"/usr/bin/rpm-ostree install --assumeyes --idempotent --apply-live --allow-inactive %i | tee /var/cache/rpm-ostree-install/%i.stamp\"\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"rpm-ostree-install@.service"},{"enabled":true,"name":"rpm-ostree-install@python3.service"},{"enabled":true,"name":"rpm-ostree-install@libselinux-python3.service"},{"enabled":true,"name":"rpm-ostree-install@kubeadm.service"},{"enabled":true,"name":"rpm-ostree-install@kubelet.service"},{"enabled":true,"name":"rpm-ostree-install@kubectl.service"},{"enabled":true,"name":"rpm-ostree-install@cri-o.service"},{"enabled":true,"name":"rpm-ostree-install@htop.service"}]}}
ops/fcos/fcos-worker.bu
@@ -1,120 +0,0 @@
-variant: fcos
-version: 1.4.0
-passwd:
- users:
- - name: core
- ssh_authorized_keys:
- - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu
- - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku
- - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832
- - name: robot
- password_hash: "$y$j9T$8AHcgGEznx/VnaNnbHufj/$zE.UJBpbrZiIKS3FcVLg.VBawvflIDZYn1dzKhJb7x0"
- ssh_authorized_keys:
- - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu
- - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku
- - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832
- groups: [ sudo ]
-storage:
- directories:
- - path: /var/cache/rpm-ostree-install
- files:
- # CRI-O DNF module
- - path: /etc/dnf/modules.d/cri-o.module
- mode: 0644
- overwrite: true
- contents:
- inline: |
- [cri-o]
- name=cri-o
- stream=1.29
- profiles=
- state=enabled
- # YUM repository for kubeadm, kubelet and kubectl
- - path: /etc/yum.repos.d/kubernetes.repo
- mode: 0644
- overwrite: true
- contents:
- inline: |
- [kubernetes]
- name=Kubernetes
- baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-aarch64
- enabled=1
- gpgcheck=1
- gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
- https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
- # configuring automatic loading of br_netfilter on startup
- - path: /etc/modules-load.d/br_netfilter.conf
- mode: 0644
- overwrite: true
- contents:
- inline: br_netfilter
- # setting kernel parameters required by kubelet
- - path: /etc/sysctl.d/kubernetes.conf
- mode: 0644
- overwrite: true
- contents:
- inline: |
- net.bridge.bridge-nf-call-iptables=1
- net.ipv4.ip_forward=1
- - path: /etc/hostname
- mode: 0644
- contents:
- inline: ~HOSTNAME~
- disks:
- - # The link to the block device the OS was booted from.
- device: /dev/disk/by-id/coreos-boot-disk
- # We do not want to wipe the partition table since this is the primary
- # device.
- wipe_table: false
- partitions:
- - number: 4
- label: root
- size_mib: 15360 # 15GB
- resize: true
- - size_mib: 0
- # We assign a descriptive label to the partition. This is important
- # for referring to it in a device-agnostic way in other parts of the
- # configuration.
- label: var
- filesystems:
- - path: /var
- device: /dev/disk/by-partlabel/var
- # We can select the filesystem we'd like.
- format: ext4
- # Ask Butane to generate a mount unit for us so that this filesystem
- # gets mounted in the real root.
- with_mount_unit: true
-
-systemd:
- units:
- - name: rpm-ostree-install@.service
- enabled: true
- contents: |
- [Unit]
- Description=Layer %i with rpm-ostree
- Wants=network-online.target
- After=network-online.target
- Before=zincati.service
- ConditionPathExists=!/var/cache/rpm-ostree-install/%i.stamp
-
- [Service]
- Type=oneshot
- RemainAfterExit=yes
- ExecStart=/usr/bin/flock /var/cache/rpm-ostree-install/.lock -c "/usr/bin/rpm-ostree install --assumeyes --idempotent --apply-live --allow-inactive %i | tee /var/cache/rpm-ostree-install/%i.stamp"
-
- [Install]
- WantedBy=multi-user.target
- - name: rpm-ostree-install@python3.service
- enabled: true
- - name: rpm-ostree-install@libselinux-python3.service
- enabled: true
- - name: rpm-ostree-install@kubeadm.service
- enabled: true
- - name: rpm-ostree-install@kubelet.service
- enabled: true
- - name: rpm-ostree-install@kubectl.service
- enabled: true
- - name: rpm-ostree-install@cri-o.service
- enabled: true
- - name: rpm-ostree-install@htop.service
- enabled: true
ops/fcos/fcos-worker1.ign
@@ -1,1 +0,0 @@
-{"ignition":{"version":"3.3.0"},"passwd":{"users":[{"name":"core","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]},{"groups":["sudo"],"name":"robot","passwordHash":"$y$j9T$8AHcgGEznx/VnaNnbHufj/$zE.UJBpbrZiIKS3FcVLg.VBawvflIDZYn1dzKhJb7x0","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]}]},"storage":{"directories":[{"path":"/var/cache/rpm-ostree-install"}],"disks":[{"device":"/dev/disk/by-id/coreos-boot-disk","partitions":[{"label":"root","number":4,"resize":true,"sizeMiB":15360},{"label":"var","sizeMiB":0}],"wipeTable":false}],"files":[{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/4yMwanDMBBE76rCDUjiwyeBgCtICSGH9XpYgyTvIlkHdx9CgnP1aYZh3nukPqGu2NCebqWC8X4MbqKGXvO4bJu1W4xGnEjQAmftcxBVyQisJe69xArTFn8+j3z1RJWXy7/DSlPGPP45MeEFnD41YT+pn5Xf6RP2ICZuGM5z1Yr/vg7+FQAA//8jnmo7+gAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"path":"/etc/hostname","contents":{"compression":"","source":"data:,fcos-worker1"},"mode":420}],"filesystems":[{"device":"/dev/disk/by-partlabel/var","format":"ext4","path":"/var"}]},"systemd":{"units":[{"contents":"# Generated by Butane\n[Unit]\nRequires=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\nAfter=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\n\n[Mount]\nWhere=/var\nWhat=/dev/disk/by-partlabel/var\nType=ext4\n\n[Install]\nRequiredBy=local-fs.target","enabled":true,"name":"var.mount"},{"contents":"[Unit]\nDescription=Layer %i with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\nBefore=zincati.service\nConditionPathExists=!