Add config.yaml

config.yaml

@@ -0,0 +1,108 @@
+variant: flatcar
+version: 1.0.0
+
+passwd:
+  users:
+    - name: core
+      ssh_authorized_keys:
+        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCIhNrBrqfudEpoqScJMnLCGZQ3QUzcmsX7H96v7ej3qVxLwxN5YY3wWQgozcfz4mWsUPgkICR11rpvRa7H44OSDPUwGLaDm1CnLeLp1RzIecJRUIVMCz5v+9Xgq9MF+jkO09pwTpkb6ZplmsCs8pedjBNwaE5n7mesNDDfvbo4Joe3zJemys5EVEcwVE/0CjU50bnZ65QTfgRrEC0+71PYJkARTjdoMeTjEP7s4/pntONGEjQrRoJCypSszqSee0U7r530mCN2x+TGZfdaJv3sm9Nf689WcxL5Uy4mihUrgXZ4sFlPUXrbHG/YRDreL+q16LcQZWFLNbW0xzffo4wArlPPszPdDy3r4dw5jGCynlXxFhGA0FwlMp5jd6Zgz0z/7oZhkWAwpt3xzfCxC2dJbUCbXi1aTo4YCvdJnq71QbVuPXt8X/BqAY/a0O2Z+IxmjEM7h79Z/PC1lIIiwwsk99fHtdQCzSFQ/7pvPp7FyFXYSyjflb0uMy6/DiPnRQE= defalt2111@desktop-antonio
+    - name: bitwarden
+      groups:
+        - docker
+      shell: /bin/bash
+
+storage:
+  files:
+    - path: /etc/systemd/network/10-eth0.network
+      mode: 0644
+      contents:
+        inline: |
+          [Match]
+          Name=eth0
+
+          [Network]
+          Address=46.38.243.134/22
+          Gateway=46.38.240.1
+          RouteMetric=100
+          IPv6AcceptRA=no
+          LinkLocalAddressing=no
+
+    - path: /etc/systemd/network/20-eth1.network
+      mode: 0644
+      contents:
+        inline: |
+          [Match]
+          Name=eth1
+
+          [Network]
+          DHCP=yes
+          RouteMetric=200
+          IPv6AcceptRA=no
+          LinkLocalAddressing=no
+
+          [Route]
+          Destination=10.0.0.0/8
+          Gateway=_dhcp4
+
+          [Route]
+          Destination=172.16.0.0/12
+          Gateway=_dhcp4
+
+          [Route]
+          Destination=192.168.0.0/16
+          Gateway=_dhcp4
+
+          [Route]
+          Destination=100.64.0.0/10
+          Gateway=_dhcp4
+
+    - path: /etc/nftables.conf
+      mode: 0644
+      contents:
+        inline: |
+          table inet filter {
+            chain input {
+              type filter hook input priority 0; policy accept;
+
+              iifname "eth0" tcp dport 22 drop
+            }
+          }
+
+systemd:
+  units:
+    - name: docker.service
+      enabled: true
+
+    - name: nftables.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=NFT firewall
+        Before=network-pre.target
+        Wants=network-pre.target
+        DefaultDependencies=no
+
+        [Service]
+        Type=oneshot
+        ExecStart=/usr/sbin/nft -f /etc/nftables.conf
+        RemainAfterExit=yes
+
+        [Install]
+        WantedBy=multi-user.target
+
+    - name: docker-compose-install.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Install docker-compose
+        Wants=network-online.target
+        After=network-online.target docker.service
+        ConditionPathExists=!/usr/local/bin/docker-compose
+
+        [Service]
+        Type=oneshot
+        ExecStart=/bin/sh -c 'set -eu; arch="$(uname -m)"; case "$arch" in x86_64) asset=docker-compose-linux-x86_64 ;; aarch64|arm64) asset=docker-compose-linux-aarch64 ;; *) echo "unsupported arch: $arch" >&2; exit 1 ;; esac; curl -fsSL "https://github.com/docker/compose/releases/latest/download/${asset}" -o /usr/local/bin/docker-compose && chmod 0755 /usr/local/bin/docker-compose'
+        RemainAfterExit=yes
+
+        [Install]
+        WantedBy=multi-user.target