diff --git a/.gitignore b/.gitignore index 00709bc..823b19e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ server/ +templates/ *.crt *.pem -*.key \ No newline at end of file +*.key diff --git a/README.md b/README.md index e7aff9f..d2719eb 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,31 @@ # Configuration Settings +## Requirements + +1. Install kustomize + + ```bash + brew install yq + ``` + +2. Configure vault variables + + ```bash + vault kv put secret/k3os-alpha.dnet/agent token= server_url= + ``` + +3. Template your server or agent + + ```bash + # server + HOSTNAME=; yq e ".hostname = \"$HOSTNAME\" | .k3os.token = \"$(vault kv get -field=token secret/k3os-alpha.dnet/agent)\" | .k3os.server_url = \"$(vault kv get -field=server_url secret/k3os-alpha.dnet/agent)\"" k3os_server.yaml > templates/$HOSTNAME.yaml + + # agent + HOSTNAME=; yq e ".hostname = \"$HOSTNAME\" | .k3os.token = \"$(vault kv get -field=token secret/k3os-alpha.dnet/agent)\" | .k3os.server_url = \"$(vault kv get -field=server_url secret/k3os-alpha.dnet/agent)\"" k3os_agent.yaml > templates/$HOSTNAME.yaml + ``` + +4. Save the template to /var/lib/rancher/k3os/config.yaml + ## Draining ```bash @@ -9,7 +35,7 @@ kubectl --context mainframe-admin drain mainframe --force --ignore-daemonsets -- ## Upgrading ```bash -kubectl label node mainframe plan.upgrade.cattle.io/k3os-latest=enabled --overwrite +kubectl label node k3os-alpha k3os.io/upgrade=enabled --overwrite ``` ## Mounting diff --git a/k3os_agent.yaml b/k3os_agent.yaml index 6fa0ba4..3780b80 100644 --- a/k3os_agent.yaml +++ b/k3os_agent.yaml @@ -1,19 +1,38 @@ -hostname: k3os- +hostname: ssh_authorized_keys: - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFb/p/AdaQMlWqUNlE3NdSiX8Wxpr2q4gmsW/h/IbC2uU47VynMK5NZjZs00+HTRRg6LSj42zF9Q6zxn2RCoG0WGvU7c9JJbmnr9OB+TWg+0vBK0Ic9p5or5pMLE7OGRMiNwvIxmNXyBEH7m1VIz+Z2iiuOtNeicSOa8nTtz7mt+fQX6rCpolekFFbi+Hraq/wI9EDZO3FqWISEkHkLbYhwJS87PYkqIiuLqZhYahx7KtYcfVMpPuYy6Wjtd8enTT7FWHaeU9YkDtLF0XhDQOAWAvfpz0xfmsl2obzLJ5KMMlhCMz9FPfuglxnFy8X7QsnZ2KdVjwu6QcYlULFWBxt ducoterra@DucoBook.local" - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaXVc2+dvnvzDE4GPQ/H9btIZL4mENo/u7aHFt/EbIvRsd8GdbO/ionpQqI9lh9syNkQMjld/zlA9rqzRv8MFMcVwiM0vfLMDs7Cu8Kd5u9bClgaR1NbfuWFM7kIfXI+MOZmpQokeYbOWr8agLALF4JAKplpOwSEirbUIM7ff6h3bvi8XKGlqQpZ1nbZLRwmRRjAvTNq/8j7Ql/nRlZmJo81ETlXAdCajOiIH+Fi3g/EM8XzRsMKFot3RtrbJeVJI5Yt5jhq6exATqlZfVciQUIHHez/Xgzjr1e5GJ39SSUFehgwWzl8TzMYT3fX1nopkb683gYr7bDMovraK79PYP