/var/cache/rpm-ostree-install/%i.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/flock /var/cache/rpm-ostree-install/.lock -c \"/usr/bin/rpm-ostree install --assumeyes --idempotent --apply-live --allow-inactive %i | tee /var/cache/rpm-ostree-install/%i.stamp\"\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"rpm-ostree-install@.service"},{"enabled":true,"name":"rpm-ostree-install@python3.service"},{"enabled":true,"name":"rpm-ostree-install@libselinux-python3.service"},{"enabled":true,"name":"rpm-ostree-install@kubeadm.service"},{"enabled":true,"name":"rpm-ostree-install@kubelet.service"},{"enabled":true,"name":"rpm-ostree-install@kubectl.service"},{"enabled":true,"name":"rpm-ostree-install@cri-o.service"},{"enabled":true,"name":"rpm-ostree-install@htop.service"}]}}
ops/fcos/fcos-worker2.ign
@@ -1,1 +0,0 @@
-{"ignition":{"version":"3.3.0"},"passwd":{"users":[{"name":"core","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]},{"groups":["sudo"],"name":"robot","passwordHash":"$y$j9T$8AHcgGEznx/VnaNnbHufj/$zE.UJBpbrZiIKS3FcVLg.VBawvflIDZYn1dzKhJb7x0","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]}]},"storage":{"directories":[{"path":"/var/cache/rpm-ostree-install"}],"disks":[{"device":"/dev/disk/by-id/coreos-boot-disk","partitions":[{"label":"root","number":4,"resize":true,"sizeMiB":15360},{"label":"var","sizeMiB":0}],"wipeTable":false}],"files":[{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/4yMwanDMBBE76rCDUjiwyeBgCtICSGH9XpYgyTvIlkHdx9CgnP1aYZh3nukPqGu2NCebqWC8X4MbqKGXvO4bJu1W4xGnEjQAmftcxBVyQisJe69xArTFn8+j3z1RJWXy7/DSlPGPP45MeEFnD41YT+pn5Xf6RP2ICZuGM5z1Yr/vg7+FQAA//8jnmo7+gAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"path":"/etc/hostname","contents":{"compression":"","source":"data:,fcos-worker2"},"mode":420}],"filesystems":[{"device":"/dev/disk/by-partlabel/var","format":"ext4","path":"/var"}]},"systemd":{"units":[{"contents":"# Generated by Butane\n[Unit]\nRequires=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\nAfter=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\n\n[Mount]\nWhere=/var\nWhat=/dev/disk/by-partlabel/var\nType=ext4\n\n[Install]\nRequiredBy=local-fs.target","enabled":true,"name":"var.mount"},{"contents":"[Unit]\nDescription=Layer %i with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\nBefore=zincati.service\nConditionPathExists=!/var/cache/rpm-ostree-install/%i.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/flock /var/cache/rpm-ostree-install/.lock -c \"/usr/bin/rpm-ostree install --assumeyes --idempotent --apply-live --allow-inactive %i | tee /var/cache/rpm-ostree-install/%i.stamp\"\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"rpm-ostree-install@.service"},{"enabled":true,"name":"rpm-ostree-install@python3.service"},{"enabled":true,"name":"rpm-ostree-install@libselinux-python3.service"},{"enabled":true,"name":"rpm-ostree-install@kubeadm.service"},{"enabled":true,"name":"rpm-ostree-install@kubelet.service"},{"enabled":true,"name":"rpm-ostree-install@kubectl.service"},{"enabled":true,"name":"rpm-ostree-install@cri-o.service"},{"enabled":true,"name":"rpm-ostree-install@htop.service"}]}}
ops/fcos/fcos-worker3.ign
@@ -1,1 +0,0 @@
-{"ignition":{"version":"3.3.0"},"passwd":{"users":[{"name":"core","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]},{"groups":["sudo"],"name":"robot","passwordHash":"$y$j9T$8AHcgGEznx/VnaNnbHufj/$zE.UJBpbrZiIKS3FcVLg.VBawvflIDZYn1dzKhJb7x0","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10_153_832"]}]},"storage":{"directories":[{"path":"/var/cache/rpm-ostree-install"}],"disks":[{"device":"/dev/disk/by-id/coreos-boot-disk","partitions":[{"label":"root","number":4,"resize":true,"sizeMiB":15360},{"label":"var","sizeMiB":0}],"wipeTable":false}],"files":[{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/4yMwanDMBBE76rCDUjiwyeBgCtICSGH9XpYgyTvIlkHdx9CgnP1aYZh3nukPqGu2NCebqWC8X4MbqKGXvO4bJu1W4xGnEjQAmftcxBVyQisJe69xArTFn8+j3z1RJWXy7/DSlPGPP45MeEFnD41YT+pn5Xf6RP2ICZuGM5z1Yr/vg7+FQAA//8jnmo7+gAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"path":"/etc/hostname","contents":{"compression":"","source":"data:,fcos-worker3"},"mode":420}],"filesystems":[{"device":"/dev/disk/by-partlabel/var","format":"ext4","path":"/var"}]},"systemd":{"units":[{"contents":"# Generated by Butane\n[Unit]\nRequires=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\nAfter=systemd-fsck@dev-disk-by\\x2dpartlabel-var.service\n\n[Mount]\nWhere=/var\nWhat=/dev/disk/by-partlabel/var\nType=ext4\n\n[Install]\nRequiredBy=local-fs.target","enabled":true,"name":"var.mount"},{"contents":"[Unit]\nDescription=Layer %i with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\nBefore=zincati.service\nConditionPathExists=!