Last active
September 27, 2019 12:29
-
-
Save dhoppe/5523c36422216e4789226729a9aa4e71 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"ignition": { | |
"config": {}, | |
"security": { | |
"tls": {} | |
}, | |
"timeouts": {}, | |
"version": "2.2.0" | |
}, | |
"networkd": { | |
"units": [ | |
{ | |
"contents": "[Match]\nName=eth*\n\n[Network]\nDHCP=yes\nLinkLocalAddressing=no\nIPv6AcceptRA=no\n", | |
"name": "20-dhcp.network" | |
} | |
] | |
}, | |
"passwd": { | |
"users": [ | |
{ | |
"name": "core", | |
"sshAuthorizedKeys": [ | |
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDqvjv4ecwn6MB/gy/FeNpDipQ4CUur2fv9D4/jkOIhkYIxEcP0qqmPoQopB+HzcetusvoFBfsgWeRVGNc4n9WPgDMcHIKosOHlHj68swzHDJWT5PZ5JX6M+hfysG8vGy4yXaSsDYIHPHp91m1yx6FXOO71xXh5CnDDGGiA1+LVjs3pqfV5zfvxcKv2R7V8XpYqYq73HHrdYHIeM4URBADt00hDnm3jngxkRj3PbZVYvkNtvcQCeW2G+FNca+JTqd3YYF7RZxbPF1n2RNoZtiFc14aRvpOGRDFLW50JL1XOx3qr8UhNqRRGXxcYKhtnXaDb82qZH/n7nbminCuHBAlybUQkj0GSgY6VgZHnXFj5IFrp91WNrRfFOEmPGIEGTPt0qs3EzDMaoUiXkqkrnF10/KjDLrJmqV53sbCm1E/r+xl1bWSADJYl7AGn/xQ66Y0qwHc5Du4WE+H+n+CLZ3x9XT0zeN4U5iFrFysjkZ2LLLoH7DwKD2aB9nTojqVe0xRtFWtN/mZsImaBgomzG4dyTQdPB3KhwzL8Z5HNmsyWyDYODJjEENx427wr25ACLjv2Dmo0dK35FOI9acnYCynFNddoJ/lP4phN+hCEFw0ZDRfSa43ar18fqMTC0OIm2TgLjtalq0zRmhiY++Zv6sDIj5fVtwdkRxK960S2gTl5Xw== Hetzner Cloud" | |
] | |
} | |
] | |
}, | |
"storage": { | |
"files": [ | |
{ | |
"filesystem": "root", | |
"group": { | |
"id": 0 | |
}, | |
"path": "/etc/ssh/sshd_config", | |
"user": { | |
"id": 0 | |
}, | |
"contents": { | |
"source": "data:,Subsystem%20sftp%20internal-sftp%0AClientAliveInterval%20300%0AClientAliveCountMax%200%0AUseDNS%20no%0AUsePAM%20yes%0APrintLastLog%20no%0APrintMotd%20no%0APermitRootLogin%20no%0APasswordAuthentication%20no%0AKexAlgorithms%20curve25519-sha256%2Ccurve25519-sha256%40libssh.org%2Cecdh-sha2-nistp256%2Cecdh-sha2-nistp384%2Cecdh-sha2-nistp521%2Cdiffie-hellman-group-exchange-sha256%2Cdiffie-hellman-group16-sha512%2Cdiffie-hellman-group18-sha512%2Cdiffie-hellman-group14-sha256%0AHostKeyAlgorithms%20ecdsa-sha2-nistp256-cert-v01%40openssh.com%2Cecdsa-sha2-nistp384-cert-v01%40openssh.com%2Cecdsa-sha2-nistp521-cert-v01%40openssh.com%2Cssh-ed25519-cert-v01%40openssh.com%2Crsa-sha2-512-cert-v01%40openssh.com%2Crsa-sha2-256-cert-v01%40openssh.com%2Cssh-rsa-cert-v01%40openssh.com%2Cecdsa-sha2-nistp256%2Cecdsa-sha2-nistp384%2Cecdsa-sha2-nistp521%2Cssh-ed25519%2Crsa-sha2-512%2Crsa-sha2-256%2Cssh-rsa%0ACiphers%20chacha20-poly1305%40openssh.com%2Caes128-ctr%2Caes192-ctr%2Caes256-ctr%2Caes128-gcm%40openssh.com%2Caes256-gcm%40openssh.com%0AMACs%20umac-128-etm%40openssh.com%2Chmac-sha2-256-etm%40openssh.com%2Chmac-sha2-512-etm%40openssh.com%2Cumac-128%40openssh.com%2Chmac-sha2-256%2Chmac-sha2-512%0A", | |
"verification": {} | |
}, | |
"mode": 384 | |
}, | |
{ | |
"filesystem": "root", | |
"group": { | |
"id": 0 | |
}, | |
"path": "/etc/hostname", | |
"user": { | |
"id": 0 | |
}, | |
"contents": { | |
"source": "data:,core01", | |
"verification": {} | |
}, | |
"mode": 420 | |
}, | |
{ | |
"filesystem": "root", | |
"group": { | |
"id": 0 | |
}, | |
"path": "/var/lib/iptables/rules-save", | |
"user": { | |
"id": 0 | |
}, | |
"contents": { | |
