services/k3os
1
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Wiki Activity

Add proper templating with vault keys

Browse Source 
Rather than copying a template to the k3os server and editing it in vim,
us yq to generate a template with values stored in vault (token and
server_url). Update the README to reflect these changes.
This commit is contained in:
ducoterra
2021-07-18 15:15:52 -04:00
parent a63bc7b733
commit 100e25331d
6 changed files with 109 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -1,4 +1,5 @@
server/
templates/
*.crt
*.pem
*.key
*.key

28
README.md
View File

@@ -1,5 +1,31 @@
# Configuration Settings
## Requirements
1. Install kustomize
```bash
brew install yq
```
2. Configure vault variables
```bash
vault kv put secret/k3os-alpha.dnet/agent token=<token> server_url=<server_url>
```
3. Template your server or agent
```bash
# server
HOSTNAME=<HOSTNAME>; yq e ".hostname = \"$HOSTNAME\" | .k3os.token = \"$(vault kv get -field=token secret/k3os-alpha.dnet/agent)\" | .k3os.server_url = \"$(vault kv get -field=server_url secret/k3os-alpha.dnet/agent)\"" k3os_server.yaml > templates/$HOSTNAME.yaml
# agent
HOSTNAME=<HOSTNAME>; yq e ".hostname = \"$HOSTNAME\" | .k3os.token = \"$(vault kv get -field=token secret/k3os-alpha.dnet/agent)\" | .k3os.server_url = \"$(vault kv get -field=server_url secret/k3os-alpha.dnet/agent)\"" k3os_agent.yaml > templates/$HOSTNAME.yaml
```
4. Save the template to /var/lib/rancher/k3os/config.yaml
## Draining
```bash
@@ -9,7 +35,7 @@ kubectl --context mainframe-admin drain mainframe --force --ignore-daemonsets --
## Upgrading
```bash
kubectl label node mainframe plan.upgrade.cattle.io/k3os-latest=enabled --overwrite
kubectl label node k3os-alpha k3os.io/upgrade=enabled --overwrite
```
## Mounting

39
k3os_agent.yaml
View File

@@ -1,19 +1,38 @@
hostname: k3os-<hostname>
hostname: <hostname>
ssh_authorized_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFb/p/AdaQMlWqUNlE3NdSiX8Wxpr2q4gmsW/h/IbC2uU47VynMK5NZjZs00+HTRRg6LSj42zF9Q6zxn2RCoG0WGvU7c9JJbmnr9OB+TWg+0vBK0Ic9p5or5pMLE7OGRMiNwvIxmNXyBEH7m1VIz+Z2iiuOtNeicSOa8nTtz7mt+fQX6rCpolekFFbi+Hraq/wI9EDZO3FqWISEkHkLbYhwJS87PYkqIiuLqZhYahx7KtYcfVMpPuYy6Wjtd8enTT7FWHaeU9YkDtLF0XhDQOAWAvfpz0xfmsl2obzLJ5KMMlhCMz9FPfuglxnFy8X7QsnZ2KdVjwu6QcYlULFWBxt ducoterra@DucoBook.local"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaXVc2+dvnvzDE4GPQ/H9btIZL4mENo/u7aHFt/EbIvRsd8GdbO/ionpQqI9lh9syNkQMjld/zlA9rqzRv8MFMcVwiM0vfLMDs7Cu8Kd5u9bClgaR1NbfuWFM7kIfXI+MOZmpQokeYbOWr8agLALF4JAKplpOwSEirbUIM7ff6h3bvi8XKGlqQpZ1nbZLRwmRRjAvTNq/8j7Ql/nRlZmJo81ETlXAdCajOiIH+Fi3g/EM8XzRsMKFot3RtrbJeVJI5Yt5jhq6exATqlZfVciQUIHHez/Xgzjr1e5GJ39SSUFehgwWzl8TzMYT3fX1nopkb683gYr7bDMovraK79PYP ducoterra@freenas.ducoterra.net"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM6LvK2IMLXAJPAip0ozV6WcWsxtnGFZRfQzvpJbZl+r+TPdW+coKMenrnD5SZHfoL9EV6Wmg+F+td+rWAYGZ7xPOO3Kz1F5dEOnQ14YUttneTrsbj+4KGbxj9wNX3iQyFIsDSqjjumZVzUjQfFVbWrt1/UQFL35XttQju9mRVXGrE/AMKlbGmycpqabxyti0G1xCW81sXiMCTd0L/he83q18CGQbsdAEQkniTdiAtkPEn5QGl3UgGPAKoV3TbYjYCQ+LZ0FOGEV9A2O+U/nw9L1GpqwXHPJ/RNo+WzSFLIRkn3fFPrvIki7t2yzlxnWMrnRz+2LBTA5ake6FJfi8p ducoterra@dev"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj/4dbq6aRmaQ2lnySJLUySXYGx/ZIrYcRb6kczGey63zfadURR+k/d3+8JD56Mm89D4bSpfB6alAYa4R5H4MVHhYbc6RHBAMuh76XXPEkJBpQZ1SNZA8ycZKX6Qc9zHCQYYiCmK6/WxyMjyX4NUiDu0+kQ7TQiJ5bFA6fVyIeCYvbO/SZcVVzlA3Xz25akCyB8/dJccj+3ais+sh+K8mFv0Kbs76G0xCXj7tZ6sWeDnXbIUn0SaqofKv+Z7Y0d1D54gZWROuM2fsDkHmQIuU5QT003m79JbQxAnkDPAI2DQxplrzw6Ifcvu0h6oqOQ412snVJ/FYYJyizSpKjs8JeNTeM47rL64VJO7jDmJLD/nWumEGLr6WyCebibekgApbr4QUyiABqjYs41opf8+AzOERcj8s563hdI3eBkKxHKAm6+EvzAs0evdao+NeHKWBgcG8b9UjL+l1IFchRGB1MGrCD8DTwvtYaf5RaXQZwROnW9LvsRxrMHHlwJuC8mAc="
boot_cmd:
- "echo America/New_York > /etc/timezone"
k3os:
server_url: https://3.14.3.200:6443
server_url: <url>
token: <token>
ntp_servers:
- 0.us.pool.ntp.org
- 1.us.pool.ntp.org
write_files:
- encoding: "b64"
