titanz/Fedora-CoreOS-Ignition
1
0
Fork 0
mirror of https://github.com/TommyTran732/Fedora-CoreOS-Ignition.git synced 2025-07-29 14:22:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: titanz:e93575a87f6fe4c884a76723a7f44e4464c76daa
Branches Tags
titanz:main
..
compare: titanz:90b5b42aa96eb0f1acab8b7a094a3a0f7a1ed368
Branches Tags
titanz:main

No commits in common. "e93575a87f6fe4c884a76723a7f44e4464c76daa" and "90b5b42aa96eb0f1acab8b7a094a3a0f7a1ed368" have entirely different histories.
e93575a87f ... 90b5b42aa9

3 changed files with 5 additions and 17 deletions
Show Stats Expand all files Collapse all files

4
README.md
View File

@ -1,8 +1,8 @@
# Fedora-CoreOS-Ignition
Ignition configurations for Fedora CoreOS<br />
## Notes
# Notes
These configurations are tailored for Metropolis.nexus environment:
- Firewalling is handled by Proxmox (not the individual VMs)
- DNSSEC validation is done by either OPNsense or a central VM dedicated to running the DNS resolver
- The `docker-auto-update@.timer` in `/etc/systemd/system` can be enabled to have automatic updates for your containers created by Docker Compose.
- Podman will be used for deployment, not Docker

2
x86.ign
View File

File diff suppressed because one or more lines are too long

16
x86.yml
View File

@ -46,11 +46,8 @@ systemd:
ExecStart=/usr/sbin/setsebool -P virt_use_nfs off
ExecStart=/usr/sbin/setsebool -P virt_use_samba off
ExecStart=/usr/bin/systemctl start gvisor-auto-update.service
ExecStart=/usr/bin/rpm-ostree override remove containerd docker-cli moby-engine runc systemd-resolved
ExecStart=/usr/bin/rpm-ostree install docker-ce docker-compose-plugin hardened_malloc qemu-guest-agent tuned
ExecStart=/usr/bin/rpm-ostree install hardened_malloc qemu-guest-agent tuned
ExecStart=/usr/bin/sed -i 's/\s+nullok//g' /etc/pam.d/system-auth
ExecStart=/usr/bin/systemctl disable --now systemd-resolved
ExecStart=/usr/bin/rm /etc/resolv.conf
ExecStart=/usr/bin/touch /var/lib/%N.stamp
ExecStart=/usr/bin/systemctl --no-block reboot
@ -147,13 +144,6 @@ storage:
contents:
source: https://raw.githubusercontent.com/Metropolis-nexus/Common-Files/main/etc/systemd/coredump.conf.d/disable.conf
- path: /etc/systemd/system/docker-auto-update@.service
contents:
source: https://raw.githubusercontent.com/Metropolis-nexus/Common-Files/refs/heads/main/etc/systemd/system/docker-auto-update%40.service
- path: /etc/systemd/system/docker-auto-update@.timer
contents:
source: https://raw.githubusercontent.com/Metropolis-nexus/Common-Files/refs/heads/main/etc/systemd/system/docker-auto-update%40.timer
- path: /etc/systemd/system/gvisor-auto-update.service
contents:
source: https://raw.githubusercontent.com/Metropolis-nexus/Common-Files/main/etc/systemd/system/gvisor-auto-update.service
@ -184,9 +174,7 @@ storage:
- path: /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:secureblue:hardened_malloc.repo
contents:
source: https://raw.githubusercontent.com/Metropolis-nexus/Common-Files/main/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:secureblue:hardened_malloc.repo
- path: /etc/yum.repos.d/docker-ce.repo
contents:
source: https://raw.githubusercontent.com/Metropolis-nexus/Common-Files/refs/heads/main/etc/yum.repos.d/docker-ce.repo
overwrite: true
- path: /etc/zincati/config.d/51-rollout-wariness.toml
contents: