titanz/Fedora-CoreOS-Ignition
1
0
Fork 0
mirror of https://github.com/TommyTran732/Fedora-CoreOS-Ignition.git synced 2025-06-12 12:24:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2025-06-05 03:11:21 -07:00
parent 6b592afe0f
commit 65f05d7e76
No known key found for this signature in database
GPG Key ID: 555C902A34EC968F
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -2,8 +2,7 @@
Ignition configurations for Fedora CoreOS<br />
# Notes
1. These are the configs I personally use on my systems. You **MUST** edit the files before you use them. At the very least, you should add your SSH keys or password hash.<br />
2. Only ED25519 SSH keys are accepted with the SSHD hardening configuration. If you do not use ED25519 keys, you will need to adjust the `/etc/ssh/sshd_config.d/10-custom.conf` file accordingly.
3. If you create a passwordless user that requires administrative privileges, ensure that it is part of the `sudo` group (CoreOS allows this group to use sudo without a password) as the configs will disable empty password system authentication.
4. These configurations are made with a VPS in mind. You should adapt it for a bare metal deployment if that is what you are using (adding additional kernel parameters, configuring drive encryption, configuring storage, etc). You should also change the tuned profile from `virtual-guest` appropriately.
5. The docker-compose-updater@.timer can be enabled to have automatic updates for your containers created by Docker Compose.
These configurations are tailored for Metropolis.nexus environment:
- Firewalling is handled by Proxmox (not the individual VMs)
- DNSSEC validation is done by either OPNsense or a central VM dedicated to running the DNS resolver
- Podman will be used for deployment, not Docker