-
Notifications
You must be signed in to change notification settings - Fork 5
/
ignition.json
106 lines (106 loc) · 5.5 KB
/
ignition.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
{
"ignition": {
"config": {},
"timeouts": {},
"version": "2.1.0"
},
"networkd": {
"units": [
{
"contents": "[Match]\nName=enp3s0\n\n[Network]\nDNS=192.168.2.2\nAddress=192.168.2.2/24\nGateway=192.168.2.1\n",
"name": "00-enp3s0.network"
}
]
},
"passwd": {
"users": [
{
"name": "core",
"sshAuthorizedKeys": [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrOJ0dRoMpSrSb9pQhd6bzFzoMpCKsBU2z1NlwEgR1zB5kQoE27fJ9csrncLod2lp5MhUWxGi8ar2HtNTjcGZUGV5vtt7DyR5F2nEgdhJF7MbJaSdThzjUPKQUW6xoQuo09+8KsHnjGwTsjV/hepg+WzkKOfrk2EuxDqhSxvM8X2meSyxPFN6yrAU8yc0WTbZ/IoLhgXuGfkQ8TK301XclFF3BWQSLKST1qZFkJEDfwV+H3E+TI4ec7ljj2uz+rgqLhPv5ia/Nv3GLDKFaSuWmaIpr/zn+U2eWv89BpvXp1AmIGJGbukgbRiGrHR4Sft7hKqx0fug/KXacck1gbczJ [email protected]"
]
}
]
},
"storage": {
"directories": [
{
"filesystem": "root",
"group": {},
"path": "/srv/blakeshome",
"user": {}
}
],
"files": [
{
"filesystem": "root",
"group": {},
"path": "/etc/hostname",
"user": {},
"contents": {
"source": "data:,blakeshome1",
"verification": {}
},
"mode": 420
},
{
"filesystem": "root",
"group": {},
"path": "/var/lib/iptables/rules-save",
"user": {},
"contents": {
"source": "https://raw.githubusercontent.com/blakeblackshear/blakeshome-config/master/iptables-rules-save",
"verification": {}
}
}
]
},
"systemd": {
"units": [
{
"contents": "[Unit]\nDescription=Set the time zone\n\n[Service]\nExecStart=/usr/bin/timedatectl set-timezone America/Chicago\nRemainAfterExit=yes\nType=oneshot\n",
"enable": true,
"name": "settimezone.service"
},
{
"contents": "[Unit]\nBefore=local-fs.target\n\n[Mount]\nWhat=/dev/sdb1\nWhere=/media/passwords\n\n[Install]\nWantedBy=local-fs.target\n",
"enable": true,
"name": "media-passwords.mount"
},
{
"enable": true,
"name": "iptables-restore.service"
},
{
"contents": "[Unit]\nDescription=Install docker-compose\nConditionPathExists=!/opt/bin/docker-compose\nWants=network-online.target\nAfter=network-online.target\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/mkdir -p /opt/bin/\nExecStart=/usr/bin/curl --create-dirs -o /opt/bin/docker-compose -sL https://github.com/docker/compose/releases/download/1.18.0/docker-compose-linux-x86_64\nExecStart=/usr/bin/chmod +x /opt/bin/docker-compose\n\n[Install]\nWantedBy=multi-user.target\n",
"enable": true,
"name": "install-docker-compose.service"
},
{
"contents": "[Unit]\nDescription=Download blakeshome config\nConditionPathExists=!/srv/blakeshome/.git\nWants=network-online.target\nAfter=network-online.target media-passwords.mount\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/git clone git://github.com/blakeblackshear/blakeshome-config.git /srv/blakeshome\n\n[Install]\nWantedBy=multi-user.target\n",
"enable": true,
"name": "config-blakeshome.service"
},
{
"contents": "[Unit]\nDescription=Decrypt blakeshome config\nWants=network-online.target\nAfter=network-online.target config-blakeshome.service media-passwords.mount\n\n[Service]\nEnvironmentFile=/media/passwords/PASSWORDS.env\nType=oneshot\nRemainAfterExit=yes\nExecStart=/srv/blakeshome/decrypt.sh\n\n[Install]\nWantedBy=multi-user.target\n",
"enable": true,
"name": "decrypt-blakeshome.service"
},
{
"contents": "[Unit]\nDescription=Blakeshome (docker machine)\nWants=network-online.target\nAfter=network-online.target config-blakeshome.service decrypt-blakeshome.service install-docker-compose.service\n\n[Service]\nEnvironmentFile=/srv/blakeshome/DOCKER.env\nType=oneshot\nRemainAfterExit=yes\nWorkingDirectory=/srv/blakeshome\nExecStart=/opt/bin/docker-compose up -d\nExecStop=/opt/bin/docker-compose down\n\n[Install]\nWantedBy=multi-user.target\n",
"enable": true,
"name": "blakeshome.service"
},
{
"contents": "[Unit]\nDescription=Blakeshome (docker machine)\nWants=network-online.target\nAfter=network-online.target blakeshome.service\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=-/bin/docker exec acme.sh --issue --dns dns_cf -d blakeshome.com\nExecStart=-/bin/docker exec acme.sh --issue --dns dns_cf -d hass.blakeshome.com\nExecStart=-/bin/docker exec acme.sh --issue --dns dns_cf -d unifi.blakeshome.com\nExecStart=-/bin/docker exec acme.sh --issue --dns dns_cf -d nodered.blakeshome.com\n\n[Install]\nWantedBy=multi-user.target\n",
"enable": true,
"name": "cert-blakeshome.service"
},
{
"contents": "[Unit]\nDescription=sshguard\nAfter=network-online.target iptables-restore.service docker.service\nRequires=network-online.target docker.service\n\n[Service]\nTimeoutStartSec=0\nExecStartPre=-/usr/bin/docker kill %n\nExecStartPre=-/usr/bin/docker rm %n\nExecStartPre=/usr/bin/docker pull pablocouto/coreos-sshguard\n\nExecStart=/bin/sh -c 'journalctl --no-pager -f -n0 -q -t sshd | /usr/bin/docker run -i --name=%n -v /dev/log:/dev/log --net=host --cap-add=NET_ADMIN --cap-add=NET_RAW pablocouto/coreos-sshguard \u003e/dev/null'\n\nExecStop=/usr/bin/docker stop %n\nExecStop=/usr/bin/docker rm %n\n\n[Install]\nWantedBy=multi-user.target\n",
"enable": true,
"name": "sshguard.service"
}
]
}
}