ducoterra@freenas.ducoterra.net" - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM6LvK2IMLXAJPAip0ozV6WcWsxtnGFZRfQzvpJbZl+r+TPdW+coKMenrnD5SZHfoL9EV6Wmg+F+td+rWAYGZ7xPOO3Kz1F5dEOnQ14YUttneTrsbj+4KGbxj9wNX3iQyFIsDSqjjumZVzUjQfFVbWrt1/UQFL35XttQju9mRVXGrE/AMKlbGmycpqabxyti0G1xCW81sXiMCTd0L/he83q18CGQbsdAEQkniTdiAtkPEn5QGl3UgGPAKoV3TbYjYCQ+LZ0FOGEV9A2O+U/nw9L1GpqwXHPJ/RNo+WzSFLIRkn3fFPrvIki7t2yzlxnWMrnRz+2LBTA5ake6FJfi8p ducoterra@dev" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj/4dbq6aRmaQ2lnySJLUySXYGx/ZIrYcRb6kczGey63zfadURR+k/d3+8JD56Mm89D4bSpfB6alAYa4R5H4MVHhYbc6RHBAMuh76XXPEkJBpQZ1SNZA8ycZKX6Qc9zHCQYYiCmK6/WxyMjyX4NUiDu0+kQ7TQiJ5bFA6fVyIeCYvbO/SZcVVzlA3Xz25akCyB8/dJccj+3ais+sh+K8mFv0Kbs76G0xCXj7tZ6sWeDnXbIUn0SaqofKv+Z7Y0d1D54gZWROuM2fsDkHmQIuU5QT003m79JbQxAnkDPAI2DQxplrzw6Ifcvu0h6oqOQ412snVJ/FYYJyizSpKjs8JeNTeM47rL64VJO7jDmJLD/nWumEGLr6WyCebibekgApbr4QUyiABqjYs41opf8+AzOERcj8s563hdI3eBkKxHKAm6+EvzAs0evdao+NeHKWBgcG8b9UjL+l1IFchRGB1MGrCD8DTwvtYaf5RaXQZwROnW9LvsRxrMHHlwJuC8mAc=" boot_cmd: - "echo America/New_York > /etc/timezone" k3os: - server_url: https://3.14.3.200:6443 + server_url: token: ntp_servers: - 0.us.pool.ntp.org - 1.us.pool.ntp.org write_files: -- encoding: "b64" - content: VFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABSAAAAAnqYecJ+662CghgBwoZrNYKJl4nCjg+ngpGqucKU1p2CmU8rwpxWJYKgzrPCo/qXgqhOO8Kreh+Cr83DwrL5p4K3TUvCunkvgr7M08LB+LeCxnFFwsmdKYLN8M3C0RyxgtVwVcLYnDmC3O/dwuAbwYLkb2XC55tJguwT18LvGtGC85Nfwva/Q4L7EufC/j7LgwKSb8MFvlODChH3ww0924MRkX/DFL1jgxk18cMcPOuDILV5wyPhXYMoNQHDK2Dlgy4jwcNIj9HDSYPvg03Xk8NRA3eDVVcbw1iC/4Nc1qPDYAKHg2RWK8Nngg+Da/qdw28Bl4NzeiXDdqYJg3r5rcN+JZGDgnk1w4WlGYOJ+L3DjSShg5F4RcOVXLuDmRy3w5zcQ4OgnD/DpFvLg6gbx8Or21ODr5tPw7Na24O3GtfDuv9Ng76/ScPCftWDxj7Rw8n+XYPNvlnD0X3lg9U94cPY/W2D3L1pw+Ch34PkPPHD6CFng+vhY8PvoO+D82Drw/cgd4P64HPD/p//gAJf+8AGH4eACd+DwA3D+YARg/XAFUOBgBkDfcAcwwmAHjRlwCRCkYAmtlPAK8IZgC+CFcAzZouANwGdwDrmE4A+pg/AQmWbgEYll8BJ5SOATaUfwFFkq4BVJKfAWOQzgFykL8BgiKWAZCO3wGgILYBryCnAb4e1gHNHscB3Bz2Aesc5wH6GxYCB2APAhgZNgIlXi8CNqr+AkNcTwJUqR4CYVpvAnKnPgJ/7DcCkKVeAp3qVwKuo34Cu+h3As01RgLZ5pcC6zNmAvfktwMJMYYDFnZ/AycvpgM0dJ8DRS3GA1JyvwNjK+YDcHDfA4G9rgOObv8Dn7vOA6xtHwO9ue4Dyv7nA9u4DgPo/QcD+bYuBAb7JwQYR/YEJPlHBDZGFgRC92cEVEQ2BF86jwRy1f4EfTivBJDUHgSbNs8ErtI+BLnIlwTNZAYE18a3BOtiJgT1xNcFCWBGBRPC9wUnXmYFMcEXBUVchgVPvzcFY1qmBW5Q/wWB7G4FjE8fBZ/qjgWqTT8FveiuBchLXwXb5s4F5kl/Bfnk7gYE20cGGHa2BiLZZwY2dNYGQNeHBlRy9gZe1acGcnEWBnzTxwaQbzYGmtHnBq5tVga5Y68GzP8eBtdhzwbq/T4G9V/vBwj7XgcTXg8HJvl+BzFcLwdE954HT+33B2OJZgdt7BcHgYeGB4vqNwefhaYHqehXB72DxgfH5ncH24HmB+Xklwf5gAYAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIDBAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgEC//+6ngAA///HwAEE//+5sAAI///HwAEM///HwAEQTE1UAEVEVABFU1QARVdUAEVQVAAAAAAAAQAAAAABVFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABT/////XgPwkP////+eph5w/////5+662D/////oIYAcP////+hms1g/////6Jl4nD/////o4Pp4P////+kaq5w/////6U1p2D/////plPK8P////+nFYlg/////6gzrPD/////qP6l4P////+qE47w/////6reh+D/////q/Nw8P////+svmng/////63TUvD/////rp5L4P////+vszTw/////7B+LeD/////sZxRcP////+yZ0pg/////7N8M3D/////tEcsYP////+1XBVw/////7YnDmD/////tzv3cP////+4BvBg/////7kb2XD/////uebSYP////+7BPXw/////7vGtGD/////vOTX8P////+9r9Dg/////77EufD/////v4+y4P/////ApJvw/////8FvlOD/////woR98P/////DT3bg/////8RkX/D/////xS9Y4P/////GTXxw/////8cPOuD/////yC1ecP/////I+Fdg/////8oNQHD/////ytg5YP/////LiPBw/////9Ij9HD/////0mD74P/////TdeTw/////9RA3eD/////1VXG8P/////WIL/g/////9c1qPD/////2ACh4P/////ZFYrw/////9ngg+D/////2v6ncP/////bwGXg/////9zeiXD/////3amCYP/////evmtw/////9+JZGD/////4J5NcP/////haUZg/////+J+L3D/////40koYP/////kXhFw/////+VXLuD/////5kct8P/////nNxDg/////+gnD/D/////6Rby4P/////qBvHw/////+r21OD/////6+bT8P/////s1rbg/////+3GtfD/////7r/TYP/////vr9Jw//////CftWD/////8Y+0cP/////yf5dg//////NvlnD/////9F95YP/////1T3hw//////Y/W2D/////9y9acP/////4KHfg//////kPPHD/////+ghZ4P/////6+Fjw//////voO+D//////Ng68P/////9yB3g//////64HPD//////6f/4AAAAAAAl/7wAAAAAAGH4eAAAAAAAnfg8AAAAAADcP5gAAAAAARg/XAAAAAABVDgYAAAAAAGQN9wAAAAAAcwwmAAAAAAB40ZcAAAAAAJEKRgAAAAAAmtlPAAAAAACvCGYAAAAAAL4IVwAAAAAAzZouAAAAAADcBncAAAAAAOuYTgAAAAAA+pg/AAAAAAEJlm4AAAAAARiWXwAAAAABJ5SOAAAAAAE2lH8AAAAAAUWSrgAAAAABVJKfAAAAAAFjkM4AAAAAAXKQvwAAAAABgiKWAAAAAAGQjt8AAAAAAaAgtgAAAAABryCnAAAAAAG+HtYAAAAAAc0exwAAAAAB3Bz2AAAAAAHrHOcAAAAAAfobFgAAAAACB2APAAAAAAIYGTYAAAAAAiVeLwAAAAACNqr+AAAAAAJDXE8AAAAAAlSpHgAAAAACYVpvAAAAAAJypz4AAAAAAn/sNwAAAAACkKVeAAAAAAKd6lcAAAAAAq6jfgAAAAACu+h3AAAAAALNNUYAAAAAAtnmlwAAAAAC6zNmAAAAAAL35LcAAAAAAwkxhgAAAAADFnZ/AAAAAAMnL6YAAAAAAzR0nwAAAAADRS3GAAAAAANScr8AAAAAA2Mr5gAAAAADcHDfAAAAAAOBva4AAAAAA45u/wAAAAADn7vOAAAAAAOsbR8AAAAAA7257gAAAAADyv7nAAAAAAPbuA4AAAAAA+j9BwAAAAAD+bYuAAAAAAQG+ycAAAAABBhH9gAAAAAEJPlHAAAAAAQ2RhYAAAAABEL3ZwAAAAAEVEQ2AAAAAARfOo8AAAAABHLV/gAAAAAEfTivAAAAAASQ1B4AAAAABJs