Tomster/Fedora-CoreOS-Ignition
1
0
Fork 0
mirror of https://github.com/tommytran732/Fedora-CoreOS-Ignition synced 2024-11-22 17:21:34 -05:00
Code

Update Generic.yml

Browse Source
This commit is contained in:
Tommy 2022-04-11 19:11:38 -04:00 committed by GitHub
parent a8e93ecd46
commit 41045aa18c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Generic.yml
View File

@ -29,9 +29,6 @@ systemd:
RemainAfterExit=yes RemainAfterExit=yes
ExecStart=/usr/bin/rpm-ostree install fail2ban firewalld prelockd tuned qemu-guest-agent ExecStart=/usr/bin/rpm-ostree install fail2ban firewalld prelockd tuned qemu-guest-agent
ExecStart=/bin/touch /var/lib/%N.stamp ExecStart=/bin/touch /var/lib/%N.stamp
ExecStart=/usr/sbin/setsebool -P container_use_cephfs off
ExecStart=/usr/sbin/setsebool -P virt_use_nfs off
ExecStart=/usr/sbin/setsebool -P virt_use_samba off
ExecStart=/usr/bin/sed 's/nullok//g' /etc/pam.d/system-auth ExecStart=/usr/bin/sed 's/nullok//g' /etc/pam.d/system-auth
ExecStart=/usr/bin/curl https://raw.githubusercontent.com/Whonix/security-misc/master/etc/modprobe.d/30_security-misc.conf -o /etc/modprobe.d/30_security-misc.conf ExecStart=/usr/bin/curl https://raw.githubusercontent.com/Whonix/security-misc/master/etc/modprobe.d/30_security-misc.conf -o /etc/modprobe.d/30_security-misc.conf
ExecStart=/bin/systemctl --no-block reboot ExecStart=/bin/systemctl --no-block reboot
@ -54,6 +51,17 @@ systemd:
ExecStart=/usr/bin/docker run --detach --privileged --name watchtower --restart unless-stopped -v /var/run/docker.sock:/var/run/docker.sock -v /etc/localtime:/etc/localtime:ro containrrr/watchtower --schedule "0 5 0 * * 1" ExecStart=/usr/bin/docker run --detach --privileged --name watchtower --restart unless-stopped -v /var/run/docker.sock:/var/run/docker.sock -v /etc/localtime:/etc/localtime:ro containrrr/watchtower --schedule "0 5 0 * * 1"
ExecStart=/bin/touch /var/lib/%N.stamp ExecStart=/bin/touch /var/lib/%N.stamp
[Install]
WantedBy=multi-user.target
- name: setsebool.service
enabled: true
contents: |
[Service]
Type=oneshot
ExecStart=/usr/sbin/setsebool container_use_cephfs off
ExecStart=/usr/sbin/setsebool virt_use_nfs off
ExecStart=/usr/sbin/setsebool virt_use_samba off
RemainAfterExit=yes
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
- name: docker.service - name: docker.service