Ignition configurations for Fedora CoreOS
Go to file
Thien Tran 3ee9f7c9d1
Setup Chrony seccomp filter
Signed-off-by: Thien Tran <contact@tommytran.io>
2023-08-15 18:23:38 -07:00
Mailcow Add files via upload 2021-11-02 22:32:22 -04:00
.gitignore Use SSHD socket 2022-12-26 10:17:18 -05:00
Docker-Compose.ign Setup Chrony seccomp filter 2023-08-15 18:23:38 -07:00
Docker-Compose.yml Setup Chrony seccomp filter 2023-08-15 18:23:38 -07:00
Fedora-CoreOS-Ignition.code-workspace Add workspace config 2023-06-08 14:26:54 -07:00
Generic.ign Setup Chrony seccomp filter 2023-08-15 18:23:38 -07:00
Generic.yml Setup Chrony seccomp filter 2023-08-15 18:23:38 -07:00
kargs Update kargs 2022-09-12 18:41:54 -04:00
LICENSE Update LICENSE 2021-11-02 22:33:23 -04:00
README.md Add missing sed in-place flag (#1) 2023-04-15 04:05:22 -04:00
UTM.ign Fix DNS resolution 2023-06-26 07:21:23 -07:00
UTM.yml Fix DNS resolution 2023-06-26 07:21:23 -07:00

Fedora-CoreOS-Ignition

Ignition configurations for Fedora CoreOS

Notes

  1. These are the configs I personally use on my systems. You MUST edit the files before you use them. At the very least, you should add your SSH keys or password hash.
  2. If you create a passwordless user that requires administrative privileges, ensure that it is part of the sudo group (CoreOS allows this group to use sudo without a password) as the configs will disable empty password system authentication.
  3. These configurations are made with a VPS in mind. You should adapt it for a bare metal deployment if that is what you are using (adding additional kernel parameters, configuring drive encryption, configuring storage, etc). You should also change the tuned profile from virtual-guest appropriately.
  4. In most of these configs, the timezone is set to America/New_York and the automatic reboot time is set at 12 AM on Sunday. Watchtower will kick in 5-10 minutes after the reboot to update and redeploy the containers. You should change it according to your needs. The Docker-Compose.yml file does not include Watchtower.
  5. The auto-updater.service could be put in /etc/systemd/system and enable to have automatic updates for your docker-compose and its containers. Please make sure that the WorkingDir is appropriate.