ignition:
version: "2.2.0"
passwd:
users: - name: "admin" passwordHash: "x" sshAuthorizedKeys: - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDlIRM5H4lz/t8PfiGptR8cWqVrD8NCwROZly1XuYooWiIdTinJAvkATdR54ic6YuNenoKOeqtTj0dkytbzi5xItBti6cqzHvFAOXhKzVCsR5n/Mdt2KPbp215pFS96yfsx/24Z4cGygXe24SEXv28KdWZ1nWQyUrlne9jMaB7n3cGzNaXOPy42l03/bAaflWoyD7gyyS9XHDuZkLxVrhtlO43UtIXL4IZzKTCy1cZdaabZxRsrSzHUp+/5p3fHYgcYmwyO0Y+W3TP6LRC2ebeQe0r4Rh1o83sRvcbmuG14Wk7wDVFtu0vjtwOflCsRHGRibep/rXvtqf1/bG3brQ9tAV3oIeZ4r4yPUZenwIfM2pQH3ElD3kqw+Pdh1la1QXb4FDxeEw29nLU1eQF6ggnp3gzJJDRQWRB/I2RjKje5M1NcKjn+8ZBG1PHBikaOkjMRkXzOb8JQxKcWmeuRHo/ZTh7oUDDMObAVej9K91eCP3Dtz5QqmL1+J4+7YCjoBOBPpX3J+mrkxHRHcJYEIyJF6/mNDtov09Vji7Rdd0j1A5CJ2fvcuuUGK0LUHMSEyzLKg830E8b/kIZrufWEsljqlcHrYCJAO/LYl77PFe6B/vNfZtyw4fI6juGDlZNYWYXLJ2c+poCS8+2o1KjCli1lV2BOAjDUKEJxQ9NAw6MxPQ== tom.booth@uswitch.com" groups: ["sudo", "docker"] <% users.each do |user| %> - name: "<%= user[:name] %>" sshAuthorizedKeys: <%= Array(user[:sshkeys]) %> <% end %>
systemd:
units: <% if disable_update_engine %> - name: update-engine.service mask: true - name: locksmithd.service mask: true <% end %> <% volumes.each { |volume| %> - name: "<%= volume[:mount].tr('/','-')[1..-1] %>.mount" enabled: true contents: | [Install] WantedBy=local-fs.target [Unit] Before=docker.service [Mount] What=<%= volume[:device] %> Where=<%= volume[:mount] %> Type=ext4 <% } %> <% units.each { |unit| %> - name: "<%= unit[:name] %>" enabled: <%= unit.fetch(:enabled, 'true') %> <% if unit.has_key?(:mask) %> mask: <%= unit[:mask] %> <% end %> <% if unit.has_key?(:contents) %> contents: "<%= unit[:contents].dump[1..-2] %>" <% end %> <% if unit.has_key?(:dropins) %> dropins: <% unit[:dropins].each { |dropin| %> - contents: "<%= dropin[:contents].dump[1..-2] %>" name: "<%= dropin[:name] %>" <% } %> <% end %> <% } %>
networkd:
units: <% networkd_units.each { |unit| %> - name: "<%= unit[:name] %>" <% if unit.has_key?(:contents) %> contents: "<%= unit[:contents].dump[1..-2] %>" <% end %> <% if unit.has_key?(:dropins) %> dropins: <% unit[:dropins].each { |dropin| %> - contents: "<%= dropin[:contents].dump[1..-2] %>" name: "<%= dropin[:name] %>" <% } %> <% end %> <% } %>
storage:
<% if volumes.count > 0 %> filesystems: <% volumes.each { |volume| %> - name: <%= volume[:mount].tr('/','-')[1..-1] %> mount: device: <%= volume[:device] %> format: ext4 <% } %> <% end %> files: <% files.each { |file| %> - filesystem: "root" path: <%= file[:path] %> mode: <%= file[:mode] %> user: { id: 0 } group: { id: 0 } <% if file[:contents].is_a?(Hash) %> contents: source: "<%= file[:contents][:source] %>" <% else %> contents: "<%= file[:contents].gsub(/\n/, '\\n').gsub(/\"/, '\\"') %>" <% end %> <% } %> <% cas.each { |ca| %> - filesystem: "root" path: "/etc/ssl/<%= ca.name %>/ca.cert" mode: 0444 user: { id: 0 } group: { id: 0 } contents: source: "<%= ca.source %>" <% } %> <% keypairs.each { |keypair| %> <% if keypair.has_key?(:name) %> - filesystem: "root" path: "<%= keypair[:path][:cert] %>" mode: 0444 user: { id: 0 } group: { id: 0 } contents: source: "<%= keypair[:source][:cert] %>" - filesystem: "root" path: "<%= keypair[:path][:key] %>" mode: 0444 user: { id: 0 } group: { id: 0 } contents: source: "<%= keypair[:source][:key] %>" <% else %> - filesystem: "root" path: "<%= keypair[:path][:key] %>" mode: 0444 user: { id: 0 } group: { id: 0 } contents: source: "<%= keypair[:source][:key] %>" <% end %> <% } %> - filesystem: "root" path: '/etc/usersync.env' mode: 0644 user: { id: 0 } group: { id: 0 } contents: | USERSYNC_SSH_GROUP="<%= ssh_group %>"