/var/cache/rpm-ostree-install/%i.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/flock /var/cache/rpm-ostree-install/.lock -c \"/usr/bin/rpm-ostree install --assumeyes --idempotent --apply-live --allow-inactive %i | tee /var/cache/rpm-ostree-install/%i.stamp\"\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"rpm-ostree-install@.service"},{"enabled":true,"name":"rpm-ostree-install@python3.service"},{"enabled":true,"name":"rpm-ostree-install@libselinux-python3.service"},{"enabled":true,"name":"rpm-ostree-install@kubeadm.service"},{"enabled":true,"name":"rpm-ostree-install@kubelet.service"},{"enabled":true,"name":"rpm-ostree-install@kubectl.service"},{"enabled":true,"name":"rpm-ostree-install@cri-o.service"},{"enabled":true,"name":"rpm-ostree-install@htop.service"}]}}
ops/k8s/microk8s/ubnt1/preseed.cfg
@@ -1,89 +0,0 @@
-### Localization
-# Locale sets language and country.
-d-i debian-installer/locale string en_US
-# Keyboard selection.
-d-i keyboard-configuration/layoutcode string fr
-d-i keyboard-configuration/modelcode string bepo
-d-i keyboard-configuration/variantcode string
-
-### Network configuration
-# netcfg will choose an interface that has link if possible. This makes it
-# skip displaying a list if there is more than one interface.
-d-i netcfg/choose_interface select auto
-# Any hostname and domain names assigned from dhcp take precedence over
-# values set here. However, setting the values still prevents the questions
-# from being shown, even if values come from dhcp.
-d-i netcfg/get_hostname string ubnt1.home
-d-i netcfg/get_domain string home
-# Disable that annoying WEP key dialog.
-d-i netcfg/wireless_wep string
-
-### Mirror settings
-d-i mirror/country string manual
-d-i mirror/http/hostname string us.archive.ubuntu.com
-d-i mirror/http/directory string /ubuntu
-d-i mirror/http/proxy string
-
-### Partitioning
-# Encrypt your home directory?
-d-i user-setup/encrypt-home boolean false
-# Alternatively, you can specify a disk to partition. The device name
-# can be given in either devfs or traditional non-devfs format.
-d-i partman-auto/disk string /dev/vda
-# In addition, you'll need to specify the method to use.
-# The presently available methods are: "regular", "lvm" and "crypto"
-d-i partman-auto/method string regular
-# You can choose from any of the predefined partitioning recipes.
-d-i partman-auto/choose_recipe select atomic
-# This makes partman automatically partition without confirmation, provided
-# that you told it what to do using one of the methods above.
-d-i partman-partitioning/confirm_write_new_label boolean true
-d-i partman/choose_partition select finish
-d-i partman/confirm boolean true
-d-i partman/confirm_nooverwrite boolean true
-
-### Clock and time zone setup
-# Controls whether or not the hardware clock is set to UTC.
-d-i clock-setup/utc boolean true
-# You may set this to any valid setting for $TZ; see the contents of
-# /usr/share/zoneinfo/ for valid values.
-d-i time/zone string Europe/Paris
-
-### Account setup
-# Skip creation of a root account (normal user account will be able to
-# use sudo).
-d-i passwd/root-login boolean false
-
-# To create a normal user account.
-d-i passwd/user-fullname string Vincent
-d-i passwd/username string vincent
-# Normal user's password, either in clear text
-# or encrypted using an MD5 hash.
-d-i passwd/user-password-crypted password $6$4Puk4u221EHgeLBK$gVYPwH3b6OW0Ic1aZUNYkSrFcfj6mbgigGenACVUVxnO3V6MKgV0mTq4COZGtoZLdlIhy1ggXLLEZaZT6Fnpm/
-
-# This is fairly safe to set, it makes grub install automatically to the MBR
-# if no other operating system is detected on the machine.
-d-i grub-installer/only_debian boolean true
-
-### Package selection
-d-i tasksel/first multiselect standard
-# Individual additional packages to install
-d-i pkgsel/include string openssh-server snapd
-
-### Finishing up installation
-d-i preseed/late_command string \
- mkdir -p /target/home/vincent/.ssh; \
- wget https://github.com/vdemeester.keys -O /target/home/vincent/.ssh/authorized_keys; \
- chown -R 1000 /target/home/vincent/; \
- chmod 600 /target/home/vincent/.ssh/authorized_keys; \
- mkdir -p /target/root/.ssh; \
- cp /target/home/vincent/.ssh/authorized_keys /target/root/.ssh; \
- chmod 600 /target/home/vincent/.ssh/authorized_keys; \
- echo 'vincent ALL=(ALL) NOPASSWD: ALL' > /target/etc/sudoers.d/vincent ; \
- chmod 440 /target/etc/sudoers.d/vincent ;
-
-### Finishing up the first stage install
-# Avoid that last message about the install being complete.