content: VFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABSAAAAAnqYecJ+662CghgBwoZrNYKJl4nCjg+ngpGqucKU1p2CmU8rwpxWJYKgzrPCo/qXgqhOO8Kreh+Cr83DwrL5p4K3TUvCunkvgr7M08LB+LeCxnFFwsmdKYLN8M3C0RyxgtVwVcLYnDmC3O/dwuAbwYLkb2XC55tJguwT18LvGtGC85Nfwva/Q4L7EufC/j7LgwKSb8MFvlODChH3ww0924MRkX/DFL1jgxk18cMcPOuDILV5wyPhXYMoNQHDK2Dlgy4jwcNIj9HDSYPvg03Xk8NRA3eDVVcbw1iC/4Nc1qPDYAKHg2RWK8Nngg+Da/qdw28Bl4NzeiXDdqYJg3r5rcN+JZGDgnk1w4WlGYOJ+L3DjSShg5F4RcOVXLuDmRy3w5zcQ4OgnD/DpFvLg6gbx8Or21ODr5tPw7Na24O3GtfDuv9Ng76/ScPCftWDxj7Rw8n+XYPNvlnD0X3lg9U94cPY/W2D3L1pw+Ch34PkPPHD6CFng+vhY8PvoO+D82Drw/cgd4P64HPD/p//gAJf+8AGH4eACd+DwA3D+YARg/XAFUOBgBkDfcAcwwmAHjRlwCRCkYAmtlPAK8IZgC+CFcAzZouANwGdwDrmE4A+pg/AQmWbgEYll8BJ5SOATaUfwFFkq4BVJKfAWOQzgFykL8BgiKWAZCO3wGgILYBryCnAb4e1gHNHscB3Bz2Aesc5wH6GxYCB2APAhgZNgIlXi8CNqr+AkNcTwJUqR4CYVpvAnKnPgJ/7DcCkKVeAp3qVwKuo34Cu+h3As01RgLZ5pcC6zNmAvfktwMJMYYDFnZ/AycvpgM0dJ8DRS3GA1JyvwNjK+YDcHDfA4G9rgOObv8Dn7vOA6xtHwO9ue4Dyv7nA9u4DgPo/QcD+bYuBAb7JwQYR/YEJPlHBDZGFgRC92cEVEQ2BF86jwRy1f4EfTivBJDUHgSbNs8ErtI+BLnIlwTNZAYE18a3BOtiJgT1xNcFCWBGBRPC9wUnXmYFMcEXBUVchgVPvzcFY1qmBW5Q/wWB7G4FjE8fBZ/qjgWqTT8FveiuBchLXwXb5s4F5kl/Bfnk7gYE20cGGHa2BiLZZwY2dNYGQNeHBlRy9gZe1acGcnEWBnzTxwaQbzYGmtHnBq5tVga5Y68GzP8eBtdhzwbq/T4G9V/vBwj7XgcTXg8HJvl+BzFcLwdE954HT+33B2OJZgdt7BcHgYeGB4vqNwefhaYHqehXB72DxgfH5ncH24HmB+Xklwf5gAYAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIDBAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgEC//+6ngAA///HwAEE//+5sAAI///HwAEM///HwAEQTE1UAEVEVABFU1QARVdUAEVQVAAAAAAAAQAAAAABVFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABT/////XgPwkP////+eph5w/////5+662D/////oIYAcP////+hms1g/////6Jl4nD/////o4Pp4P////+kaq5w/////6U1p2D/////plPK8P////+nFYlg/////6gzrPD/////qP6l4P////+qE47w/////6reh+D/////q/Nw8P////+svmng/////63TUvD/////rp5L4P////+vszTw/////7B+LeD/////sZxRcP////+yZ0pg/////7N8M3D/////tEcsYP////+1XBVw/////7YnDmD/////tzv3cP////+4BvBg/////7kb2XD/////uebSYP////+7BPXw/////7vGtGD/////vOTX8P////+9r9Dg/////77EufD/////v4+y4P/////ApJvw/////8FvlOD/////woR98P/////DT3bg/////8RkX/D/////xS9Y4P/////GTXxw/////8cPOuD/////yC1ecP/////I+Fdg/////8oNQHD/////ytg5YP/////LiPBw/////9Ij9HD/////0mD74P/////TdeTw/////9RA3eD/////1VXG8P/////WIL/g/////9c1qPD/////2ACh4P/////ZFYrw/////9ngg+D/////2v6ncP/////bwGXg/////9zeiXD/////3amCYP/////evmtw/////9+JZGD/////4J5NcP/////haUZg/////+J+L3D/////40koYP/////kXhFw/////+VXLuD/////5kct8P/////nNxDg/////+gnD/D/////6Rby4P/////qBvHw/////+r21OD/////6+bT8P/////s1rbg/////+3GtfD/////7r/TYP/////vr9Jw//////CftWD/////8Y+0cP/////yf5dg//////NvlnD/////9F95YP/////1T3hw//////Y/W2D/////9y9acP/////4KHfg//////kPPHD/////+ghZ4P/////6+Fjw//////voO+D//////Ng68P/////9yB3g//////64HPD//////6f/4AAAAAAAl/7wAAAAAAGH4eAAAAAAAnfg8AAAAAADcP5gAAAAAARg/XAAAAAABVDgYAAAAAAGQN9wAAAAAAcwwmAAAAAAB40ZcAAAAAAJEKRgAAAAAAmtlPAAAAAACvCGYAAAAAAL4IVwAAAAAAzZouAAAAAADcBncAAAAAAOuYTgAAAAAA+pg/AAAAAAEJlm4AAAAAARiWXwAAAAABJ5SOAAAAAAE2lH8AAAAAAUWSrgAAAAABVJKfAAAAAAFjkM4AAAAAAXKQvwAAAAABgiKWAAAAAAGQjt8AAAAAAaAgtgAAAAABryCnAAAAAAG+HtYAAAAAAc0exwAAAAAB3Bz2AAAAAAHrHOcAAAAAAfobFgAAAAACB2APAAAAAAIYGTYAAAAAAiVeLwAAAAACNqr+AAAAAAJDXE8AAAAAAlSpHgAAAAACYVpvAAAAAAJypz4AAAAAAn/sNwAAAAACkKVeAAAAAAKd6lcAAAAAAq6jfgAAAAACu+h3AAAAAALNNUYAAAAAAtnmlwAAAAAC6zNmAAAAAAL35LcAAAAAAwkxhgAAAAADFnZ/AAAAAAMnL6YAAAAAAzR0nwAAAAADRS3GAAAAAANScr8AAAAAA2Mr5gAAAAADcHDfAAAAAAOBva4AAAAAA45u/wAAAAADn7vOAAAAAAOsbR8AAAAAA7257gAAAAADyv7nAAAAAAPbuA4AAAAAA+j9BwAAAAAD+bYuAAAAAAQG+ycAAAAABBhH9gAAAAAEJPlHAAAAAAQ2RhYAAAAABEL3ZwAAAAAEVEQ2AAAAAARfOo8AAAAABHLV/gAAAAAEfTivAAAAAASQ1B4AAAAABJs2zwAAAAAErtI+AAAAAAS5yJcAAAAABM1kBgAAAAAE18a3AAAAAATrYiYAAAAABPXE1wAAAAAFCWBGAAAAAAUTwvcAAAAABSdeZgAAAAAFMcEXAAAAAAVFXIYAAAAABU+/NwAAAAAFY1qmAAAAAAVuUP8AAAAABYHsbgAAAAAFjE8fAAAAAAWf6o4AAAAABapNPwAAAAAFveiuAAAAAAXIS18AAAAABdvmzgAAAAAF5kl/AAAAAAX55O4AAAAABgTbRwAAAAAGGHa2AAAAAAYi2WcAAAAABjZ01gAAAAAGQNeHAAAAAAZUcvYAAAAABl7VpwAAAAAGcnEWAAAAAAZ808cAAAAABpBvNgAAAAAGmtHnAAAAAAaubVYAAAAABrljrwAAAAAGzP8eAAAAAAbXYc8AAAAABur9PgAAAAAG9V/vAAAAAAcI+14AAAAABxNeDwAAAAAHJvl+AAAAAAcxXC8AAAAAB0T3ngAAAAAHT+33AAAAAAdjiWYAAAAAB23sFwAAAAAHgYeGAAAAAAeL6jcAAAAAB5+FpgAAAAAHqehXAAAAAAe9g8YAAAAAB8fmdwAAAAAH24HmAAAAAAfl5JcAAAAAB/mABgAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgMEAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQL//7qeAAD//8fAAQT//7mwAAj//8fAAQz//8fAARBMTVQARURUAEVTVABFV1QARVBUAAAAAAABAAAAAAEKRVNUNUVEVCxNMy4yLjAsTTExLjEuMAo=
owner: root:root
path: /etc/localtime
permissions: '0644'
- path: /etc/localtime
owner: root:root
permissions: '0644'
encoding: "b64"