"source": "data:,*filter%0A%3AINPUT%20DROP%20%5B0%3A0%5D%0A%3AFORWARD%20DROP%20%5B0%3A0%5D%0A%3AOUTPUT%20ACCEPT%20%5B0%3A0%5D%0A-A%20INPUT%20-i%20lo%20-j%20ACCEPT%0A-A%20INPUT%20-i%20eth1%20-j%20ACCEPT%0A-A%20INPUT%20-m%20conntrack%20--ctstate%20RELATED%2CESTABLISHED%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20-m%20tcp%20--dport%2022%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20-m%20tcp%20--dport%2080%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20-m%20tcp%20--dport%20443%20-j%20ACCEPT%0A-A%20INPUT%20-p%20icmp%20-m%20icmp%20--icmp-type%200%20-j%20ACCEPT%0A-A%20INPUT%20-p%20icmp%20-m%20icmp%20--icmp-type%203%20-j%20ACCEPT%0A-A%20INPUT%20-p%20icmp%20-m%20icmp%20--icmp-type%2011%20-j%20ACCEPT%0ACOMMIT%0A", | |
"verification": {} | |
}, | |
"mode": 420 | |
}, | |
{ | |
"filesystem": "root", | |
"group": { | |
"id": 0 | |
}, | |
"path": "/etc/sysctl.d/10-disable-ipv6.conf", | |
"user": { | |
"id": 0 | |
}, | |
"contents": { | |
"source": "data:,net.ipv6.conf.all.disable_ipv6%3D1%0Anet.ipv6.conf.default.disable_ipv6%3D1%0A", | |
"verification": {} | |
}, | |
"mode": 420 | |
}, | |
{ | |
"filesystem": "root", | |
"path": "/etc/coreos/update.conf", | |
"contents": { | |
"source": "data:,%0AREBOOT_STRATEGY%3D%22etcd-lock%22%0ALOCKSMITHD_REBOOT_WINDOW_START%3D%22Sun%2004%3A00%22%0ALOCKSMITHD_REBOOT_WINDOW_LENGTH%3D%221h%22", | |
"verification": {} | |
}, | |
"mode": 420 | |
} | |
] | |
}, | |
"systemd": { | |
"units": [ | |
{ | |
"contents": "[Unit]\nDescription=Docker Socket for the API\n\n[Socket]\nListenStream=2375\nBindIPv6Only=both\nService=docker.service\n\n[Install]\nWantedBy=sockets.target\n", | |
"enabled": true, | |
"name": "docker-tcp.socket" | |
}, | |
{ | |
"dropins": [ | |
{ | |
"contents": "[Unit]\nRequires=metadata.service\nAfter=metadata.service\n\n[Service]\nEnvironmentFile=/run/metadata/coreos\nEnvironment=\"ETCD_IMAGE_TAG=v3.3.13\"\nExecStart=\nExecStart=/usr/lib/coreos/etcd-wrapper $ETCD_OPTS \\\n --name=\"${COREOS_CUSTOM_HOSTNAME}\" \\\n --initial-advertise-peer-urls=\"http://${COREOS_CUSTOM_PRIVATE_IPV4}:2380\" \\\n --listen-peer-urls=\"http://${COREOS_CUSTOM_PRIVATE_IPV4}:2380\" \\\n --listen-client-urls=\"http://${COREOS_CUSTOM_PRIVATE_IPV4}:2379,http://127.0.0.1:2379\" \\\n --advertise-client-urls=\"http://${COREOS_CUSTOM_PRIVATE_IPV4}:2379\" \\\n --discovery=\"https://discovery.etcd.io/827ac98b1b95085bd3dae877305d5151\"\n", | |
"name": "20-clct-etcd-member.conf" | |
} | |
], | |
"enabled": true, | |
"name": "etcd-member.service" | |
}, | |
{ | |
"enabled": true, | |
"name": "iptables-restore.service" | |
}, | |
{ | |
"enabled": true, | |
"name": "locksmithd.service" | |
}, | |
{ | |
"contents": "[Unit]\nDescription=Custom metadata agent\n\n[Service]\nType=oneshot\nEnvironment=OUTPUT=/run/metadata/coreos\nExecStart=/usr/bin/mkdir --parent /run/metadata\nExecStart=/usr/bin/bash -c 'echo -e \"COREOS_CUSTOM_HOSTNAME=$(curl -s http://169.254.169.254/hetzner/v1/metadata/hostname)\\nCOREOS_CUSTOM_PUBLIC_IPV4=$(curl -s http://169.254.169.254/hetzner/v1/metadata/public-ipv4)\\nCOREOS_CUSTOM_PRIVATE_IPV4=$(curl -s http://169.254.169.254/hetzner/v1/metadata/private-networks | grep 'ip:' | cut -d: -f2 | sed \\\"s/ //g\\\")\" \u003e ${OUTPUT}'\n\n[Install]\nWantedBy=multi-user.target\n", | |
"enabled": true, | |
"name": "metadata.service" | |
} | |
] | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment