forked from coreos/fedora-coreos-config
-
Notifications
You must be signed in to change notification settings - Fork 0
/
fedora-coreos-base.yaml
97 lines (91 loc) · 2.7 KB
/
fedora-coreos-base.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# Base packages for a Fedora CoreOS like system
include: minimal.yaml
# Modern defaults we want
boot_location: new
tmp-is-dir: true
# Required by Ignition, and makes the system not compatible with Anaconda
machineid-compat: false
releasever: 29
automatic_version_prefix: 29
repos:
- fedora
- fedora-updates
- dustymabe-ignition
ignore-removed-users:
- root
ignore-removed-groups:
- root
etc-group-members:
- wheel
- sudo
- systemd-journal
- adm
check-passwd:
type: "file"
filename: "passwd"
check-groups:
type: "file"
filename: "group"
postprocess:
- |
#!/usr/bin/env bash
set -xe
# https://github.com/projectatomic/rpm-ostree/issues/1542#issuecomment-419684977
for x in /etc/yum.repos.d/*modular.repo; do
sed -i -e 's,enabled=[01],enabled=0,' ${x}
done
# See machineid-compat in host-base.yaml.
# Since that makes presets run on boot, we need to have our defaults in /usr
ln -sfr /usr/lib/systemd/system/{multi-user,default}.target
# Persistent journal by default
echo 'Storage=persistent' >> /etc/systemd/journald.conf
# https://github.com/openshift/os/issues/96
# sudo group https://github.com/openshift/os/issues/96
echo '%sudo ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/coreos-sudo-group
# We're not using resolved yet
rm -f /usr/lib/systemd/system/systemd-resolved.service
cat >/usr/lib/systemd/system-preset/42-coreos.preset << EOF
# Presets here that eventually should live in the generic fedora presets
# This one is from https://github.com/dustymabe/ignition-dracut
enable coreos-firstboot-complete.service
EOF
# Let's have a non-boring motd, just like CL (although theirs is more subdued
# nowadays compared to early versions with ASCII art). One thing we do here
# is add --- as a "separator"; the idea is that any "dynamic" information should
# be below that.
cat > /etc/motd <<EOF
Fedora CoreOS (preview)
---
EOF
packages:
# SELinux
- selinux-policy-targeted policycoreutils-python
- setools-console
# System setup
- ignition ignition-dracut
- dracut-network
- passwd
# SSH
- openssh-server openssh-clients
# Containers
- podman skopeo runc
# Networking
- bridge-utils nfs-utils biosdevname iptables-services
- NetworkManager dnsmasq hostname
# Storage
- container-storage-setup cloud-utils-growpart
- lvm2 iscsi-initiator-utils sg3_utils
- device-mapper-multipath
- xfsprogs e2fsprogs mdadm
- cryptsetup
# Time sync
- chrony
# Extra runtime
- authconfig sssd shadow-utils
- logrotate
# Used by admins interactively
- sudo coreutils less tar xz gzip bzip2 tmux
- nmap-ncat net-tools bind-utils
- bash-completion
# Moving files around
- rsync fuse-sshfs