content: VFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABSAAAAAnqYecJ+662CghgBwoZrNYKJl4nCjg+ngpGqucKU1p2CmU8rwpxWJYKgzrPCo/qXgqhOO8Kreh+Cr83DwrL5p4K3TUvCunkvgr7M08LB+LeCxnFFwsmdKYLN8M3C0RyxgtVwVcLYnDmC3O/dwuAbwYLkb2XC55tJguwT18LvGtGC85Nfwva/Q4L7EufC/j7LgwKSb8MFvlODChH3ww0924MRkX/DFL1jgxk18cMcPOuDILV5wyPhXYMoNQHDK2Dlgy4jwcNIj9HDSYPvg03Xk8NRA3eDVVcbw1iC/4Nc1qPDYAKHg2RWK8Nngg+Da/qdw28Bl4NzeiXDdqYJg3r5rcN+JZGDgnk1w4WlGYOJ+L3DjSShg5F4RcOVXLuDmRy3w5zcQ4OgnD/DpFvLg6gbx8Or21ODr5tPw7Na24O3GtfDuv9Ng76/ScPCftWDxj7Rw8n+XYPNvlnD0X3lg9U94cPY/W2D3L1pw+Ch34PkPPHD6CFng+vhY8PvoO+D82Drw/cgd4P64HPD/p//gAJf+8AGH4eACd+DwA3D+YARg/XAFUOBgBkDfcAcwwmAHjRlwCRCkYAmtlPAK8IZgC+CFcAzZouANwGdwDrmE4A+pg/AQmWbgEYll8BJ5SOATaUfwFFkq4BVJKfAWOQzgFykL8BgiKWAZCO3wGgILYBryCnAb4e1gHNHscB3Bz2Aesc5wH6GxYCB2APAhgZNgIlXi8CNqr+AkNcTwJUqR4CYVpvAnKnPgJ/7DcCkKVeAp3qVwKuo34Cu+h3As01RgLZ5pcC6zNmAvfktwMJMYYDFnZ/AycvpgM0dJ8DRS3GA1JyvwNjK+YDcHDfA4G9rgOObv8Dn7vOA6xtHwO9ue4Dyv7nA9u4DgPo/QcD+bYuBAb7JwQYR/YEJPlHBDZGFgRC92cEVEQ2BF86jwRy1f4EfTivBJDUHgSbNs8ErtI+BLnIlwTNZAYE18a3BOtiJgT1xNcFCWBGBRPC9wUnXmYFMcEXBUVchgVPvzcFY1qmBW5Q/wWB7G4FjE8fBZ/qjgWqTT8FveiuBchLXwXb5s4F5kl/Bfnk7gYE20cGGHa2BiLZZwY2dNYGQNeHBlRy9gZe1acGcnEWBnzTxwaQbzYGmtHnBq5tVga5Y68GzP8eBtdhzwbq/T4G9V/vBwj7XgcTXg8HJvl+BzFcLwdE954HT+33B2OJZgdt7BcHgYeGB4vqNwefhaYHqehXB72DxgfH5ncH24HmB+Xklwf5gAYAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIDBAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgEC//+6ngAA///HwAEE//+5sAAI///HwAEM///HwAEQTE1UAEVEVABFU1QARVdUAEVQVAAAAAAAAQAAAAABVFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABT/////XgPwkP////+eph5w/////5+662D/////oIYAcP////+hms1g/////6Jl4nD/////o4Pp4P////+kaq5w/////6U1p2D/////plPK8P////+nFYlg/////6gzrPD/////qP6l4P////+qE47w/////6reh+D/////q/Nw8P////+svmng/////63TUvD/////rp5L4P////+vszTw/////7B+LeD/////sZxRcP////+yZ0pg/////7N8M3D/////tEcsYP////+1XBVw/////7YnDmD/////tzv3cP////+4BvBg/////7kb2XD/////uebSYP////+7BPXw/////7vGtGD/////vOTX8P////+9r9Dg/////77EufD/////v4+y4P/////ApJvw/////8FvlOD/////woR98P/////DT3bg/////8RkX/D/////xS9Y4P/////GTXxw/////8cPOuD/////yC1ecP/////I+Fdg/////8oNQHD/////ytg5YP/////LiPBw/////9Ij9HD/////0mD74P/////TdeTw/////9RA3eD/////1VXG8P/////WIL/g/////9c1qPD/////2ACh4P/////ZFYrw/////9ngg+D/////2v6ncP/////bwGXg/////9zeiXD/////3amCYP/////evmtw/////9+JZGD/////4J5NcP/////haUZg/////+J+L3D/////40koYP/////kXhFw/////+VXLuD/////5kct8P/////nNxDg/////+gnD/D/////6Rby4P/////qBvHw/////+r21OD/////6+bT8P/////s1rbg/////+3GtfD/////7r/TYP/////vr9Jw//////CftWD/////8Y+0cP/////yf5dg//////NvlnD/////9F95YP/////1T3hw//////Y/W2D/////9y9acP/////4KHfg//////kPPHD/////+ghZ4P/////6+Fjw//////voO+D//////Ng68P/////9yB3g//////64HPD//////6f/4AAAAAAAl/7wAAAAAAGH4eAAAAAAAnfg8AAAAAADcP5gAAAAAARg/XAAAAAABVDgYAAAAAAGQN9wAAAAAAcwwmAAAAAAB40ZcAAAAAAJEKRgAAAAAAmtlPAAAAAACvCGYAAAAAAL4IVwAAAAAAzZouAAAAAADcBncAAAAAAOuYTgAAAAAA+pg/AAAAAAEJlm4AAAAAARiWXwAAAAABJ5SOAAAAAAE2lH8AAAAAAUWSrgAAAAABVJKfAAAAAAFjkM4AAAAAAXKQvwAAAAABgiKWAAAAAAGQjt8AAAAAAaAgtgAAAAABryCnAAAAAAG+HtYAAAAAAc0exwAAAAAB3Bz2AAAAAAHrHOcAAAAAAfobFgAAAAACB2APAAAAAAIYGTYAAAAAAiVeLwAAAAACNqr+AAAAAAJDXE8AAAAAAlSpHgAAAAACYVpvAAAAAAJypz4AAAAAAn/sNwAAAAACkKVeAAAAAAKd6lcAAAAAAq6jfgAAAAACu+h3AAAAAALNNUYAAAAAAtnmlwAAAAAC6zNmAAAAAAL35LcAAAAAAwkxhgAAAAADFnZ/AAAAAAMnL6YAAAAAAzR0nwAAAAADRS3GAAAAAANScr8AAAAAA2Mr5gAAAAADcHDfAAAAAAOBva4AAAAAA45u/wAAAAADn7vOAAAAAAOsbR8AAAAAA7257gAAAAADyv7nAAAAAAPbuA4AAAAAA+j9BwAAAAAD+bYuAAAAAAQG+ycAAAAABBhH9gAAAAAEJPlHAAAAAAQ2RhYAAAAABEL3ZwAAAAAEVEQ2AAAAAARfOo8AAAAABHLV/gAAAAAEfTivAAAAAASQ1B4AAAAABJs2zwAAAAAErtI+AAAAAAS5yJcAAAAABM1kBgAAAAAE18a3AAAAAATrYiYAAAAABPXE1wAAAAAFCWBGAAAAAAUTwvcAAAAABSdeZgAAAAAFMcEXAAAAAAVFXIYAAAAABU+/NwAAAAAFY1qmAAAAAAVuUP8AAAAABYHsbgAAAAAFjE8fAAAAAAWf6o4AAAAABapNPwAAAAAFveiuAAAAAAXIS18AAAAABdvmzgAAAAAF5kl/AAAAAAX55O4AAAAABgTbRwAAAAAGGHa2AAAAAAYi2WcAAAAABjZ01gAAAAAGQNeHAAAAAAZUcvYAAAAABl7VpwAAAAAGcnEWAAAAAAZ808cAAAAABpBvNgAAAAAGmtHnAAAAAAaubVYAAAAABrljrwAAAAAGzP8eAAAAAAbXYc8AAAAABur9PgAAAAAG9V/vAAAAAAcI+14AAAAABxNeDwAAAAAHJvl+AAAAAAcxXC8AAAAAB0T3ngAAAAAHT+33AAAAAAdjiWYAAAAAB23sFwAAAAAHgYeGAAAAAAeL6jcAAAAAB5+FpgAAAAAHqehXAAAAAAe9g8YAAAAAB8fmdwAAAAAH24HmAAAAAAfl5JcAAAAAB/mABgAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgMEAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQL//7qeAAD//8fAAQT//7mwAAj//8fAAQz//8fAARBMTVQARURUAEVTVABFV1QARVBUAAAAAAABAAAAAAEKRVNUNUVEVCxNMy4yLjAsTTExLjEuMAo=