2zwAAAAAErtI+AAAAAAS5yJcAAAAABM1kBgAAAAAE18a3AAAAAATrYiYAAAAABPXE1wAAAAAFCWBGAAAAAAUTwvcAAAAABSdeZgAAAAAFMcEXAAAAAAVFXIYAAAAABU+/NwAAAAAFY1qmAAAAAAVuUP8AAAAABYHsbgAAAAAFjE8fAAAAAAWf6o4AAAAABapNPwAAAAAFveiuAAAAAAXIS18AAAAABdvmzgAAAAAF5kl/AAAAAAX55O4AAAAABgTbRwAAAAAGGHa2AAAAAAYi2WcAAAAABjZ01gAAAAAGQNeHAAAAAAZUcvYAAAAABl7VpwAAAAAGcnEWAAAAAAZ808cAAAAABpBvNgAAAAAGmtHnAAAAAAaubVYAAAAABrljrwAAAAAGzP8eAAAAAAbXYc8AAAAABur9PgAAAAAG9V/vAAAAAAcI+14AAAAABxNeDwAAAAAHJvl+AAAAAAcxXC8AAAAAB0T3ngAAAAAHT+33AAAAAAdjiWYAAAAAB23sFwAAAAAHgYeGAAAAAAeL6jcAAAAAB5+FpgAAAAAHqehXAAAAAAe9g8YAAAAAB8fmdwAAAAAH24HmAAAAAAfl5JcAAAAAB/mABgAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgMEAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQL//7qeAAD//8fAAQT//7mwAAj//8fAAQz//8fAARBMTVQARURUAEVTVABFV1QARVBUAAAAAAABAAAAAAEKRVNUNUVEVCxNMy4yLjAsTTExLjEuMAo= - owner: root:root - path: /etc/localtime - permissions: '0644' + - path: /etc/localtime + owner: root:root + permissions: '0644' + encoding: "b64" + content: VFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABSAAAAAnqYecJ+662CghgBwoZrNYKJl4nCjg+ngpGqucKU1p2CmU8rwpxWJYKgzrPCo/qXgqhOO8Kreh+Cr83DwrL5p4K3TUvCunkvgr7M08LB+LeCxnFFwsmdKYLN8M3C0RyxgtVwVcLYnDmC3O/dwuAbwYLkb2XC55tJguwT18LvGtGC85Nfwva/Q4L7EufC/j7LgwKSb8MFvlODChH3ww0924MRkX/DFL1jgxk18cMcPOuDILV5wyPhXYMoNQHDK2Dlgy4jwcNIj9HDSYPvg03Xk8NRA3eDVVcbw1iC/4Nc1qPDYAKHg2RWK8Nngg+Da/qdw28Bl4NzeiXDdqYJg3r5rcN+JZGDgnk1w4WlGYOJ+L3DjSShg5F4RcOVXLuDmRy3w5zcQ4OgnD/DpFvLg6gbx8Or21ODr5tPw7Na24O3GtfDuv9Ng76/ScPCftWDxj7Rw8n+XYPNvlnD0X3lg9U94cPY/W2D3L1pw+Ch34PkPPHD6CFng+vhY8PvoO+D82Drw/cgd4P64HPD/p//gAJf+8AGH4eACd+DwA3D+YARg/XAFUOBgBkDfcAcwwmAHjRlwCRCkYAmtlPAK8IZgC+CFcAzZouANwGdwDrmE4A+pg/AQmWbgEYll8BJ5SOATaUfwFFkq4BVJKfAWOQzgFykL8BgiKWAZCO3wGgILYBryCnAb4e1gHNHscB3Bz2Aesc5wH6GxYCB2APAhgZNgIlXi8CNqr+AkNcTwJUqR4CYVpvAnKnPgJ/7DcCkKVeAp3qVwKuo34Cu+h3As01RgLZ5pcC6zNmAvfktwMJMYYDFnZ/AycvpgM0dJ8DRS3GA1JyvwNjK+YDcHDfA4G9rgOObv8Dn7vOA6xtHwO9ue4Dyv7nA9u4DgPo/QcD+bYuBAb7JwQYR/YEJPlHBDZGFgRC92cEVEQ2BF86jwRy1f4EfTivBJDUHgSbNs8ErtI+BLnIlwTNZAYE18a3BOtiJgT1xNcFCWBGBRPC9wUnXmYFMcEXBUVchgVPvzcFY1qmBW5Q/wWB7G4FjE8fBZ/qjgWqTT8FveiuBchLXwXb5s4F5kl/Bfnk7gYE20cGGHa2BiLZZwY2dNYGQNeHBlRy9gZe1acGcnEWBnzTxwaQbzYGmtHnBq5tVga5Y68GzP8eBtdhzwbq/T4G9V/vBwj7XgcTXg8HJvl+BzFcLwdE954HT+33B2OJZgdt7BcHgYeGB4vqNwefhaYHqehXB72DxgfH5ncH24HmB+Xklwf5gAYAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIDBAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgEC//+6ngAA///HwAEE//+5sAAI///HwAEM///HwAEQTE1UAEVEVABFU1QARVdUAEVQVAAAAAAAAQAAAAABVFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABT/////XgPwkP////+eph5w/////5+662D/////oIYAcP////+hms1g/////6Jl4nD/////o4Pp4P////+kaq5w/////6U1p2D/////plPK8P////+nFYlg/////6gzrPD/////qP6l4P////+qE47w/////6reh+D/////q/Nw8P////+svmng/////63TUvD/////rp5L4P////+vszTw/////7B+LeD/////sZxRcP////+yZ0pg/////7N8M3D/////tEcsYP////+1XBVw/////7YnDmD/////tzv3cP////+4BvBg/////7kb2XD/////uebSYP////+7BPXw/////7vGtGD/////vOTX8P////+9r9Dg/////77EufD/////v4+y4P/////ApJvw/////8FvlOD/////woR98P/////DT3bg/////8RkX/D/////xS9Y4P/////GTXxw/////8cPOuD/////yC1ecP/////I+Fdg/////8oNQHD/////ytg5YP/////LiPBw/////9Ij9HD/////0mD74P/////TdeTw/////9RA3eD/////1VXG8P/////WIL/g/////9c1qPD/////2ACh4P/////ZFYrw/////9ngg+D/////2v6ncP/////bwGXg/////9zeiXD/////3amCYP/////evmtw/////9+JZGD/////4J5NcP/////haUZg/////+J+L3D/////40koYP/////kXhFw/////+VXLuD/////5kct8P/////nNxDg/////+gnD/D/////6Rby4P/////qBvHw/////+r21OD/////6+bT8P/////s1rbg/////+3GtfD/////7r/TYP/////vr9Jw//////CftWD/////8Y+0cP/////yf5dg//////NvlnD/////9F95YP/////1T3hw//////Y/W2D/////9y9acP/////4KHfg//////kPPHD/////+ghZ4P/////6+Fjw//////voO+D//////Ng68P/////9yB3g//////64HPD//////6f/4AAAAAAAl/7wAAAAAAGH4eAAAAAAAnfg8AAAAAADcP5gAAAAAARg/XAAAAAABVDgYAAAAAAGQN9wAAAAAAcwwmAAAAAAB40ZcAAAAAAJEKRgAAAAAAmtlPAAAAAACvCGYAAAAAAL4IVwAAAAAAzZouAAAAAADcBncAAAAAAOuYTgAAAAAA+pg/AAAAAAEJlm4AAAAAARiWXwAAAAABJ5SOAAAAAAE2lH8AAAAAAUWSrgAAAAABVJKfAAAAAAFjkM4AAAAAAXKQvwAAAAABgiKWAAAAAAGQjt8AAAAAAaAgtgAAAAABryCnAAAAAAG+HtYAAAAAAc0exwAAAAAB3Bz2AAAAAAHrHOcAAAAAAfobFgAAAAACB2APAAAAAAIYGTYAAAAAAiVeLwAAAAACNqr+AAAAAAJDXE8AAAAAAlSpHgAAAAACYVpvAAAAAAJypz4AAAAAAn/sNwAAAAACkKVeAAAAAAKd6lcAAAAAAq6jfgAAAAACu+h3AAAAAALNNUYAAAAAAtnmlwAAAAAC6zNmAAAAAAL35LcAAAAAAwkxhgAAAAADFnZ/AAAAAAMnL6YAAAAAAzR0nwAAAAADRS3GAAAAAANScr8AAAAAA2Mr5gAAAAADcHDfAAAAAAOBva4AAAAAA45u/wAAAAADn7vOAAAAAAOsbR8AAAAAA7257gAAAAADyv7nAAAAAAPbuA4AAAAAA+j9BwAAAAAD+bYuAAAAAAQG+ycAAAAABBhH9gAAAAAEJPlHAAAAAAQ2RhYAAAAABEL3ZwAAAAAEVEQ2AAAAAARfOo8AAAAABHLV/gAAAAAEfTivAAAAAASQ1B4AAAAABJs2zwAAAAAErtI+AAAAAAS5yJcAAAAABM1kBgAAAAAE18a3AAAAAATrYiYAAAAABPXE1wAAAAAFCWBGAAAAAAUTwvcAAAAABSdeZgAAAAAFMcEXAAAAAAVFXIYAAAAABU+/NwAAAAAFY1qmAAAAAAVuUP8AAAAABYHsbgAAAAAFjE8fAAAAAAWf6o4AAAAABapNPwAAAAAFveiuAAAAAAXIS18AAAAABdvmzgAAAAAF5kl/AAAAAAX55O4AAAAABgTbRwAAAAAGGHa2AAAAAAYi2WcAAAAABjZ01gAAAAAGQNeHAAAAAAZUcvYAAAAABl7VpwAAAAAGcnEWAAAAAAZ808cAAAAABpBvNgAAAAAGmtHnAAAAAAaubVYAAAAABrljrwAAAAAGzP8eAAAAAAbXYc8AAAAABur9PgAAAAAG9V/vAAAAAAcI+14AAAAABxNeDwAAAAAHJvl+AAAAAAcxXC8AAAAAB0T3ngAAAAAHT+33AAAAAAdjiWYAAAAAB23sFwAAAAAHgYeGAAAAAAeL6jcAAAAAB5+FpgAAAAAHqehXAAAAAAe9g8YAAAAAB8fmdwAAAAAH24HmAAAAAAfl5JcAAAAAB/mABgAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgMEAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQL//7qeAAD//8fAAQT//7mwAAj//8fAAQz//8fAARBMTVQARURUAEVTVABFV1QARVBUAAAAAAABAAAAAAEKRVNUNUVEVCxNMy4yLjAsTTExLjEuMAo= + - path: /etc/ssh/trusted-user-ca-keys.pem + owner: root:root + content: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD3JshtNF0kfkiB6Dz4SQ7w5jSgx80N10egh39smzFUAmNECirdAJ9yMo28B2WD9uPX6NfAWySMuvi3H8fg0Lp/rLsDqrc3+wk72AmEf1KWSijAKwQ6/MI3Vvzi3m58oL3q6Y5CDaJN+Ir7ySYgTJntZ3jGfWBK0t/oIp7eET3d4zMYSJ5JbN2Rnj9cDxamT3sESe4ZVTn3inmgdijLR7r3epMButCszvZ7wsMra11nIHUHQRuqzEZTfms2lT+GpllhjSkLg95F+lFRKjV5huc9pb67wuFsWASYNqlAefa4w9vSW34idtvJyUJpSptIvtX1h0E2eVC0JX8R57n+Lf31UzcYqiY6+/HVd3ZPEjgtCcYVL97eIN/tDL9yzj/uDfXLp+qSDcxsv9EXshWuth0ZjOTlJUFDW9uCIMVO9cx7zzRYNtEZcUnXuWtSCNmTctFY5qt3s+qtkOu4Y8UjW7GHkJfSXlYbbply+mUwEIJ7D68hF+/MOSbrK22deD/Q8jlNh/ucSZOHckI2qb7PvTtibE5xu4qSEu/Gw+er5SVbEVvGl8a9hZJU3vH6GBIP5rqxpFR+ehejj3pEZHtss4/0EUUpILIkKsi50E6VWrPFaISBigX9e4RZF9iwHaG6ODMpFzuo3ljMzTelVaxyIuMmkqWgjL/KlMzpOcFHl1izbw== + - path: /etc/ssh/sshd_config + owner: root:root + content: | + AllowTcpForwarding no + GatewayPorts no + PasswordAuthentication no + X11Forwarding no + PermitRootLogin no + LoginGraceTime 30s + MaxAuthTries 5 + + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com + KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 + + Subsystem sftp internal-sftp + TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem diff --git a/k3os_cluster.yaml b/k3os_cluster.yaml deleted file mode 100644 index 851a30e..0000000 --- a/k3os_cluster.yaml +++ /dev/null @@ -1,25 +0,0 @@ -hostname: k3os -ssh_authorized_keys: - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFb/p/AdaQMlWqUNlE3NdSiX8Wxpr2q4gmsW/h/IbC2uU47VynMK5NZjZs00+HTRRg6LSj42zF9Q6zxn2RCoG0WGvU7c9JJbmnr9OB+TWg+0vBK0Ic9p5or5pMLE7OGRMiNwvIxmNXyBEH7m1VIz+Z2iiuOtNeicSOa8nTtz7mt+fQX6rCpolekFFbi+Hraq/wI9EDZO3FqWISEkHkLbYhwJS87PYkqIiuLqZhYahx7KtYcfVMpPuYy6Wjtd8enTT7FWHaeU9YkDtLF0XhDQOAWAvfpz0xfmsl2obzLJ5KMMlhCMz9FPfuglxnFy8X7QsnZ2KdVjwu6QcYlULFWBxt