mirror of
https://github.com/tommytran732/Fedora-CoreOS-Ignition
synced 2024-11-21 08:51:38 -05:00
Compare commits
4 Commits
746ec7425b
...
d2f65d8b2e
Author | SHA1 | Date | |
---|---|---|---|
d2f65d8b2e | |||
00dfed479b | |||
1498126454 | |||
e275349bb5 |
@ -81,7 +81,7 @@
|
||||
"path": "/etc/systemd/zram-generator.conf",
|
||||
"contents": {
|
||||
"compression": "",
|
||||
"source": "data:;base64,IyBUaGlzIGNvbmZpZyBmaWxlIGVuYWJsZXMgYSAvZGV2L3pyYW0wIGRldmljZSB3aXRoIHRoZSBkZWZhdWx0IHNldHRpbmdzClt6cmFtMF0KenJhbS1mcmFjdGlvbiA9IDEKbWF4LXpyYW0tc2l6ZSA9IDgxOTIK"
|
||||
"source": "data:,%5Bzram0%5D%0Azram-fraction%20%3D%201%0Amax-zram-size%20%3D%208192%0Acompression-algorithm%20%3D%20zstd%0A"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
@ -132,10 +132,10 @@ storage:
|
||||
overwrite: true
|
||||
contents:
|
||||
inline: |
|
||||
# This config file enables a /dev/zram0 device with the default settings
|
||||
[zram0]
|
||||
zram-fraction = 1
|
||||
max-zram-size = 8192
|
||||
compression-algorithm = zstd
|
||||
- path: /etc/security/limits.d/30-disable-coredump.conf
|
||||
overwrite: true
|
||||
contents:
|
||||
|
@ -81,7 +81,7 @@
|
||||
"path": "/etc/systemd/zram-generator.conf",
|
||||
"contents": {
|
||||
"compression": "",
|
||||
"source": "data:;base64,IyBUaGlzIGNvbmZpZyBmaWxlIGVuYWJsZXMgYSAvZGV2L3pyYW0wIGRldmljZSB3aXRoIHRoZSBkZWZhdWx0IHNldHRpbmdzClt6cmFtMF0KenJhbS1mcmFjdGlvbiA9IDEKbWF4LXpyYW0tc2l6ZSA9IDgxOTIK"
|
||||
"source": "data:,%5Bzram0%5D%0Azram-fraction%20%3D%201%0Amax-zram-size%20%3D%208192%0Acompression-algorithm%20%3D%20zstd%0A"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
@ -150,10 +150,10 @@ storage:
|
||||
overwrite: true
|
||||
contents:
|
||||
inline: |
|
||||
# This config file enables a /dev/zram0 device with the default settings
|
||||
[zram0]
|
||||
zram-fraction = 1
|
||||
max-zram-size = 8192
|
||||
compression-algorithm = zstd
|
||||
- path: /etc/security/limits.d/30-disable-coredump.conf
|
||||
overwrite: true
|
||||
contents:
|
||||
|
@ -3,7 +3,8 @@ Ignition configurations for Fedora CoreOS<br />
|
||||
|
||||
# Notes
|
||||
1. These are the configs I personally use on my systems. You **MUST** edit the files before you use them. At the very least, you should add your SSH keys or password hash.<br />
|
||||
2. If you create a passwordless user that requires administrative privileges, ensure that it is part of the `sudo` group (CoreOS allows this group to use sudo without a password) as the configs will disable empty password system authentication.
|
||||
3. These configurations are made with a VPS in mind. You should adapt it for a bare metal deployment if that is what you are using (adding additional kernel parameters, configuring drive encryption, configuring storage, etc). You should also change the tuned profile from `virtual-guest` appropriately.
|
||||
4. In most of these configs, the timezone is set to `America/New_York` and the automatic reboot time is set at 12 AM on Sunday. Watchtower will kick in 5-10 minutes after the reboot to update and redeploy the containers. You should change it according to your needs. The Docker-Compose.yml file does not include Watchtower.
|
||||
5. The auto-updater.service could be put in /etc/systemd/system and enable to have automatic updates for your docker-compose and its containers. Please make sure that the WorkingDir is appropriate.
|
||||
2. Only ED25519 SSH keys are accepted with the SSHD hardening configuration. If you do not use ED25519 keys, you will need to edit the `ExecStart=/usr/bin/curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/sshd_config/10-custom.conf -o /etc/ssh/sshd_config.d/10-custom.conf` accordingly.
|
||||
3. If you create a passwordless user that requires administrative privileges, ensure that it is part of the `sudo` group (CoreOS allows this group to use sudo without a password) as the configs will disable empty password system authentication.
|
||||
4. These configurations are made with a VPS in mind. You should adapt it for a bare metal deployment if that is what you are using (adding additional kernel parameters, configuring drive encryption, configuring storage, etc). You should also change the tuned profile from `virtual-guest` appropriately.
|
||||
5. In most of these configs, the timezone is set to `America/New_York` and the automatic reboot time is set at 12 AM on Sunday. Watchtower will kick in 5-10 minutes after the reboot to update and redeploy the containers. You should change it according to your needs. The Docker-Compose.yml file does not include Watchtower.
|
||||
6. The auto-updater.service could be put in `/etc/systemd/system` and enable to have automatic updates for your docker-compose and its containers. Please make sure that the `WorkingDir` is appropriate.
|
||||
|
Loading…
Reference in New Issue
Block a user