- path: /etc/ssh/trusted-user-ca-keys.pem
owner: root:root
content: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD3JshtNF0kfkiB6Dz4SQ7w5jSgx80N10egh39smzFUAmNECirdAJ9yMo28B2WD9uPX6NfAWySMuvi3H8fg0Lp/rLsDqrc3+wk72AmEf1KWSijAKwQ6/MI3Vvzi3m58oL3q6Y5CDaJN+Ir7ySYgTJntZ3jGfWBK0t/oIp7eET3d4zMYSJ5JbN2Rnj9cDxamT3sESe4ZVTn3inmgdijLR7r3epMButCszvZ7wsMra11nIHUHQRuqzEZTfms2lT+GpllhjSkLg95F+lFRKjV5huc9pb67wuFsWASYNqlAefa4w9vSW34idtvJyUJpSptIvtX1h0E2eVC0JX8R57n+Lf31UzcYqiY6+/HVd3ZPEjgtCcYVL97eIN/tDL9yzj/uDfXLp+qSDcxsv9EXshWuth0ZjOTlJUFDW9uCIMVO9cx7zzRYNtEZcUnXuWtSCNmTctFY5qt3s+qtkOu4Y8UjW7GHkJfSXlYbbply+mUwEIJ7D68hF+/MOSbrK22deD/Q8jlNh/ucSZOHckI2qb7PvTtibE5xu4qSEu/Gw+er5SVbEVvGl8a9hZJU3vH6GBIP5rqxpFR+ehejj3pEZHtss4/0EUUpILIkKsi50E6VWrPFaISBigX9e4RZF9iwHaG6ODMpFzuo3ljMzTelVaxyIuMmkqWgjL/KlMzpOcFHl1izbw==
- path: /etc/ssh/sshd_config
owner: root:root
content: |
AllowTcpForwarding no
GatewayPorts no
PasswordAuthentication no
X11Forwarding no
PermitRootLogin no
LoginGraceTime 30s
MaxAuthTries 5
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Subsystem sftp internal-sftp
TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem

25
k3os_cluster.yaml
View File

@@ -1,25 +0,0 @@
hostname: k3os
ssh_authorized_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFb/p/AdaQMlWqUNlE3NdSiX8Wxpr2q4gmsW/h/IbC2uU47VynMK5NZjZs00+HTRRg6LSj42zF9Q6zxn2RCoG0WGvU7c9JJbmnr9OB+TWg+0vBK0Ic9p5or5pMLE7OGRMiNwvIxmNXyBEH7m1VIz+Z2iiuOtNeicSOa8nTtz7mt+fQX6rCpolekFFbi+Hraq/wI9EDZO3FqWISEkHkLbYhwJS87PYkqIiuLqZhYahx7KtYcfVMpPuYy6Wjtd8enTT7FWHaeU9YkDtLF0XhDQOAWAvfpz0xfmsl2obzLJ5KMMlhCMz9FPfuglxnFy8X7QsnZ2KdVjwu6QcYlULFWBxt ducoterra@DucoBook.local"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaXVc2+dvnvzDE4GPQ/H9btIZL4mENo/u7aHFt/EbIvRsd8GdbO/ionpQqI9lh9syNkQMjld/zlA9rqzRv8MFMcVwiM0vfLMDs7Cu8Kd5u9bClgaR1NbfuWFM7kIfXI+MOZmpQokeYbOWr8agLALF4JAKplpOwSEirbUIM7ff6h3bvi8XKGlqQpZ1nbZLRwmRRjAvTNq/8j7Ql/nRlZmJo81ETlXAdCajOiIH+Fi3g/EM8XzRsMKFot3RtrbJeVJI5Yt5jhq6exATqlZfVciQUIHHez/Xgzjr1e5GJ39SSUFehgwWzl8TzMYT3fX1nopkb683gYr7bDMovraK79PYP ducoterra@freenas.ducoterra.net"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM6LvK2IMLXAJPAip0ozV6WcWsxtnGFZRfQzvpJbZl+r+TPdW+coKMenrnD5SZHfoL9EV6Wmg+F+td+rWAYGZ7xPOO3Kz1F5dEOnQ14YUttneTrsbj+4KGbxj9wNX3iQyFIsDSqjjumZVzUjQfFVbWrt1/UQFL35XttQju9mRVXGrE/AMKlbGmycpqabxyti0G1xCW81sXiMCTd0L/he83q18CGQbsdAEQkniTdiAtkPEn5QGl3UgGPAKoV3TbYjYCQ+LZ0FOGEV9A2O+U/nw9L1GpqwXHPJ/RNo+WzSFLIRkn3fFPrvIki7t2yzlxnWMrnRz+2LBTA5ake6FJfi8p ducoterra@dev"
boot_cmd:
- "echo America/New_York > /etc/timezone"
k3os:
k3s_args:
- server
- "--cluster-init"
- "--private-registry=/var/lib/rancher/k3s/registries.yaml"
- "--disable"
- "traefik"
- "--disable"
- "local-storage"
ntp_servers:
- 0.us.pool.ntp.org
- 1.us.pool.ntp.org
write_files:
- encoding: "b64"
content: VFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABSAAAAAnqYecJ+662CghgBwoZrNYKJl4nCjg+ngpGqucKU1p2CmU8rwpxWJYKgzrPCo/qXgqhOO8Kreh+Cr83DwrL5p4K3TUvCunkvgr7M08LB+LeCxnFFwsmdKYLN8M3C0RyxgtVwVcLYnDmC3O/dwuAbwYLkb2XC55tJguwT18LvGtGC85Nfwva/Q4L7EufC/j7LgwKSb8MFvlODChH3ww0924MRkX/DFL1jgxk18cMcPOuDILV5wyPhXYMoNQHDK2Dlgy4jwcNIj9HDSYPvg03Xk8NRA3eDVVcbw1iC/4Nc1qPDYAKHg2RWK8Nngg+Da/qdw28Bl4NzeiXDdqYJg3r5rcN+JZGDgnk1w4WlGYOJ+L3DjSShg5F4RcOVXLuDmRy3w5zcQ4OgnD/DpFvLg6gbx8Or21ODr5tPw7Na24O3GtfDuv9Ng76/ScPCftWDxj7Rw8n+XYPNvlnD0X3lg9U94cPY/W2D3L1pw+Ch34PkPPHD6CFng+vhY8PvoO+D82Drw/cgd4P64HPD/p//gAJf+8AGH4eACd+DwA3D+YARg/XAFUOBgBkDfcAcwwmAHjRlwCRCkYAmtlPAK8IZgC+CFcAzZouANwGdwDrmE4A+pg/AQmWbgEYll8BJ5SOATaUfwFFkq4BVJKfAWOQzgFykL8BgiKWAZCO3wGgILYBryCnAb4e1gHNHscB3Bz2Aesc5wH6GxYCB2APAhgZNgIlXi8CNqr+AkNcTwJUqR4CYVpvAnKnPgJ/7DcCkKVeAp3qVwKuo34Cu+h3As01RgLZ5pcC6zNmAvfktwMJMYYDFnZ/AycvpgM0dJ8DRS3GA1JyvwNjK+YDcHDfA4G9rgOObv8Dn7vOA6xtHwO9ue4Dyv7nA9u4DgPo/QcD+bYuBAb7JwQYR/YEJPlHBDZGFgRC92cEVEQ2BF86jwRy1f4EfTivBJDUHgSbNs8ErtI+BLnIlwTNZAYE18a3BOtiJgT1xNcFCWBGBRPC9wUnXmYFMcEXBUVchgVPvzcFY1qmBW5Q/wWB7G4FjE8fBZ/qjgWqTT8FveiuBchLXwXb5s4F5kl/Bfnk7gYE20cGGHa2BiLZZwY2dNYGQNeHBlRy9gZe1acGcnEWBnzTxwaQbzYGmtHnBq5tVga5Y68GzP8eBtdhzwbq/T4G9V/vBwj7XgcTXg8HJvl+BzFcLwdE954HT+33B2OJZgdt7BcHgYeGB4vqNwefhaYHqehXB72DxgfH5ncH24HmB+Xklwf5gAYAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIDBAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgEC//+6ngAA///HwAEE//+5sAAI///HwAEM///HwAEQTE1UAEVEVABFU1QARVdUAEVQVAAAAAAAAQAAAAABVFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABT/////XgPwkP////+eph5w/////5+662D/////oIYAcP////+hms1g/////6Jl4nD/////o4Pp4P////+kaq5w/////6U1p2D/////plPK8P////+nFYlg/////6gzrPD/////qP6l4P////+qE47w/////6reh+D/////q/Nw8P////+svmng/////63TUvD/////rp5L4P////+vszTw/////7B+LeD/////sZxRcP////+yZ0pg/////7N8M3D/////tEcsYP////+1XBVw/////7YnDmD/////tzv3cP////+4BvBg/////7kb2XD/////uebSYP////+7BPXw/////7vGtGD/////vOTX8P////+9r9Dg/////77EufD/////v4+y4P/////ApJvw/////8FvlOD/////woR98P/////DT3bg/////8RkX/D/////xS9Y4P/////GTXxw/////8cPOuD/////yC1ecP/////I+Fdg/////8oNQHD/////ytg5YP/////LiPBw/////9Ij9HD/////0mD74P/////TdeTw/////9RA3eD/////1VXG8P/////WIL/g/////9c1qPD/////2ACh4P/////ZFYrw/////9ngg+D/////2v6ncP/////bwGXg/////9zeiXD/////3amCYP/////evmtw/////9+JZGD/////4J5NcP/////haUZg/////+J+L3D/////40koYP/////kXhFw/////+VXLuD/////5kct8P/////nNxDg/////+gnD/D/////6Rby4P/////qBvHw/////+r21OD/////6+bT8P/////s1rbg/////+3GtfD/////7r/TYP/////vr9Jw//////CftWD/////8Y+0cP/////yf5dg//////NvlnD/////9F95YP/////1T3hw//////Y/W2D/////9y9acP/////4KHfg//////kPPHD/////+ghZ4P/////6+Fjw//////voO+D//////Ng68P/////9yB3g//////64HPD//////6f/4AAAAAAAl/7wAAAAAAGH4eAAAAAAAnfg8AAAAAADcP5gAAAAAARg/XAAAAAABVDgYAAAAAAGQN9wAAAAAAcwwmAAAAAAB40ZcAAAAAAJEKRgAAAAAAmtlPAAAAAACvCGYAAAAAAL4IVwAAAAAAzZouAAAAAADcBncAAAAAAOuYTgAAAAAA+pg/AAAAAAEJlm4AAAAAARiWXwAAAAABJ5SOAAAAAAE2lH8AAAAAAUWSrgAAAAABVJKfAAAAAAFjkM4AAAAAAXKQvwAAAAABgiKWAAAAAAGQjt8AAAAAAaAgtgAAAAABryCnAAAAAAG+HtYAAAAAAc0exwAAAAAB3Bz2AAAAAAHrHOcAAAAAAfobFgAAAAACB2APAAAAAAIYGTYAAAAAAiVeLwAAAAACNqr+AAAAAAJDXE8AAAAAAlSpHgAAAAACYVpvAAAAAAJypz4AAAAAAn/sNwAAAAACkKVeAAAAAAKd6lcAAAAAAq6jfgAAAAACu+h3AAAAAALNNUYAAAAAAtnmlwAAAAAC6zNmAAAAAAL35LcAAAAAAwkxhgAAAAADFnZ/AAAAAAMnL6YAAAAAAzR0nwAAAAADRS3GAAAAAANScr8AAAAAA2Mr5gAAAAADcHDfAAAAAAOBva4AAAAAA45u/wAAAAADn7vOAAAAAAOsbR8AAAAAA7257gAAAAADyv7nAAAAAAPbuA4AAAAAA+j9BwAAAAAD+bYuAAAAAAQG+ycAAAAABBhH9gAAAAAEJPlHAAAAAAQ2RhYAAAAABEL3ZwAAAAAEVEQ2AAAAAARfOo8AAAAABHLV/gAAAAAEfTivAAAAAASQ1B4AAAAABJs2zwAAAAAErtI+AAAAAAS5yJcAAAAABM1kBgAAAAAE18a3AAAAAATrYiYAAAAABPXE1wAAAAAFCWBGAAAAAAUTwvcAAAAABSdeZgAAAAAFMcEXAAAAAAVFXIYAAAAABU+/NwAAAAAFY1qmAAAAAAVuUP8AAAAABYHsbgAAAAAFjE8fAAAAAAWf6o4AAAAABapNPwAAAAAFveiuAAAAAAXIS18AAAAABdvmzgAAAAAF5kl/AAAAAAX55O4AAAAABgTbRwAAAAAGGHa2AAAAAAYi2WcAAAAABjZ01gAAAAAGQNeHAAAAAAZUcvYAAAAABl7VpwAAAAAGcnEWAAAAAAZ808cAAAAABpBvNgAAAAAGmtHnAAAAAAaubVYAAAAABrljrwAAAAAGzP8eAAAAAAbXYc8AAAAABur9PgAAAAAG9V/vAAAAAAcI+14AAAAABxNeDwAAAAAHJvl+AAAAAAcxXC8AAAAAB0T3ngAAAAAHT+33AAAAAAdjiWYAAAAAB23sFwAAAAAHgYeGAAAAAAeL6jcAAAAAB5+FpgAAAAAHqehXAAAAAAe9g8YAAAAAB8fmdwAAAAAH24HmAAAAAAfl5JcAAAAAB/mABgAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgMEAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQL//7qeAAD//8fAAQT//7mwAAj//8fAAQz//8fAARBMTVQARURUAEVTVABFV1QARVBUAAAAAAABAAAAAAEKRVNUNUVEVCxNMy4yLjAsTTExLjEuMAo=
owner: root:root
path: /etc/localtime
permissions: '0644'

44
k3os_server.yaml Normal file
View File

@@ -0,0 +1,44 @@
hostname: <hostname>
ssh_authorized_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj/4dbq6aRmaQ2lnySJLUySXYGx/ZIrYcRb6kczGey63zfadURR+k/d3+8JD56Mm89D4bSpfB6alAYa4R5H4MVHhYbc6RHBAMuh76XXPEkJBpQZ1SNZA8ycZKX6Qc9zHCQYYiCmK6/WxyMjyX4NUiDu0+kQ7TQiJ5bFA6fVyIeCYvbO/SZcVVzlA3Xz25akCyB8/dJccj+3ais+sh+K8mFv0Kbs76G0xCXj7tZ6sWeDnXbIUn0SaqofKv+Z7Y0d1D54gZWROuM2fsDkHmQIuU5QT003m79JbQxAnkDPAI2DQxplrzw6Ifcvu0h6oqOQ412snVJ/FYYJyizSpKjs8JeNTeM47rL64VJO7jDmJLD/nWumEGLr6WyCebibekgApbr4QUyiABqjYs41opf8+AzOERcj8s563hdI3eBkKxHKAm6+EvzAs0evdao+NeHKWBgcG8b9UjL+l1IFchRGB1MGrCD8DTwvtYaf5RaXQZwROnW9LvsRxrMHHlwJuC8mAc="
boot_cmd:
- "echo America/New_York > /etc/timezone"
k3os:
k3s_args:
- server
- "--cluster-init"
- "--private-registry=/var/lib/rancher/k3s/registries.yaml"
- "--disable"
- "traefik"
- "--disable"
- "local-storage"
ntp_servers:
- 0.us.pool.ntp.org
- 1.us.pool.ntp.org
write_files:
- encoding: "b64"
