ignition:

version: "2.2.0"

passwd:

users:
  - name: "admin"
    passwordHash: "x"
    sshAuthorizedKeys:
      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDlIRM5H4lz/t8PfiGptR8cWqVrD8NCwROZly1XuYooWiIdTinJAvkATdR54ic6YuNenoKOeqtTj0dkytbzi5xItBti6cqzHvFAOXhKzVCsR5n/Mdt2KPbp215pFS96yfsx/24Z4cGygXe24SEXv28KdWZ1nWQyUrlne9jMaB7n3cGzNaXOPy42l03/bAaflWoyD7gyyS9XHDuZkLxVrhtlO43UtIXL4IZzKTCy1cZdaabZxRsrSzHUp+/5p3fHYgcYmwyO0Y+W3TP6LRC2ebeQe0r4Rh1o83sRvcbmuG14Wk7wDVFtu0vjtwOflCsRHGRibep/rXvtqf1/bG3brQ9tAV3oIeZ4r4yPUZenwIfM2pQH3ElD3kqw+Pdh1la1QXb4FDxeEw29nLU1eQF6ggnp3gzJJDRQWRB/I2RjKje5M1NcKjn+8ZBG1PHBikaOkjMRkXzOb8JQxKcWmeuRHo/ZTh7oUDDMObAVej9K91eCP3Dtz5QqmL1+J4+7YCjoBOBPpX3J+mrkxHRHcJYEIyJF6/mNDtov09Vji7Rdd0j1A5CJ2fvcuuUGK0LUHMSEyzLKg830E8b/kIZrufWEsljqlcHrYCJAO/LYl77PFe6B/vNfZtyw4fI6juGDlZNYWYXLJ2c+poCS8+2o1KjCli1lV2BOAjDUKEJxQ9NAw6MxPQ== tom.booth@uswitch.com"
    groups: ["sudo", "docker"]
  <% users.each do |user| %>
  - name: "<%= user[:name] %>"
    sshAuthorizedKeys: <%= Array(user[:sshkeys]) %>
  <% end %>

systemd:

units:
  <% if disable_update_engine %>
  - name: update-engine.service
    mask: true
  - name: locksmithd.service
    mask: true
  <% end %>
  <% volumes.each { |volume| %>
  - name: "<%= volume[:mount].tr('/','-')[1..-1] %>.mount"
    enabled: true
    contents: |
      [Install]
      WantedBy=local-fs.target

      [Unit]
      Before=docker.service

      [Mount]
      What=<%= volume[:device] %>
      Where=<%= volume[:mount] %>
      Type=ext4
  <% } %>

  <% units.each { |unit| %>
  - name: "<%= unit[:name] %>"
    enabled: <%= unit.fetch(:enabled, 'true') %>
    <% if unit.has_key?(:mask) %>
    mask: <%= unit[:mask] %>
    <% end %>
    <% if unit.has_key?(:contents) %>
    contents: "<%= unit[:contents].dump[1..-2] %>"
    <% end %>
    <% if unit.has_key?(:dropins) %>
    dropins:
      <% unit[:dropins].each { |dropin| %>
      - contents: "<%= dropin[:contents].dump[1..-2] %>"
        name: "<%= dropin[:name] %>"
      <% } %>
    <% end %>
  <% } %>

networkd:

units:
  <% networkd_units.each { |unit| %>
  - name: "<%= unit[:name] %>"
    <% if unit.has_key?(:contents) %>
    contents: "<%= unit[:contents].dump[1..-2] %>"
    <% end %>
    <% if unit.has_key?(:dropins) %>
    dropins:
      <% unit[:dropins].each { |dropin| %>
      - contents: "<%= dropin[:contents].dump[1..-2] %>"
        name: "<%= dropin[:name] %>"
      <% } %>
    <% end %>
  <% } %>

storage:

<% if volumes.count > 0 %>
filesystems:
  <% volumes.each { |volume| %>
  - name: <%= volume[:mount].tr('/','-')[1..-1] %>
    mount:
      device: <%= volume[:device] %>
      format: ext4
  <% } %>
<% end %>
files:
  <% files.each { |file| %>
  - filesystem: "root"
    path: <%= file[:path] %>
    mode: <%= file[:mode] %>
    user: { id: 0 }
    group: { id: 0 }
    <% if file[:contents].is_a?(Hash) %>
    contents:
      source: "<%= file[:contents][:source] %>"
    <% else %>
    contents: "<%= file[:contents].gsub(/\n/, '\\n').gsub(/\"/, '\\"') %>"
    <% end %>
  <% } %>
  <% cas.each { |ca| %>
  - filesystem: "root"
    path: "/etc/ssl/<%= ca.name %>/ca.cert"
    mode: 0444
    user: { id: 0 }
    group: { id: 0 }
    contents:
      source: "<%= ca.source %>"
  <% } %>
  <% keypairs.each { |keypair| %>
  <% if keypair.has_key?(:name) %>
  - filesystem: "root"
    path: "<%= keypair[:path][:cert] %>"
    mode: 0444
    user: { id: 0 }
    group: { id: 0 }
    contents:
      source: "<%= keypair[:source][:cert] %>"
  - filesystem: "root"
    path: "<%= keypair[:path][:key] %>"
    mode: 0444
    user: { id: 0 }
    group: { id: 0 }
    contents:
      source: "<%= keypair[:source][:key] %>"
  <% else %>
  - filesystem: "root"
    path: "<%= keypair[:path][:key] %>"
    mode: 0444
    user: { id: 0 }
    group: { id: 0 }
    contents:
      source: "<%= keypair[:source][:key] %>"
  <% end %>
  <% } %>
  - filesystem: "root"
    path:  '/etc/usersync.env'
    mode:  0644
    user:  { id: 0 }
    group: { id: 0 }
    contents: |
      USERSYNC_SSH_GROUP="<%= ssh_group %>"