1
0
mirror of https://github.com/tommytran732/Fedora-CoreOS-Ignition synced 2024-12-22 06:32:18 -05:00
Ignition configurations for Fedora CoreOS
Go to file
Tommy c6a758d8a0
Switch to using systemd timer for container update
Signed-off-by: Tommy <contact@tommytran.io>
2024-04-05 14:21:39 -07:00
etc Add ARM hardened malloc 2024-03-05 14:24:45 -07:00
.gitignore Cleaup .gitignore 2024-02-07 12:39:48 -07:00
kargs Remove extra_latent_entropy from karg file 2024-02-26 23:38:22 -07:00
LICENSE Update LICENSE 2021-11-02 22:33:23 -04:00
README.md Typo fix 2024-02-07 12:54:33 -07:00
UTM-Chrony.ign Disable msr 2024-04-05 13:43:06 -07:00
UTM-Chrony.yml Disable msr 2024-04-05 13:43:06 -07:00
x86-QEMU-Docker.ign Switch to using systemd timer for container update 2024-04-05 14:21:39 -07:00
x86-QEMU-Docker.yml Switch to using systemd timer for container update 2024-04-05 14:21:39 -07:00

Fedora-CoreOS-Ignition

Ignition configurations for Fedora CoreOS

Notes

  1. These are the configs I personally use on my systems. You MUST edit the files before you use them. At the very least, you should add your SSH keys or password hash.
  2. Only ED25519 SSH keys are accepted with the SSHD hardening configuration. If you do not use ED25519 keys, you will need to adjust the /etc/ssh/sshd_config.d/10-custom.conf file accordingly.
  3. If you create a passwordless user that requires administrative privileges, ensure that it is part of the sudo group (CoreOS allows this group to use sudo without a password) as the configs will disable empty password system authentication.
  4. These configurations are made with a VPS in mind. You should adapt it for a bare metal deployment if that is what you are using (adding additional kernel parameters, configuring drive encryption, configuring storage, etc). You should also change the tuned profile from virtual-guest appropriately.
  5. In most of these configs, the timezone is set to America/Phoenix and the automatic reboot time is set at 12 AM on Sunday. You need to be mindful of timezones with Daylight Savings per Zincati documentation.
  6. The docker-compose-updater.service in /etc/systemd/system can be enabled to have automatic updates for your containers created by Docker Compose. Please make sure that the WorkingDirectory is appropriate.