content: VFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABSAAAAAnqYecJ+662CghgBwoZrNYKJl4nCjg+ngpGqucKU1p2CmU8rwpxWJYKgzrPCo/qXgqhOO8Kreh+Cr83DwrL5p4K3TUvCunkvgr7M08LB+LeCxnFFwsmdKYLN8M3C0RyxgtVwVcLYnDmC3O/dwuAbwYLkb2XC55tJguwT18LvGtGC85Nfwva/Q4L7EufC/j7LgwKSb8MFvlODChH3ww0924MRkX/DFL1jgxk18cMcPOuDILV5wyPhXYMoNQHDK2Dlgy4jwcNIj9HDSYPvg03Xk8NRA3eDVVcbw1iC/4Nc1qPDYAKHg2RWK8Nngg+Da/qdw28Bl4NzeiXDdqYJg3r5rcN+JZGDgnk1w4WlGYOJ+L3DjSShg5F4RcOVXLuDmRy3w5zcQ4OgnD/DpFvLg6gbx8Or21ODr5tPw7Na24O3GtfDuv9Ng76/ScPCftWDxj7Rw8n+XYPNvlnD0X3lg9U94cPY/W2D3L1pw+Ch34PkPPHD6CFng+vhY8PvoO+D82Drw/cgd4P64HPD/p//gAJf+8AGH4eACd+DwA3D+YARg/XAFUOBgBkDfcAcwwmAHjRlwCRCkYAmtlPAK8IZgC+CFcAzZouANwGdwDrmE4A+pg/AQmWbgEYll8BJ5SOATaUfwFFkq4BVJKfAWOQzgFykL8BgiKWAZCO3wGgILYBryCnAb4e1gHNHscB3Bz2Aesc5wH6GxYCB2APAhgZNgIlXi8CNqr+AkNcTwJUqR4CYVpvAnKnPgJ/7DcCkKVeAp3qVwKuo34Cu+h3As01RgLZ5pcC6zNmAvfktwMJMYYDFnZ/AycvpgM0dJ8DRS3GA1JyvwNjK+YDcHDfA4G9rgOObv8Dn7vOA6xtHwO9ue4Dyv7nA9u4DgPo/QcD+bYuBAb7JwQYR/YEJPlHBDZGFgRC92cEVEQ2BF86jwRy1f4EfTivBJDUHgSbNs8ErtI+BLnIlwTNZAYE18a3BOtiJgT1xNcFCWBGBRPC9wUnXmYFMcEXBUVchgVPvzcFY1qmBW5Q/wWB7G4FjE8fBZ/qjgWqTT8FveiuBchLXwXb5s4F5kl/Bfnk7gYE20cGGHa2BiLZZwY2dNYGQNeHBlRy9gZe1acGcnEWBnzTxwaQbzYGmtHnBq5tVga5Y68GzP8eBtdhzwbq/T4G9V/vBwj7XgcTXg8HJvl+BzFcLwdE954HT+33B2OJZgdt7BcHgYeGB4vqNwefhaYHqehXB72DxgfH5ncH24HmB+Xklwf5gAYAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIDBAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgEC//+6ngAA///HwAEE//+5sAAI///HwAEM///HwAEQTE1UAEVEVABFU1QARVdUAEVQVAAAAAAAAQAAAAABVFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABT/////XgPwkP////+eph5w/////5+662D/////oIYAcP////+hms1g/////6Jl4nD/////o4Pp4P////+kaq5w/////6U1p2D/////plPK8P////+nFYlg/////6gzrPD/////qP6l4P////+qE47w/////6reh+D/////q/Nw8P////+svmng/////63TUvD/////rp5L4P////+vszTw/////7B+LeD/////sZxRcP////+yZ0pg/////7N8M3D/////tEcsYP////+1XBVw/////7YnDmD/////tzv3cP////+4BvBg/////7kb2XD/////uebSYP////+7BPXw/////7vGtGD/////vOTX8P////+9r9Dg/////77EufD/////v4+y4P/////ApJvw/////8FvlOD/////woR98P/////DT3bg/////8RkX/D/////xS9Y4P/////GTXxw/////8cPOuD/////yC1ecP/////I+Fdg/////8oNQHD/////ytg5YP/////LiPBw/////9Ij9HD/////0mD74P/////TdeTw/////9RA3eD/////1VXG8P/////WIL/g/////9c1qPD/////2ACh4P/////ZFYrw/////9ngg+D/////2v6ncP/////bwGXg/////9zeiXD/////3amCYP/////evmtw/////9+JZGD/////4J5NcP/////haUZg/////+J+L3D/////40koYP/////kXhFw/////+VXLuD/////5kct8P/////nNxDg/////+gnD/D/////6Rby4P/////qBvHw/////+r21OD/////6+bT8P/////s1rbg/////+3GtfD/////7r/TYP/////vr9Jw//////CftWD/////8Y+0cP/////yf5dg//////NvlnD/////9F95YP/////1T3hw//////Y/W2D/////9y9acP/////4KHfg//////kPPHD/////+ghZ4P/////6+Fjw//////voO+D//////Ng68P/////9yB3g//////64HPD//////6f/4AAAAAAAl/7wAAAAAAGH4eAAAAAAAnfg8AAAAAADcP5gAAAAAARg/XAAAAAABVDgYAAAAAAGQN9wAAAAAAcwwmAAAAAAB40ZcAAAAAAJEKRgAAAAAAmtlPAAAAAACvCGYAAAAAAL4IVwAAAAAAzZouAAAAAADcBncAAAAAAOuYTgAAAAAA+pg/AAAAAAEJlm4AAAAAARiWXwAAAAABJ5SOAAAAAAE2lH8AAAAAAUWSrgAAAAABVJKfAAAAAAFjkM4AAAAAAXKQvwAAAAABgiKWAAAAAAGQjt8AAAAAAaAgtgAAAAABryCnAAAAAAG+HtYAAAAAAc0exwAAAAAB3Bz2AAAAAAHrHOcAAAAAAfobFgAAAAACB2APAAAAAAIYGTYAAAAAAiVeLwAAAAACNqr+AAAAAAJDXE8AAAAAAlSpHgAAAAACYVpvAAAAAAJypz4AAAAAAn/sNwAAAAACkKVeAAAAAAKd6lcAAAAAAq6jfgAAAAACu+h3AAAAAALNNUYAAAAAAtnmlwAAAAAC6zNmAAAAAAL35LcAAAAAAwkxhgAAAAADFnZ/AAAAAAMnL6YAAAAAAzR0nwAAAAADRS3GAAAAAANScr8AAAAAA2Mr5gAAAAADcHDfAAAAAAOBva4AAAAAA45u/wAAAAADn7vOAAAAAAOsbR8AAAAAA7257gAAAAADyv7nAAAAAAPbuA4AAAAAA+j9BwAAAAAD+bYuAAAAAAQG+ycAAAAABBhH9gAAAAAEJPlHAAAAAAQ2RhYAAAAABEL3ZwAAAAAEVEQ2AAAAAARfOo8AAAAABHLV/gAAAAAEfTivAAAAAASQ1B4AAAAABJs2zwAAAAAErtI+AAAAAAS5yJcAAAAABM1kBgAAAAAE18a3AAAAAATrYiYAAAAABPXE1wAAAAAFCWBGAAAAAAUTwvcAAAAABSdeZgAAAAAFMcEXAAAAAAVFXIYAAAAABU+/NwAAAAAFY1qmAAAAAAVuUP8AAAAABYHsbgAAAAAFjE8fAAAAAAWf6o4AAAAABapNPwAAAAAFveiuAAAAAAXIS18AAAAABdvmzgAAAAAF5kl/AAAAAAX55O4AAAAABgTbRwAAAAAGGHa2AAAAAAYi2WcAAAAABjZ01gAAAAAGQNeHAAAAAAZUcvYAAAAABl7VpwAAAAAGcnEWAAAAAAZ808cAAAAABpBvNgAAAAAGmtHnAAAAAAaubVYAAAAABrljrwAAAAAGzP8eAAAAAAbXYc8AAAAABur9PgAAAAAG9V/vAAAAAAcI+14AAAAABxNeDwAAAAAHJvl+AAAAAAcxXC8AAAAAB0T3ngAAAAAHT+33AAAAAAdjiWYAAAAAB23sFwAAAAAHgYeGAAAAAAeL6jcAAAAAB5+FpgAAAAAHqehXAAAAAAe9g8YAAAAAB8fmdwAAAAAH24HmAAAAAAfl5JcAAAAAB/mABgAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgMEAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQL//7qeAAD//8fAAQT//7mwAAj//8fAAQz//8fAARBMTVQARURUAEVTVABFV1QARVBUAAAAAAABAAAAAAEKRVNUNUVEVCxNMy4yLjAsTTExLjEuMAo=
owner: root:root
path: /etc/localtime
permissions: '0644'
