From 42bb898446e7281d07645ed06a7421e9df4ca231 Mon Sep 17 00:00:00 2001 From: Antonio Ledebuhr Date: Thu, 14 May 2026 22:09:38 +0200 Subject: [PATCH] Add config.yaml --- config.yaml | 108 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 config.yaml diff --git a/config.yaml b/config.yaml new file mode 100644 index 0000000..5b93b9d --- /dev/null +++ b/config.yaml @@ -0,0 +1,108 @@ +variant: flatcar +version: 1.0.0 + +passwd: + users: + - name: core + ssh_authorized_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCIhNrBrqfudEpoqScJMnLCGZQ3QUzcmsX7H96v7ej3qVxLwxN5YY3wWQgozcfz4mWsUPgkICR11rpvRa7H44OSDPUwGLaDm1CnLeLp1RzIecJRUIVMCz5v+9Xgq9MF+jkO09pwTpkb6ZplmsCs8pedjBNwaE5n7mesNDDfvbo4Joe3zJemys5EVEcwVE/0CjU50bnZ65QTfgRrEC0+71PYJkARTjdoMeTjEP7s4/pntONGEjQrRoJCypSszqSee0U7r530mCN2x+TGZfdaJv3sm9Nf689WcxL5Uy4mihUrgXZ4sFlPUXrbHG/YRDreL+q16LcQZWFLNbW0xzffo4wArlPPszPdDy3r4dw5jGCynlXxFhGA0FwlMp5jd6Zgz0z/7oZhkWAwpt3xzfCxC2dJbUCbXi1aTo4YCvdJnq71QbVuPXt8X/BqAY/a0O2Z+IxmjEM7h79Z/PC1lIIiwwsk99fHtdQCzSFQ/7pvPp7FyFXYSyjflb0uMy6/DiPnRQE= defalt2111@desktop-antonio + - name: bitwarden + groups: + - docker + shell: /bin/bash + +storage: + files: + - path: /etc/systemd/network/10-eth0.network + mode: 0644 + contents: + inline: | + [Match] + Name=eth0 + + [Network] + Address=46.38.243.134/22 + Gateway=46.38.240.1 + RouteMetric=100 + IPv6AcceptRA=no + LinkLocalAddressing=no + + - path: /etc/systemd/network/20-eth1.network + mode: 0644 + contents: + inline: | + [Match] + Name=eth1 + + [Network] + DHCP=yes + RouteMetric=200 + IPv6AcceptRA=no + LinkLocalAddressing=no + + [Route] + Destination=10.0.0.0/8 + Gateway=_dhcp4 + + [Route] + Destination=172.16.0.0/12 + Gateway=_dhcp4 + + [Route] + Destination=192.168.0.0/16 + Gateway=_dhcp4 + + [Route] + Destination=100.64.0.0/10 + Gateway=_dhcp4 + + - path: /etc/nftables.conf + mode: 0644 + contents: + inline: | + table inet filter { + chain input { + type filter hook input priority 0; policy accept; + + iifname "eth0" tcp dport 22 drop + } + } + +systemd: + units: + - name: docker.service + enabled: true + + - name: nftables.service + enabled: true + contents: | + [Unit] + Description=NFT firewall + Before=network-pre.target + Wants=network-pre.target + DefaultDependencies=no + + [Service] + Type=oneshot + ExecStart=/usr/sbin/nft -f /etc/nftables.conf + RemainAfterExit=yes + + [Install] + WantedBy=multi-user.target + + - name: docker-compose-install.service + enabled: true + contents: | + [Unit] + Description=Install docker-compose + Wants=network-online.target + After=network-online.target docker.service + ConditionPathExists=!/usr/local/bin/docker-compose + + [Service] + Type=oneshot + ExecStart=/bin/sh -c 'set -eu; arch="$(uname -m)"; case "$arch" in x86_64) asset=docker-compose-linux-x86_64 ;; aarch64|arm64) asset=docker-compose-linux-aarch64 ;; *) echo "unsupported arch: $arch" >&2; exit 1 ;; esac; curl -fsSL "https://github.com/docker/compose/releases/latest/download/${asset}" -o /usr/local/bin/docker-compose && chmod 0755 /usr/local/bin/docker-compose' + RemainAfterExit=yes + + [Install] + WantedBy=multi-user.target \ No newline at end of file