1
0
mirror of https://github.com/tommytran732/Fedora-CoreOS-Ignition synced 2024-11-21 08:51:38 -05:00

Compare commits

...

4 Commits

Author SHA1 Message Date
d2f65d8b2e
Remove outdated ZRAM comment
Signed-off-by: Thien Tran <contact@tommytran.io>
2023-10-11 23:39:54 -07:00
00dfed479b
Update README.md
Signed-off-by: Tommy <contact@tommytran.io>
2023-10-11 23:19:54 -07:00
1498126454
ZRAM Compression
Signed-off-by: Thien Tran <contact@tommytran.io>
2023-10-11 23:19:11 -07:00
e275349bb5
Update README.md
Signed-off-by: Tommy <contact@tommytran.io>
2023-10-11 23:08:23 -07:00
5 changed files with 9 additions and 8 deletions

View File

@ -81,7 +81,7 @@
"path": "/etc/systemd/zram-generator.conf",
"contents": {
"compression": "",
"source": "data:;base64,IyBUaGlzIGNvbmZpZyBmaWxlIGVuYWJsZXMgYSAvZGV2L3pyYW0wIGRldmljZSB3aXRoIHRoZSBkZWZhdWx0IHNldHRpbmdzClt6cmFtMF0KenJhbS1mcmFjdGlvbiA9IDEKbWF4LXpyYW0tc2l6ZSA9IDgxOTIK"
"source": "data:,%5Bzram0%5D%0Azram-fraction%20%3D%201%0Amax-zram-size%20%3D%208192%0Acompression-algorithm%20%3D%20zstd%0A"
}
},
{

View File

@ -132,10 +132,10 @@ storage:
overwrite: true
contents:
inline: |
# This config file enables a /dev/zram0 device with the default settings
[zram0]
zram-fraction = 1
max-zram-size = 8192
compression-algorithm = zstd
- path: /etc/security/limits.d/30-disable-coredump.conf
overwrite: true
contents:

View File

@ -81,7 +81,7 @@
"path": "/etc/systemd/zram-generator.conf",
"contents": {
"compression": "",
"source": "data:;base64,IyBUaGlzIGNvbmZpZyBmaWxlIGVuYWJsZXMgYSAvZGV2L3pyYW0wIGRldmljZSB3aXRoIHRoZSBkZWZhdWx0IHNldHRpbmdzClt6cmFtMF0KenJhbS1mcmFjdGlvbiA9IDEKbWF4LXpyYW0tc2l6ZSA9IDgxOTIK"
"source": "data:,%5Bzram0%5D%0Azram-fraction%20%3D%201%0Amax-zram-size%20%3D%208192%0Acompression-algorithm%20%3D%20zstd%0A"
}
},
{

View File

@ -150,10 +150,10 @@ storage:
overwrite: true
contents:
inline: |
# This config file enables a /dev/zram0 device with the default settings
[zram0]
zram-fraction = 1
max-zram-size = 8192
compression-algorithm = zstd
- path: /etc/security/limits.d/30-disable-coredump.conf
overwrite: true
contents:

View File

@ -3,7 +3,8 @@ Ignition configurations for Fedora CoreOS<br />
# Notes
1. These are the configs I personally use on my systems. You **MUST** edit the files before you use them. At the very least, you should add your SSH keys or password hash.<br />
2. If you create a passwordless user that requires administrative privileges, ensure that it is part of the `sudo` group (CoreOS allows this group to use sudo without a password) as the configs will disable empty password system authentication.
3. These configurations are made with a VPS in mind. You should adapt it for a bare metal deployment if that is what you are using (adding additional kernel parameters, configuring drive encryption, configuring storage, etc). You should also change the tuned profile from `virtual-guest` appropriately.
4. In most of these configs, the timezone is set to `America/New_York` and the automatic reboot time is set at 12 AM on Sunday. Watchtower will kick in 5-10 minutes after the reboot to update and redeploy the containers. You should change it according to your needs. The Docker-Compose.yml file does not include Watchtower.
5. The auto-updater.service could be put in /etc/systemd/system and enable to have automatic updates for your docker-compose and its containers. Please make sure that the WorkingDir is appropriate.
2. Only ED25519 SSH keys are accepted with the SSHD hardening configuration. If you do not use ED25519 keys, you will need to edit the `ExecStart=/usr/bin/curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/sshd_config/10-custom.conf -o /etc/ssh/sshd_config.d/10-custom.conf` accordingly.
3. If you create a passwordless user that requires administrative privileges, ensure that it is part of the `sudo` group (CoreOS allows this group to use sudo without a password) as the configs will disable empty password system authentication.
4. These configurations are made with a VPS in mind. You should adapt it for a bare metal deployment if that is what you are using (adding additional kernel parameters, configuring drive encryption, configuring storage, etc). You should also change the tuned profile from `virtual-guest` appropriately.
5. In most of these configs, the timezone is set to `America/New_York` and the automatic reboot time is set at 12 AM on Sunday. Watchtower will kick in 5-10 minutes after the reboot to update and redeploy the containers. You should change it according to your needs. The Docker-Compose.yml file does not include Watchtower.
6. The auto-updater.service could be put in `/etc/systemd/system` and enable to have automatic updates for your docker-compose and its containers. Please make sure that the `WorkingDir` is appropriate.