- content: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD3JshtNF0kfkiB6Dz4SQ7w5jSgx80N10egh39smzFUAmNECirdAJ9yMo28B2WD9uPX6NfAWySMuvi3H8fg0Lp/rLsDqrc3+wk72AmEf1KWSijAKwQ6/MI3Vvzi3m58oL3q6Y5CDaJN+Ir7ySYgTJntZ3jGfWBK0t/oIp7eET3d4zMYSJ5JbN2Rnj9cDxamT3sESe4ZVTn3inmgdijLR7r3epMButCszvZ7wsMra11nIHUHQRuqzEZTfms2lT+GpllhjSkLg95F+lFRKjV5huc9pb67wuFsWASYNqlAefa4w9vSW34idtvJyUJpSptIvtX1h0E2eVC0JX8R57n+Lf31UzcYqiY6+/HVd3ZPEjgtCcYVL97eIN/tDL9yzj/uDfXLp+qSDcxsv9EXshWuth0ZjOTlJUFDW9uCIMVO9cx7zzRYNtEZcUnXuWtSCNmTctFY5qt3s+qtkOu4Y8UjW7GHkJfSXlYbbply+mUwEIJ7D68hF+/MOSbrK22deD/Q8jlNh/ucSZOHckI2qb7PvTtibE5xu4qSEu/Gw+er5SVbEVvGl8a9hZJU3vH6GBIP5rqxpFR+ehejj3pEZHtss4/0EUUpILIkKsi50E6VWrPFaISBigX9e4RZF9iwHaG6ODMpFzuo3ljMzTelVaxyIuMmkqWgjL/KlMzpOcFHl1izbw==
owner: root:root
path: /etc/ssh/trusted-user-ca-keys.pem
- content: |
AllowTcpForwarding no
GatewayPorts no
PasswordAuthentication no
X11Forwarding no
PermitRootLogin no
LoginGraceTime 30s
MaxAuthTries 5
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Subsystem sftp internal-sftp
TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem
owner: root:root
path: /etc/ssh/sshd_config

11
mainframe.yaml
View File

@@ -1,11 +1,10 @@
hostname: mainframe
ssh_authorized_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFb/p/AdaQMlWqUNlE3NdSiX8Wxpr2q4gmsW/h/IbC2uU47VynMK5NZjZs00+HTRRg6LSj42zF9Q6zxn2RCoG0WGvU7c9JJbmnr9OB+TWg+0vBK0Ic9p5or5pMLE7OGRMiNwvIxmNXyBEH7m1VIz+Z2iiuOtNeicSOa8nTtz7mt+fQX6rCpolekFFbi+Hraq/wI9EDZO3FqWISEkHkLbYhwJS87PYkqIiuLqZhYahx7KtYcfVMpPuYy6Wjtd8enTT7FWHaeU9YkDtLF0XhDQOAWAvfpz0xfmsl2obzLJ5KMMlhCMz9FPfuglxnFy8X7QsnZ2KdVjwu6QcYlULFWBxt ducoterra@DucoBook.local"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaXVc2+dvnvzDE4GPQ/H9btIZL4mENo/u7aHFt/EbIvRsd8GdbO/ionpQqI9lh9syNkQMjld/zlA9rqzRv8MFMcVwiM0vfLMDs7Cu8Kd5u9bClgaR1NbfuWFM7kIfXI+MOZmpQokeYbOWr8agLALF4JAKplpOwSEirbUIM7ff6h3bvi8XKGlqQpZ1nbZLRwmRRjAvTNq/8j7Ql/nRlZmJo81ETlXAdCajOiIH+Fi3g/EM8XzRsMKFot3RtrbJeVJI5Yt5jhq6exATqlZfVciQUIHHez/Xgzjr1e5GJ39SSUFehgwWzl8TzMYT3fX1nopkb683gYr7bDMovraK79PYP ducoterra@freenas.ducoterra.net"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM6LvK2IMLXAJPAip0ozV6WcWsxtnGFZRfQzvpJbZl+r+TPdW+coKMenrnD5SZHfoL9EV6Wmg+F+td+rWAYGZ7xPOO3Kz1F5dEOnQ14YUttneTrsbj+4KGbxj9wNX3iQyFIsDSqjjumZVzUjQfFVbWrt1/UQFL35XttQju9mRVXGrE/AMKlbGmycpqabxyti0G1xCW81sXiMCTd0L/he83q18CGQbsdAEQkniTdiAtkPEn5QGl3UgGPAKoV3TbYjYCQ+LZ0FOGEV9A2O+U/nw9L1GpqwXHPJ/RNo+WzSFLIRkn3fFPrvIki7t2yzlxnWMrnRz+2LBTA5ake6FJfi8p ducoterra@dev"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj/4dbq6aRmaQ2lnySJLUySXYGx/ZIrYcRb6kczGey63zfadURR+k/d3+8JD56Mm89D4bSpfB6alAYa4R5H4MVHhYbc6RHBAMuh76XXPEkJBpQZ1SNZA8ycZKX6Qc9zHCQYYiCmK6/WxyMjyX4NUiDu0+kQ7TQiJ5bFA6fVyIeCYvbO/SZcVVzlA3Xz25akCyB8/dJccj+3ais+sh+K8mFv0Kbs76G0xCXj7tZ6sWeDnXbIUn0SaqofKv+Z7Y0d1D54gZWROuM2fsDkHmQIuU5QT003m79JbQxAnkDPAI2DQxplrzw6Ifcvu0h6oqOQ412snVJ/FYYJyizSpKjs8JeNTeM47rL64VJO7jDmJLD/nWumEGLr6WyCebibekgApbr4QUyiABqjYs41opf8+AzOERcj8s563hdI3eBkKxHKAm6+EvzAs0evdao+NeHKWBgcG8b9UjL+l1IFchRGB1MGrCD8DTwvtYaf5RaXQZwROnW9LvsRxrMHHlwJuC8mAc="
boot_cmd:
- "echo '6.0.22.2 freenas' | tee --append /etc/hosts"
- "echo America/New_York > /etc/timezone"
- "echo 'TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem' >> /etc/ssh/sshd_config"
run_cmd:
- "ip addr add 6.0.22.1/24 dev eth0"
- "ip link set dev eth0 up"
@@ -26,4 +25,8 @@ write_files:
content: VFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABSAAAAAnqYecJ+662CghgBwoZrNYKJl4nCjg+ngpGqucKU1p2CmU8rwpxWJYKgzrPCo/qXgqhOO8Kreh+Cr83DwrL5p4K3TUvCunkvgr7M08LB+LeCxnFFwsmdKYLN8M3C0RyxgtVwVcLYnDmC3O/dwuAbwYLkb2XC55tJguwT18LvGtGC85Nfwva/Q4L7EufC/j7LgwKSb8MFvlODChH3ww0924MRkX/DFL1jgxk18cMcPOuDILV5wyPhXYMoNQHDK2Dlgy4jwcNIj9HDSYPvg03Xk8NRA3eDVVcbw1iC/4Nc1qPDYAKHg2RWK8Nngg+Da/qdw28Bl4NzeiXDdqYJg3r5rcN+JZGDgnk1w4WlGYOJ+L3DjSShg5F4RcOVXLuDmRy3w5zcQ4OgnD/DpFvLg6gbx8Or21ODr5tPw7Na24O3GtfDuv9Ng76/ScPCftWDxj7Rw8n+XYPNvlnD0X3lg9U94cPY/W2D3L1pw+Ch34PkPPHD6CFng+vhY8PvoO+D82Drw/cgd4P64HPD/p//gAJf+8AGH4eACd+DwA3D+YARg/XAFUOBgBkDfcAcwwmAHjRlwCRCkYAmtlPAK8IZgC+CFcAzZouANwGdwDrmE4A+pg/AQmWbgEYll8BJ5SOATaUfwFFkq4BVJKfAWOQzgFykL8BgiKWAZCO3wGgILYBryCnAb4e1gHNHscB3Bz2Aesc5wH6GxYCB2APAhgZNgIlXi8CNqr+AkNcTwJUqR4CYVpvAnKnPgJ/7DcCkKVeAp3qVwKuo34Cu+h3As01RgLZ5pcC6zNmAvfktwMJMYYDFnZ/AycvpgM0dJ8DRS3GA1JyvwNjK+YDcHDfA4G9rgOObv8Dn7vOA6xtHwO9ue4Dyv7nA9u4DgPo/QcD+bYuBAb7JwQYR/YEJPlHBDZGFgRC92