mirror of
https://github.com/tommytran732/Fedora-CoreOS-Ignition.git
synced 2024-10-01 01:15:36 -04:00
Setup Chrony seccomp filter
Signed-off-by: Thien Tran <contact@tommytran.io>
This commit is contained in:
parent
f66bce02e9
commit
3ee9f7c9d1
@ -115,6 +115,14 @@
|
||||
"source": "data:;base64,H4sIAAAAAAAC/4yQsU78MAyHdz9Fpf/cyxNkuL8OIVaO6oaqQ0hMz2pqB8cB+vYM1QmBGNh+0vf5GzwOTDbBCWtUKkbC/thM1mAUu6GkYKhwfDFUnyQuqIeK+kYR4RFfGylWz2jvoksvnInxYEFntC/84wzG874mGCqqVxGDe5VW9nkRXYjnEylGE928K8GuzsTtoT7KWqSiSzcD/t19YDxbUPOuVXXPxG4m60rLGX5h30N/1Vrp+gRPW0EvjPUqBjA+cLWQ8wSXwIbp/+bXlo36VlFvn/gMAAD//9CerLZjAQAA"
|
||||
}
|
||||
},
|
||||
{
|
||||
"overwrite": true,
|
||||
"path": "/etc/sysconfig/chronyd",
|
||||
"contents": {
|
||||
"compression": "",
|
||||
"source": "data:,%23%20Command-line%20options%20for%20chronyd%0AOPTIONS%3D%22-F%201%22%0A"
|
||||
}
|
||||
},
|
||||
{
|
||||
"overwrite": true,
|
||||
"path": "/etc/unbound/unbound.conf",
|
||||
|
@ -173,6 +173,12 @@ storage:
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
- path: /etc/sysconfig/chronyd
|
||||
overwrite: true
|
||||
contents:
|
||||
inline: |
|
||||
# Command-line options for chronyd
|
||||
OPTIONS="-F 1"
|
||||
- path: /etc/unbound/unbound.conf
|
||||
overwrite: true
|
||||
contents:
|
||||
|
10
Generic.ign
10
Generic.ign
@ -108,12 +108,20 @@
|
||||
"source": "data:,GSSAPIAuthentication%20no%0AVerifyHostKeyDNS%20yes%0A"
|
||||
}
|
||||
},
|
||||
{
|
||||
"overwrite": true,
|
||||
"path": "/etc/sysconfig/chronyd",
|
||||
"contents": {
|
||||
"compression": "",
|
||||
"source": "data:,%23%20Command-line%20options%20for%20chronyd%0AOPTIONS%3D%22-F%201%22%0A"
|
||||
}
|
||||
},
|
||||
{
|
||||
"overwrite": true,
|
||||
"path": "/etc/unbound/unbound.conf",
|
||||
"contents": {
|
||||
"compression": "gzip",
|
||||
"source": "data:;base64,H4sIAAAAAAAC/6xSQWvcPBC9768Q/s5jezfZ5MNQ6CWFQktL00uPE2lsD5ElZzTa1Pn1RbtdlyyFQqkNxp4373ne0ySSA0m3McaOEqN2pqo2G2MwawSVnBQw2DEK9OypM1VzQGk8PzQ5PMQcXFNY9SMt1caYV4TEQ0DPYejMQmljTOmER1ogUVAO5E9A4fkElkThIQdXftOQ2iYl35RqaiweYe7ZolKqreiZxfNIkjpTff7y6d37D3dv7r/df737eDQxsiMYVWfIiQRwoKDnYY4YuzKJLq+KRxMnD6/qB5LEMaxDOwoLYPhFRnEUAP0QwcXnMAg6ugA9ykDwlEmY0gUm1JMIephRxwssjfGYTp/4ZdXkIUQhsA56j2vKE36H7GY4dV61t7tSjC57AhtDz0NnqgN6dqhRDCtJeSnH9xRwIpg48MQJlWOApMJ2DS2HZwxKDoRmv4COQmmM3nVm256u0pQILM4J+ijAbs0rZh0ihwHm4mUmmVgLcXcNN/v91b70zCUEtav983dZm59CfZRnFAcvMVDZ2zJzZ6q6GDhjZTPynFQIp7PUGUPnpDPbuty7t//vr/5LZLOwLrX1MbveoxC4kGobp9/w2rr9C97upr3prm/b9vTottvtPxBp2z+L/AgAAP//qRxiA+IDAAA="
|
||||
"source": "data:;base64,H4sIAAAAAAAC/6xSQWvcPBC9768Q/s5jezfZ5MNQ6CWFQktL00uPE2lsD5ElZzTa1Pn1RbtdlyyFQqkNxp4373ne0ySSA0m3McaOEqN2pqo2G2MwawSVnBQw2DEK9OypM1VzQGk8PzQ5PMQcXFNY9SMt1caYV4TEQ0DPYejMQmljTOmER1ogUVAO5E9A4fkElkThIQdXftOQ2iYl35RqaiweYe7ZolKqreiZxfNIkjpTff7y6d37D3dv7r/df737eDQxsiMYVWfIiQRwoKDnYY4YuzKJLq+KRxMnD6/qB5LEMaxDOwoLYPhFRnEUAP0QwcXnMAg6ugA9ykDwlEmY0gUm1JMIephRxwssjfGYTp/4ZdXkIUQhsA56j2vKE36H7GY4dV61t7tSjC57AhtDz0NnqgN6dqhRDCtJeSnH9xRwIpg48MQJlWOApMJ2DS2HZwxKDoRmv4COQmmM3nVm256u0pQILM4J+ijAbs0rZh0ihwHm4mUmmVgLcXcNN/v91b70zCUEtav983dZm59CfZRnFAcvMVDZ2zJzZ6q6GDhjZTPynFQIp7PUGUPnpDPbuty7t//vr/5LZLOwLrX1MbveoxC4kGobp9/w2rr9C97upr3prm/b9vTottvtPxBp2z+K9P3mRwAAAP//CV2iuOQDAAA="
|
||||
}
|
||||
},
|
||||
{
|
||||
|
@ -171,6 +171,12 @@ storage:
|
||||
inline: |
|
||||
GSSAPIAuthentication no
|
||||
VerifyHostKeyDNS yes
|
||||
- path: /etc/sysconfig/chronyd
|
||||
overwrite: true
|
||||
contents:
|
||||
inline: |
|
||||
# Command-line options for chronyd
|
||||
OPTIONS="-F 1"
|
||||
- path: /etc/unbound/unbound.conf
|
||||
overwrite: true
|
||||
contents:
|
||||
@ -213,7 +219,7 @@ storage:
|
||||
forward-addr: 1.1.1.2@853#security.cloudflare-dns.com
|
||||
forward-addr: 1.0.0.2@853#security.cloudflare-dns.com
|
||||
forward-addr: 2606:4700:4700::1112@853#security.cloudflare-dns.com
|
||||
forward-addr: 2606:4700:4700::1002@853#security.cloudflare-dns.com
|
||||
forward-addr: 2606:4700:4700::1002@853#security.cloudflare-dns.comff
|
||||
- path: /etc/systemd/system/unbound.service.d/override.conf
|
||||
contents:
|
||||
inline: |
|
||||
|
Loading…
Reference in New Issue
Block a user