-d-i finish-install/reboot_in_progress note
-# How do you want to manage upgrades on this system?
-d-i pkgsel/update-policy select none
ops/k8s/microk8s/ubnt2/preseed.cfg
@@ -1,88 +0,0 @@
-### Localization
-# Locale sets language and country.
-d-i debian-installer/locale string en_US
-# Keyboard selection.
-d-i keyboard-configuration/layoutcode string fr
-d-i keyboard-configuration/modelcode string bepo
-d-i keyboard-configuration/variantcode string
-
-### Network configuration
-# netcfg will choose an interface that has link if possible. This makes it
-# skip displaying a list if there is more than one interface.
-d-i netcfg/choose_interface select auto
-# Any hostname and domain names assigned from dhcp take precedence over
-# values set here. However, setting the values still prevents the questions
-# from being shown, even if values come from dhcp.
-d-i netcfg/get_hostname string ubnt2.home
-d-i netcfg/get_domain string home
-# Disable that annoying WEP key dialog.
-d-i netcfg/wireless_wep string
-
-### Mirror settings
-d-i mirror/country string manual
-d-i mirror/http/hostname string us.archive.ubuntu.com
-d-i mirror/http/directory string /ubuntu
-d-i mirror/http/proxy string
-
-### Partitioning
-# Encrypt your home directory?
-d-i user-setup/encrypt-home boolean false
-# Alternatively, you can specify a disk to partition. The device name
-# can be given in either devfs or traditional non-devfs format.
-d-i partman-auto/disk string /dev/vda
-# In addition, you'll need to specify the method to use.
-# The presently available methods are: "regular", "lvm" and "crypto"
-d-i partman-auto/method string regular
-# You can choose from any of the predefined partitioning recipes.
-d-i partman-auto/choose_recipe select atomic
-# This makes partman automatically partition without confirmation, provided
-# that you told it what to do using one of the methods above.
-d-i partman-partitioning/confirm_write_new_label boolean true
-d-i partman/choose_partition select finish
-d-i partman/confirm boolean true
-d-i partman/confirm_nooverwrite boolean true
-
-### Clock and time zone setup
-# Controls whether or not the hardware clock is set to UTC.
-d-i clock-setup/utc boolean true
-# You may set this to any valid setting for $TZ; see the contents of
-# /usr/share/zoneinfo/ for valid values.
-d-i time/zone string Europe/Paris
-
-### Account setup
-# Skip creation of a root account (normal user account will be able to
-# use sudo).
-d-i passwd/root-login boolean false
-
-# To create a normal user account.
-d-i passwd/user-fullname string Vincent
-d-i passwd/username string vincent
-# Normal user's password, either in clear text
-# or encrypted using an MD5 hash.
-d-i passwd/user-password-crypted password $6$4Puk4u221EHgeLBK$gVYPwH3b6OW0Ic1aZUNYkSrFcfj6mbgigGenACVUVxnO3V6MKgV0mTq4COZGtoZLdlIhy1ggXLLEZaZT6Fnpm/
-
-# This is fairly safe to set, it makes grub install automatically to the MBR
-# if no other operating system is detected on the machine.
-d-i grub-installer/only_debian boolean true
-
-### Package selection
-d-i tasksel/first multiselect standard
-# Individual additional packages to install
-d-i pkgsel/include string openssh-server snapd
-
-### Finishing up installation
-d-i preseed/late_command string \
- mkdir -p /target/home/vincent/.ssh; \
- wget https://github.com/vdemeester.keys -O /target/home/vincent/.ssh/authorized_keys; \
- chown -R 1000 /target/home/vincent/; \
- chmod 600 /target/home/vincent/.ssh/authorized_keys; \
- mkdir -p /target/root/.ssh; \
- cp /target/home/vincent/.ssh/authorized_keys /target/root/.ssh; \
- chmod 600 /target/home/vincent/.ssh/authorized_keys; \
- echo 'vincent ALL=(ALL) NOPASSWD: ALL' > /target/etc/sudoers.d/vincent ; \
- chmod 440 /target/etc/sudoers.d/vincent
-### Finishing up the first stage install
-# Avoid that last message about the install being complete.
-d-i finish-install/reboot_in_progress note
-# How do you want to manage upgrades on this system?