cEVEQ2BF86jwRy1f4EfTivBJDUHgSbNs8ErtI+BLnIlwTNZAYE18a3BOtiJgT1xNcFCWBGBRPC9wUnXmYFMcEXBUVchgVPvzcFY1qmBW5Q/wWB7G4FjE8fBZ/qjgWqTT8FveiuBchLXwXb5s4F5kl/Bfnk7gYE20cGGHa2BiLZZwY2dNYGQNeHBlRy9gZe1acGcnEWBnzTxwaQbzYGmtHnBq5tVga5Y68GzP8eBtdhzwbq/T4G9V/vBwj7XgcTXg8HJvl+BzFcLwdE954HT+33B2OJZgdt7BcHgYeGB4vqNwefhaYHqehXB72DxgfH5ncH24HmB+Xklwf5gAYAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIDBAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgEC//+6ngAA///HwAEE//+5sAAI///HwAEM///HwAEQTE1UAEVEVABFU1QARVdUAEVQVAAAAAAAAQAAAAABVFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABT/////XgPwkP////+eph5w/////5+662D/////oIYAcP////+hms1g/////6Jl4nD/////o4Pp4P////+kaq5w/////6U1p2D/////plPK8P////+nFYlg/////6gzrPD/////qP6l4P////+qE47w/////6reh+D/////q/Nw8P////+svmng/////63TUvD/////rp5L4P////+vszTw/////7B+LeD/////sZxRcP////+yZ0pg/////7N8M3D/////tEcsYP////+1XBVw/////7YnDmD/////tzv3cP////+4BvBg/////7kb2XD/////uebSYP////+7BPXw/////7vGtGD/////vOTX8P////+9r9Dg/////77EufD/////v4+y4P/////ApJvw/////8FvlOD/////woR98P/////DT3bg/////8RkX/D/////xS9Y4P/////GTXxw/////8cPOuD/////yC1ecP/////I+Fdg/////8oNQHD/////ytg5YP/////LiPBw/////9Ij9HD/////0mD74P/////TdeTw/////9RA3eD/////1VXG8P/////WIL/g/////9c1qPD/////2ACh4P/////ZFYrw/////9ngg+D/////2v6ncP/////bwGXg/////9zeiXD/////3amCYP/////evmtw/////9+JZGD/////4J5NcP/////haUZg/////+J+L3D/////40koYP/////kXhFw/////+VXLuD/////5kct8P/////nNxDg/////+gnD/D/////6Rby4P/////qBvHw/////+r21OD/////6+bT8P/////s1rbg/////+3GtfD/////7r/TYP/////vr9Jw//////CftWD/////8Y+0cP/////yf5dg//////NvlnD/////9F95YP/////1T3hw//////Y/W2D/////9y9acP/////4KHfg//////kPPHD/////+ghZ4P/////6+Fjw//////voO+D//////Ng68P/////9yB3g//////64HPD//////6f/4AAAAAAAl/7wAAAAAAGH4eAAAAAAAnfg8AAAAAADcP5gAAAAAARg/XAAAAAABVDgYAAAAAAGQN9wAAAAAAcwwmAAAAAAB40ZcAAAAAAJEKRgAAAAAAmtlPAAAAAACvCGYAAAAAAL4IVwAAAAAAzZouAAAAAADcBncAAAAAAOuYTgAAAAAA+pg/AAAAAAEJlm4AAAAAARiWXwAAAAABJ5SOAAAAAAE2lH8AAAAAAUWSrgAAAAABVJKfAAAAAAFjkM4AAAAAAXKQvwAAAAABgiKWAAAAAAGQjt8AAAAAAaAgtgAAAAABryCnAAAAAAG+HtYAAAAAAc0exwAAAAAB3Bz2AAAAAAHrHOcAAAAAAfobFgAAAAACB2APAAAAAAIYGTYAAAAAAiVeLwAAAAACNqr+AAAAAAJDXE8AAAAAAlSpHgAAAAACYVpvAAAAAAJypz4AAAAAAn/sNwAAAAACkKVeAAAAAAKd6lcAAAAAAq6jfgAAAAACu+h3AAAAAALNNUYAAAAAAtnmlwAAAAAC6zNmAAAAAAL35LcAAAAAAwkxhgAAAAADFnZ/AAAAAAMnL6YAAAAAAzR0nwAAAAADRS3GAAAAAANScr8AAAAAA2Mr5gAAAAADcHDfAAAAAAOBva4AAAAAA45u/wAAAAADn7vOAAAAAAOsbR8AAAAAA7257gAAAAADyv7nAAAAAAPbuA4AAAAAA+j9BwAAAAAD+bYuAAAAAAQG+ycAAAAABBhH9gAAAAAEJPlHAAAAAAQ2RhYAAAAABEL3ZwAAAAAEVEQ2AAAAAARfOo8AAAAABHLV/gAAAAAEfTivAAAAAASQ1B4AAAAABJs2zwAAAAAErtI+AAAAAAS5yJcAAAAABM1kBgAAAAAE18a3AAAAAATrYiYAAAAABPXE1wAAAAAFCWBGAAAAAAUTwvcAAAAABSdeZgAAAAAFMcEXAAAAAAVFXIYAAAAABU+/NwAAAAAFY1qmAAAAAAVuUP8AAAAABYHsbgAAAAAFjE8fAAAAAAWf6o4AAAAABapNPwAAAAAFveiuAAAAAAXIS18AAAAABdvmzgAAAAAF5kl/AAAAAAX55O4AAAAABgTbRwAAAAAGGHa2AAAAAAYi2WcAAAAABjZ01gAAAAAGQNeHAAAAAAZUcvYAAAAABl7VpwAAAAAGcnEWAAAAAAZ808cAAAAABpBvNgAAAAAGmtHnAAAAAAaubVYAAAAABrljrwAAAAAGzP8eAAAAAAbXYc8AAAAABur9PgAAAAAG9V/vAAAAAAcI+14AAAAABxNeDwAAAAAHJvl+AAAAAAcxXC8AAAAAB0T3ngAAAAAHT+33AAAAAAdjiWYAAAAAB23sFwAAAAAHgYeGAAAAAAeL6jcAAAAAB5+FpgAAAAAHqehXAAAAAAe9g8YAAAAAB8fmdwAAAAAH24HmAAAAAAfl5JcAAAAAB/mABgAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgMEAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQL//7qeAAD//8fAAQT//7mwAAj//8fAAQz//8fAARBMTVQARURUAEVTVABFV1QARVBUAAAAAAABAAAAAAEKRVNUNUVEVCxNMy4yLjAsTTExLjEuMAo=
owner: root:root
path: /etc/localtime
permissions: '0644'
permissions: '0644'
- content: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD3JshtNF0kfkiB6Dz4SQ7w5jSgx80N10egh39smzFUAmNECirdAJ9yMo28B2WD9uPX6NfAWySMuvi3H8fg0Lp/rLsDqrc3+wk72AmEf1KWSijAKwQ6/MI3Vvzi3m58oL3q6Y5CDaJN+Ir7ySYgTJntZ3jGfWBK0t/oIp7eET3d4zMYSJ5JbN2Rnj9cDxamT3sESe4ZVTn3inmgdijLR7r3epMButCszvZ7wsMra11nIHUHQRuqzEZTfms2lT+GpllhjSkLg95F+lFRKjV5huc9pb67wuFsWASYNqlAefa4w9vSW34idtvJyUJpSptIvtX1h0E2eVC0JX8R57n+Lf31UzcYqiY6+/HVd3ZPEjgtCcYVL97eIN/tDL9yzj/uDfXLp+qSDcxsv9EXshWuth0ZjOTlJUFDW9uCIMVO9cx7zzRYNtEZcUnXuWtSCNmTctFY5qt3s+qtkOu4Y8UjW7GHkJfSXlYbbply+mUwEIJ7D68hF+/MOSbrK22deD/Q8jlNh/ucSZOHckI2qb7PvTtibE5xu4qSEu/Gw+er5SVbEVvGl8a9hZJU3vH6GBIP5rqxpFR+ehejj3pEZHtss4/0EUUpILIkKsi50E6VWrPFaISBigX9e4RZF9iwHaG6ODMpFzuo3ljMzTelVaxyIuMmkqWgjL/KlMzpOcFHl1izbw==
owner: root:root
path: /etc/ssh/trusted-user-ca-keys.pem