-d-i pkgsel/update-policy select none
ops/k8s/microk8s/bootstrap.sh
@@ -1,53 +0,0 @@
-#!/usr/bin/env bash
-set -euxo pipefail
-QEMU_URI=${QEMU_URI:-qemu+ssh://wakasu.home/system}
-declare -A addrs=( ["ubnt1"]="30" ["ubnt2"]="31")
-
-token="$(pwgen -1 32)"
-
-bootstrap() {
- machine=$1
- virt-install --connect="${QEMU_URI}" \
- --name="${machine}" --vcpus=4 --ram=4192 \
- --disk path=/var/lib/libvirt/images/${machine}.qcow2,bus=virtio,size=120 \
- --network bridge=br1,mac.address=52:54:00:dd:a3:${addrs[${machine}]} \
- --os-variant ubuntu20.04 \
- --location 'http://archive.ubuntu.com/ubuntu/dists/focal/main/installer-amd64/' \
- --initrd-inject ${machine}/preseed.cfg \
- --video=vga \
- --wait=-1 \
- --extra-args 'ks=file:/preseed.cfg /console=ttyS0,115200n8 serial'
-# --graphics none \
-# --console pty,target_type=serial \
-# --extra-args 'ks=file:/preseed.cfg /console=ttyS0,115200n8 serial'
-}
-
-configure-ubnt1() {
- ssh -o "StrictHostKeyChecking=no" -t vincent@192.168.1.130 sudo snap install microk8s --classic --channel=1.22
- ssh -t root@192.168.1.130 microk8s status --wait-ready
- ssh -t root@192.168.1.130 usermod -a -G microk8s vincent
- ssh -t root@192.168.1.130 microk8s enable dns ingress storage registry rbac
- ssh -t root@192.168.1.130 mkdir -p /root/.kube
- # ssh -t root@192.168.1.130 microk8s config > /root/.kube/config.microk8s
- # FIXME: Parse the output to get the full url to join
- ssh -t root@192.168.1.130 microk8s add-node --token-ttl=-1 --token=${token}
-}
-
-configure-ubnt2() {
- ssh -o "StrictHostKeyChecking=no" -t root@192.168.1.131 sudo snap install microk8s --classic --channel=1.22
- ssh -t root@192.168.1.130 microk8s status --wait-ready
- ssh -t root@192.168.1.130 usermod -a -G microk8s vincent
- ssh -t root@192.168.1.131 microk8s join 192.168.1.130:250000/${token}
-}
-
-for m in ubnt*; do
- set +e
- virsh --connect="${QEMU_URI}" list | grep $m
- if [[ $? -gt 0 ]]; then
- set -e
- bootstrap $m
- echo "bootstrap machine $m"
- sleep 60
- configure-$m
- fi
-done
ops/k8s/ingress.yaml
@@ -1,14 +0,0 @@
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
- name: dashboard-ingress
- namespace: tekton-pipelines
-spec:
- rules:
- - host: dashboard.tekton.home
- http:
- paths:
- - backend:
- serviceName: tekton-dashboard
- servicePort: 9097
- path: /*
ops/k8s/README.org
@@ -1,6 +0,0 @@
-#+TITLE: k8s setup
-#+FILETAGS: #home infra configuration dotfiles kubernetes
-
-This stores any configuration in my personal(s) kubernetes cluster(s). This will probably
-grow organically, but the basic idea is that, if I need to re-create a cluster from
-scratch, all is available from here (bootstrap, โฆ).
ops/hosts.toml
@@ -1,105 +0,0 @@
-[networks.vpn]
-v4 = "10.100.0.0" #/24
-
-[hosts.naruhodo]
-network = "vpn"
-ssh = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7zGAceSiqFtWHwt7HVjN24SCyWCC26l6YrgUP/qtPc vincent@naruhodo" }
-
-[hosts.naruhodo.wireguard]
-pubkey = "XXyyJ9GlIiZnUm+Bkpz+NSrFiosjfY4FB2PgLXVPLkI="
-addrs = { v4 = "10.100.0.15" }
-
-[hosts.wakasu]
-network = "vpn"
-ssh = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu" }
-addrs = { v4 = "192.168.1.77" }
-
-[hosts.wakasu.wireguard]
-pubkey = "qyxGnd/YJefqb4eEPqKO5XinvNx14fPcuZMNeYuBvSQ="
-addrs = { v4 = "10.100.0.8" }
-
-[hosts.aomi]
-network = "vpn"
-ssh = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJmTdMKYdgqpbQWBif58VBuwX+GqMGsMfB1ey1TKrM3 vincent@aomi" }
-addrs = { v4 = "192.168.1.23" }
-
-[hosts.aomi.wireguard]
-pubkey = "XT4D9YLeVHwMb9R4mhBLSWHYF8iBO"
-addrs = { v4 = "10.100.0.17" }
-
-[hosts.shikoku]
-network = "vpn"
-ssh = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku", gpgRemoteForward = true }
-addrs = { v4 = "192.168.1.24" }
-
-[hosts.shikoku.builder]
-maxJobs = 8
-systems = [ "x86_64-linux", "aarch64-linux", "armv7l-linux", "armv6l-linux" ]
-features = [ "big-parallel", "kvm", "nixos-test" ]
-
-[hosts.shikoku.wireguard]
-pubkey = "foUoAvJXGyFV4pfEE6ISwivAgXpmYmHwpGq6X+HN+yA="
-addrs = { v4 = "10.100.0.2" }
-
-[hosts.sakhalin]
-network = "vpn"
-ssh = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHspuKkxiLuuRjNsLCXFA51DGWdHo/9TGW4YZmQGKbm+ vincent@sakhalin", gpgRemoteForward = true }
-addrs = { v4 = "192.168.1.70" }
-
-[hosts.sakhalin.wireguard]
-pubkey = "OAjw1l0z56F8kj++tqoasNHEMIWBEwis6iaWNAh1jlk="
-addrs = { v4 = "10.100.0.16" }
-
-[hosts.kerkouane]
-network = "vpn"
-# addrs = { v4 = "167.99.17.238" } # FIXME probably not right
-ssh = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtEnw+3WMa9ESRyKdBUp/OHd8NPQdHLoqQ58L3YXF1o vincent@kerkouane", gpgRemoteForward = true, command = "tmux new -A -s default" }
-
-[hosts.kerkouane.wireguard]
-addrs = { v4 = "10.100.0.1" }
-port = 51820
-
-[hosts.aion]
-network = "vpn"
-addrs = { v4 = "192.168.1.49" }
-
-[hosts.aion.wireguard]
-pubkey = "T8qfsBiOcZNxUeRHFg+2FPdGj4AuGloJ4b+0uI2jM2w="
-addrs = { v4 = "10.100.0.49" }
-
-[hosts.athena]
-network = "vpn"
-addrs = { v4 = "192.168.1.183" }
-
-[hosts.athena.wireguard]
-pubkey = "RWqH7RdIXg+YE9U1nlsNiOC7jH8eWjWQmikqBVDGSXU="
-addrs = { v4 = "10.100.0.83" }
-
-[hosts.demeter]
-network = "vpn"
-addrs = { v4 = "192.168.1.182" }
-
-[hosts.demeter.wireguard]
-pubkey = "/bBh4gvDty/AA2qIiHc7K0OHoOXWmj2SFFXdDq8nsUU="
-addrs = { v4 = "10.100.0.82" }
-
-[hosts.honshu]
-network = "vpn"
-
-[hosts.honshu.vpn]
-addrs = { v4 = "10.100.0.10" }
-pubkey = "vzkizZZMoM8yi5bjKiDZN1vYydZY6NKJhv9OqwSTFAk="
-
-[hosts.k8sn1]
-addrs = { v4 = "192.168.1.130" }
-
-[hosts.k8sn2]
-addrs = { v4 = "192.168.1.131" }
-
-[hosts.k8sn3]
-addrs = { v4 = "192.168.1.132" }
-
-[ssh.keys]
-vincent = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICl4uBPx98p0m1ra4nKxaDvCP8TCou5J10gFUpYAuzp9 u0_a103@localhost", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINsbGtpU/w7Ff3O7hJ1QoO/5CuCrssBXrT+iHev/+rbf Generated By Termius" ]
-houbeb = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGUnBCTxRoIDhExcSaiirM5nf2PIcTMDUodYlGNvqfmD Generated By Termius" ]
-root = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCDr3bRw6r43BVOltmTXtDQAtZlJ/viBrCb58fG8suSdO97xLEGukZzf1QX46aXQEsenfKOalcd+OrukcoVIiZtlh1BHAaBB09Q0vKjtB1zKcUdZQYb6kA21/ItpW3gNsZq5M98QpwS9soJOLSccQosDoVBWDcHx72Kpzp2x4seKyAIpb1gtPnQjnnwA7urTcANw7CU8lmB3UtJZNPHclJNKso7h0ZBapausk9t0xGP18rmzQAe2ipa6pwUzS5rRq+j0LiY/JZQaQWBfc1i3IcKictKW5EykKmywJcwmr/PcTdcgTT4FaD+b1t1QAPLV82HxGzOYQO+/WBptBdq7Ss5 openpgp:0x86ADD81F", "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:000610153832", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxstR3xEf87leVVDS3GVPx8Ap9+eP+OfkSvM26V54XP vincent@shikoku", "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFT5Rx+4Wuvd8lMBkcHxb4oHdRhm/OTg+p5tvPzoIN9enSmgRw5Inm/SlS8ZzV87G1NESTgzDRi6hREvqDlKvxs=", "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGHMa4rHuBbQQYv+8jvlkFCD2VYRGA4+5fnZAhLx8iDirzfEPqHB60UJWcDeixnJCUlpJjzFbS4crNOXhfCTCTE=", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+" ]
secrets/machines.nix
@@ -1,350 +0,0 @@
-let
- gpgRemoteForward = {
- bind.address = "/run/user/1000/gnupg/S.gpg-agent";
- host.address = "/run/user/1000/gnupg/S.gpg-agent.extra";
- };
- gpgSSHRemoteForward = {
- bind.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
- host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
- };
- home = {
- ips = {
- aomi = "192.168.1.23";
- aion = "192.168.1.49";
- dev = "192.168.1.60";
- hokkaido = "192.168.1.115";
- honshu = "192.168.1.17";
- naruhodo = "192.168.1.36";
- okinawa = "192.168.1.19";
- sakhalin = "192.168.1.70";
- shikoku = "192.168.1.24";
- synodine = "192.168.1.20";
- kobe = "192.168.1.77";
- hass = "192.168.1.181";
- demeter = "192.168.1.182";
- athena = "192.168.1.183";
- remarkable = "192.168.1.57";
- };
- };
- wireguard = {
- ips = {
- kerkouane = "10.100.0.1";
- shikoku = "10.100.0.2";
- aomi = "10.100.0.17";
- kyushu = "10.100.0.19";
- hokkaido = "10.100.0.5";
- wakasu = "10.100.0.8";
- ipad = "10.100.0.3";
- vincent = "10.100.0.9";
- honshu = "10.100.0.10";
- houbeb = "10.100.0.13";
- houbeb-ipad = "10.100.0.43";
- houbeb-iphone = "10.100.0.44";
- okinawa = "10.100.0.14";
- naruhodo = "10.100.0.15";
- sakhalin = "10.100.0.16";
- hass = "10.100.0.81";
- demeter = "10.100.0.82";
- athena = "10.100.0.83";
- aix = "10.100.0.89";
- aion = "10.100.0.49";
- kobe = "10.100.0.77";
- };
- kerkouane = {
- allowedIPs = [ "${wireguard.ips.kerkouane}/32" ];
- publicKey = "+H3fxErP9HoFUrPgU19ra9+GDLQw+VwvLWx3lMct7QI=";
- };
- shikoku = {
- allowedIPs = [ "${wireguard.ips.shikoku}/32" ];
- publicKey = "foUoAvJXGyFV4pfEE6ISwivAgXpmYmHwpGq6X+HN+yA=";
- };
- wakasu = {
- allowedIPs = [ "${wireguard.ips.wakasu}/32" ];
- publicKey = "qyxGnd/YJefqb4eEPqKO5XinvNx14fPcuZMNeYuBvSQ=";
- };
- athena = {
- allowedIPs = [ "${wireguard.ips.athena}/32" ];
- publicKey = "RWqH7RdIXg+YE9U1nlsNiOC7jH8eWjWQmikqBVDGSXU=";
- };
- demeter = {
- allowedIPs = [ "${wireguard.ips.demeter}/32" ];
- publicKey = "/bBh4gvDty/AA2qIiHc7K0OHoOXWmj2SFFXdDq8nsUU=";
- };
- aix = {
- allowedIPs = [ "${wireguard.ips.aix}/32" ];
- publicKey = "D1HoBqrqBchHOOi8mjKpVg5vZtt+iFy8wj4o3kGYwkc=";
- };
- aion = {
- allowedIPs = [ "${wireguard.ips.aion}/32" ];
- publicKey = "T8qfsBiOcZNxUeRHFg+2FPdGj4AuGloJ4b+0uI2jM2w=";
- };
- vincent = {
- allowedIPs = [ "${wireguard.ips.vincent}/32" ];
- publicKey = "1wzFG60hlrAoSYcRKApsH+WK3Zyz8IjdLgIb/8JbuW0=";
- };
- ipad = {
- allowedIPs = [ "${wireguard.ips.ipad}/32" ];
- publicKey = "6viS+HqkW+qSj4X+Sj8n1PCJ6QIaZsOkmFQytlRvRwk=";
- };
- houbeb = {
- allowedIPs = [ "${wireguard.ips.houbeb}/32" ];
- publicKey = "RANYR3ouf+3Bh+6kJVF1I0s5iglBGs7ucW6iRyv2cGc=";
- };
- houbeb-ipad = {
- allowedIPs = [ "${wireguard.ips.houbeb-ipad}/32" ];
- publicKey = "cwdpRxMJP86QYkJ1O43mBoSyBJaE7d7Kxbsd2nj5vh4=";
- };
- houbeb-iphone = {
- allowedIPs = [ "${wireguard.ips.houbeb-iphone}/32" ];
- publicKey = "UdgP0UBPfIrzdUe8JNeom4qahtoBxSADI5gKwpoNYEs=";
- };
- okinawa = {
- allowedIPs = [ "${wireguard.ips.okinawa}/32" ];
- publicKey = "gsX8RiTq7LkCiEIyNk2j9b8CHlJjSUbi1Im6nSWGmB4=";
- };
- sakhalin = {
- allowedIPs = [ "${wireguard.ips.sakhalin}/32" ];
- publicKey = "OAjw1l0z56F8kj++tqoasNHEMIWBEwis6iaWNAh1jlk=";
- };
- aomi = {
- allowedIPs = [ "${wireguard.ips.aomi}/32" ];
- publicKey = "XT4D9YLeVHwMb9R4mhBLSWHYF8iBO/UOT86MQL1jnA4=";
- };
- kyushu = {
- allowedIPs = [ "${wireguard.ips.kyushu}/32" ];
- publicKey = "KVRzoPUw8UTQblYtbs/NLYLIVmtQehrc4Hacbpf5Ugs=";
- };
- kobe = {
- allowedIPs = [ "${wireguard.ips.kobe}/32" ];
- publicKey = "B9jLGtXGZEfvBrgyEKrFRrsCsTsarfpFeyXqqq1NOWg=";
- };
- hass = {
- allowedIPs = [ "${wireguard.ips.hass}/32" ];
- publicKey = "sLi6Qpm6yyI0kuJ5LzCKXzFhhTW3Q50krxSin+b/sWs=";
- };
- honshu = {
- allowedIPs = [ "${wireguard.ips.honshu}/32" ];
- publicKey = "vzkizZZMoM8yi5bjKiDZN1vYydZY6NKJhv9OqwSTFAk=";
- };
- };
- ssh = {
- # gpg deprecated
- yubikey = {
- key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCDr3bRw6r43BVOltmTXtDQAtZlJ/viBrCb58fG8suSdO97xLEGukZzf1QX46aXQEsenfKOalcd+OrukcoVIiZtlh1BHAaBB09Q0vKjtB1zKcUdZQYb6kA21/ItpW3gNsZq5M98QpwS9soJOLSccQosDoVBWDcHx72Kpzp2x4seKyAIpb1gtPnQjnnwA7urTcANw7CU8lmB3UtJZNPHclJNKso7h0ZBapausk9t0xGP18rmzQAe2ipa6pwUzS5rRq+j0LiY/JZQaQWBfc1i3IcKictKW5EykKmywJcwmr/PcTdcgTT4FaD+b1t1QAPLV82HxGzOYQO+/WBptBdq7Ss5 openpgp:0x86ADD81F";
- authorized = true;
- };
- # gpg deprecated
- yubikey5 = {
- # key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:000610153832";
- key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10 153 832";
- authorized = true;
- };
- yubikey5-a = {
- key = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFT5Rx+4Wuvd8lMBkcHxb4oHdRhm/OTg+p5tvPzoIN9enSmgRw5Inm/SlS8ZzV87G1NESTgzDRi6hREvqDlKvxs=";
- authorized = true;
- };
- yubikey5-c1 = {
- key = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGHMa4rHuBbQQYv+8jvlkFCD2VYRGA4+5fnZAhLx8iDirzfEPqHB60UJWcDeixnJCUlpJjzFbS4crNOXhfCTCTE=";
- authorized = true;
- };
- # yubikey5-c2 = {
- # key = "";
- # authorized = true;
- # };
- kerkouane = {
- port = 20000;
- key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtEnw+3WMa9ESRyKdBUp/OHd8NPQdHLoqQ58L3YXF1o vincent@kerkouane";
- authorized = true;
- };
- california = {
- key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICl4uBPx98p0m1ra4nKxaDvCP8TCou5J10gFUpYAuzp9 u0_a103@localhost";
- };
- hokkaido = {
- key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcmRh9Khviqrl9wPPzogW9vTMAtkFc0HfWQ5kgvOpCw vincent@hokkaido";
- authorized = true;
- };
- wakasu = {
- key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu";
- authorized = true;
- };
- vincent = {
- key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINsbGtpU/w7Ff3O7hJ1QoO/5CuCrssBXrT+iHev/+rbf Generated By Termius";
- };
- houbeb = {
- key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGUnBCTxRoIDhExcSaiirM5nf2PIcTMDUodYlGNvqfmD Generated By Termius";
- };
- phantom = {
- key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDm23WasboyoiYcaCyxb/DWXRwWXR183gHwOcWTGMKZaYy0WMAWkBUPJjD5s7tlib2D7GJIoBqoPRvNQbmUdxFle+CftY7aj7oP7s0FlbNzFmybTzcZ/3zkkkKAOw2USw3saQ4kd8IqyACo9TsfhajX8jsrrHl3dzyjqTDWlcJmETUGpdYbSA7E3WavzPF2x3/kFcA5cmoYgpcFpGgXAKvaG2IFONLv+vTDPtGVq+GiOwQSVR7TXpFmdhHEw9hnzHnsuffQMxANaQMvqPV8+H0jfF3H2WNqp8GULcGyudngkKioTAVvBiTiRJnVK7hg6SxpdlszqO0yMjN37NB2gPJz houbeb@phantom.local";
- };
- okinawa = {
- key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcu4MmZNeBLE7HDjLc6T10tz6rerziQbsZN0LS+mAiq vincd@okinawa";
- };
- honshu = {
- key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAocnNHVCqloXfsvbOoMV0KYAdeon5NYrZX3bnWK+SAo vincent@honshu";
- };
- aomi = {
- key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJ3QqVCUiE4BIFKTJLN6mSnp9bLSnJ3gE8ScbAajGsH vincent@aomi";
- authorized = true;
- };
- };
-in
-{
- inherit home;
- inherit wireguard;
- wg = {
- allowedIPs = "10.100.0.0/24";
- listenPort = 51820;
- endpointIP = "167.99.17.238";
- persistentKeepalive = 25;
- peers = [
- wireguard.shikoku
- wireguard.wakasu
- wireguard.vincent
- wireguard.sakhalin
- wireguard.aomi
- wireguard.kyushu
- wireguard.ipad
- wireguard.hass
- wireguard.demeter
- wireguard.athena
- wireguard.aix
- wireguard.aion
- wireguard.honshu
- wireguard.houbeb
- wireguard.houbeb-ipad
- wireguard.houbeb-iphone
- wireguard.kobe
- ]; # wireguard.hokkaido
- };
- inherit ssh;
- sshConfig = {
- "naruhodo.home" = {
- hostname = "${home.ips.naruhodo}";
- };
- "naruhodo.vpn" = {
- hostname = "${wireguard.ips.naruhodo}";
- };
- "aomi.home" = {
- hostname = "${home.ips.aomi}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- "aion.home" = {
- hostname = "${home.ips.aion}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- "aion.vpn" = {
- hostname = "${wireguard.ips.aion}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- "aomi.vpn" = {
- hostname = "${wireguard.ips.aomi}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- "okinawa.home" = {
- hostname = "${home.ips.okinawa}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- "okinawa.vpn" = {
- hostname = "${wireguard.ips.okinawa}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- "sakhalin.home" = {
- hostname = "${home.ips.sakhalin}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- "sakhalin.vpn" = {
- hostname = "${wireguard.ips.sakhalin}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- "hokkaido.home" = {
- hostname = "${home.ips.hokkaido}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- "hokkaido.vpn" = {
- hostname = "${wireguard.ips.hokkaido}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- "wakasu.home" = {
- hostname = "${home.ips.wakasu}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- "wakasu.vpn" = {
- hostname = "${wireguard.ips.wakasu}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- "athena.home" = {
- hostname = "${home.ips.athena}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- "athena.vpn" = {
- hostname = "${wireguard.ips.athena}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- "demeter.home" = {
- hostname = "${home.ips.demeter}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- "demeter.vpn" = {
- hostname = "${wireguard.ips.demeter}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- "dev.home" = {
- hostname = "${home.ips.dev}";
- };
- "kerkouane.vpn" = {
- hostname = "${wireguard.ips.kerkouane}";
- remoteForwards = [
- gpgRemoteForward
- gpgSSHRemoteForward
- ];
- };
- };
-}
shells/default.nix
@@ -1,1 +0,0 @@
-import ./nixos-config.nix
shells/nixos-config.nix
@@ -1,18 +0,0 @@
-{ pkgs, inputs }:
-
-pkgs.mkShell {
- name = "NixOS config";
- buildInputs = with pkgs; [
- cachix
- git
- nixpkgs-fmt
- sops
- yq-go
- ];
- shellHook = ''
- test -f .secrets && source .secrets || echo "no secrets"
- export QEMU_OPTS="-m 8096 -cpu host"
- export PATH="${builtins.toString ./.}/bin:$PATH"
- export REPO_ROOT="${builtins.toString ./.}"
- '';
-}