ducoterra@DucoBook.local" - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaXVc2+dvnvzDE4GPQ/H9btIZL4mENo/u7aHFt/EbIvRsd8GdbO/ionpQqI9lh9syNkQMjld/zlA9rqzRv8MFMcVwiM0vfLMDs7Cu8Kd5u9bClgaR1NbfuWFM7kIfXI+MOZmpQokeYbOWr8agLALF4JAKplpOwSEirbUIM7ff6h3bvi8XKGlqQpZ1nbZLRwmRRjAvTNq/8j7Ql/nRlZmJo81ETlXAdCajOiIH+Fi3g/EM8XzRsMKFot3RtrbJeVJI5Yt5jhq6exATqlZfVciQUIHHez/Xgzjr1e5GJ39SSUFehgwWzl8TzMYT3fX1nopkb683gYr7bDMovraK79PYP ducoterra@freenas.ducoterra.net" - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM6LvK2IMLXAJPAip0ozV6WcWsxtnGFZRfQzvpJbZl+r+TPdW+coKMenrnD5SZHfoL9EV6Wmg+F+td+rWAYGZ7xPOO3Kz1F5dEOnQ14YUttneTrsbj+4KGbxj9wNX3iQyFIsDSqjjumZVzUjQfFVbWrt1/UQFL35XttQju9mRVXGrE/AMKlbGmycpqabxyti0G1xCW81sXiMCTd0L/he83q18CGQbsdAEQkniTdiAtkPEn5QGl3UgGPAKoV3TbYjYCQ+LZ0FOGEV9A2O+U/nw9L1GpqwXHPJ/RNo+WzSFLIRkn3fFPrvIki7t2yzlxnWMrnRz+2LBTA5ake6FJfi8p ducoterra@dev" -boot_cmd: - - "echo America/New_York > /etc/timezone" -k3os: - k3s_args: - - server - - "--cluster-init" - - "--private-registry=/var/lib/rancher/k3s/registries.yaml" - - "--disable" - - "traefik" - - "--disable" - - "local-storage" - ntp_servers: - - 0.us.pool.ntp.org - - 1.us.pool.ntp.org -write_files: -- encoding: "b64" - content: VFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABSAAAAAnqYecJ+662CghgBwoZrNYKJl4nCjg+ngpGqucKU1p2CmU8rwpxWJYKgzrPCo/qXgqhOO8Kreh+Cr83DwrL5p4K3TUvCunkvgr7M08LB+LeCxnFFwsmdKYLN8M3C0RyxgtVwVcLYnDmC3O/dwuAbwYLkb2XC55tJguwT18LvGtGC85Nfwva/Q4L7EufC/j7LgwKSb8MFvlODChH3ww0924MRkX/DFL1jgxk18cMcPOuDILV5wyPhXYMoNQHDK2Dlgy4jwcNIj9HDSYPvg03Xk8NRA3eDVVcbw1iC/4Nc1qPDYAKHg2RWK8Nngg+Da/qdw28Bl4NzeiXDdqYJg3r5rcN+JZGDgnk1w4WlGYOJ+L3DjSShg5F4RcOVXLuDmRy3w5zcQ4OgnD/DpFvLg6gbx8Or21ODr5tPw7Na24O3GtfDuv9Ng76/ScPCftWDxj7Rw8n+XYPNvlnD0X3lg9U94cPY/W2D3L1pw+Ch34PkPPHD6CFng+vhY8PvoO+D82Drw/cgd4P64HPD/p//gAJf+8AGH4eACd+DwA3D+YARg/XAFUOBgBkDfcAcwwmAHjRlwCRCkYAmtlPAK8IZgC+CFcAzZouANwGdwDrmE4A+pg/AQmWbgEYll8BJ5SOATaUfwFFkq4BVJKfAWOQzgFykL8BgiKWAZCO3wGgILYBryCnAb4e1gHNHscB3Bz2Aesc5wH6GxYCB2APAhgZNgIlXi8CNqr+AkNcTwJUqR4CYVpvAnKnPgJ/7DcCkKVeAp3qVwKuo34Cu+h3As01RgLZ5pcC6zNmAvfktwMJMYYDFnZ/AycvpgM0dJ8DRS3GA1JyvwNjK+YDcHDfA4G9rgOObv8Dn7vOA6xtHwO9ue4Dyv7nA9u4DgPo/QcD+bYuBAb7JwQYR/YEJPlHBDZGFgRC92cEVEQ2BF86jwRy1f4EfTivBJDUHgSbNs8ErtI+BLnIlwTNZAYE18a3BOtiJgT1xNcFCWBGBRPC9wUnXmYFMcEXBUVchgVPvzcFY1qmBW5Q/wWB7G4FjE8fBZ/qjgWqTT8FveiuBchLXwXb5s4F5kl/Bfnk7gYE20cGGHa2BiLZZwY2dNYGQNeHBlRy9gZe1acGcnEWBnzTxwaQbzYGmtHnBq5tVga5Y68GzP8eBtdhzwbq/T4G9V/vBwj7XgcTXg8HJvl+BzFcLwdE954HT+33B2OJZgdt7BcHgYeGB4vqNwefhaYHqehXB72DxgfH5ncH24HmB+Xklwf5gAYAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIDBAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgEC//+6ngAA///HwAEE//+5sAAI///HwAEM///HwAEQTE1UAEVEVABFU1QARVdUAEVQVAAAAAAAAQAAAAABVFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABT/////XgPwkP////+eph5w/////5+662D/////oIYAcP////+hms1g/////6Jl4nD/////o4Pp4P////+kaq5w/////6U1p2D/////plPK8P////+nFYlg/////6gzrPD/////qP6l4P////+qE47w/////6reh+D/////q/Nw8P////+svmng/////63TUvD/////rp5L4P////+vszTw/////7B+LeD/////sZxRcP////+yZ0pg/////7N8M3D/////tEcsYP////+1XBVw/////7YnDmD/////tzv3cP////+4BvBg/////7kb2XD/////uebSYP////+7BPXw/////7vGtGD/////vOTX8P////+9r9Dg/////77EufD/////v4+y4P/////ApJvw/////8FvlOD/////woR98P/////DT3bg/////8RkX/D/////xS9Y4P/////GTXxw/////8cPOuD/////yC1ecP/////I+Fdg/////8oNQHD/////ytg5YP/////LiPBw/////9Ij9HD/////0mD74P/////TdeTw/////9RA3eD/////1VXG8P/////WIL/g/////9c1qPD/////2ACh4P/////ZFYrw/////9ngg+D/////2v6ncP/////bwGXg/////9zeiXD/////3amCYP/////evmtw/////9+JZGD/////4J5NcP/////haUZg/////+J+L3D/////40koYP/////kXhFw/////+VXLuD/////5kct8P/////nNxDg/////+gnD/D/////6Rby4P/////qBvHw/////+r21OD/////6+bT8P/////s1rbg/////+3GtfD/////7r/TYP/////vr9Jw//////CftWD/////8Y+0cP/////yf5dg//////NvlnD/////9F95YP/////1T3hw//////Y/W2D/////9y9acP/////4KHfg//////kPPHD/////+ghZ4P/////6+Fjw//////voO+D//////Ng68P/////9yB3g//////64HPD//////6f/4AAAAAAAl/7wAAAAAAGH4eAAAAAAAnfg8AAAAAADcP5gAAAAAARg/XAAAAAABVDgYAAAAAAGQN9wAAAAAAcwwmAAAAAAB40ZcAAAAAAJEKRgAAAAAAmtlPAAAAAACvCGYAAAAAAL4IVwAAAAAAzZouAAAAAADcBncAAAAAAOuYTgAAAAAA+pg/AAAAAAEJlm4AAAAAARiWXwAAAAABJ5SOAAAAAAE2lH8AAAAAAUWSrgAAAAABVJKfAAAAAAFjkM4AAAAAAXKQvwAAAAABgiKWAAAAAAGQjt8AAAAAAaAgtgAAAAABryCnAAAAAAG+HtYAAAAAAc0exwAAAAAB3Bz2AAAAAAHrHOcAAAAAAfobFgAAAAACB2APAAAAAAIYGTYAAAAAAiVeLwAAAAACNqr+AAAAAAJDXE8AAAAAAlSpHgAAAAACYVpvAAAAAAJypz4AAAAAAn/sNwAAAAACkKVeAAAAAAKd6lcAAAAAAq6jfgAAAAACu+h3AAAAAALNNUYAAAAAAtnmlwAAAAAC6zNmAAAAAAL35LcAAAAAAwkxhgAAAAADFnZ/AAAAAAMnL6YAAAAAAzR0nwAAAAADRS3GAAAAAANScr8AAAAAA2Mr5gAAAAADcHDfAAAAAAOBva4AAAAAA45u/wAAAAADn7vOAAAAAAOsbR8AAAAAA7257gAAAAADyv7nAAAAAAPbuA4AAAAAA+j9BwAAAAAD+bYuAAAAAAQG+ycAAAAABBhH9gAAAAAEJPlHAAAAAAQ2RhYAAAAABEL3ZwAAAAAEVEQ2AAAAAARfOo8AAAAABHLV/gAAAAAEfTivAAAAAASQ1B4AAAAABJs2zwAAAAAErtI+AAAAAAS5yJcAAAAABM1kBgAAAAAE18a3AAAAAATrYiYAAAAABPXE1wAAAAAFCWBGAAAAAAUTwvcAAAAABSdeZgAAAAAFMcEXAAAAAAVFXIYAAAAABU+/NwAAAAAFY1qmAAAAAAVuUP8AAAAABYHsbgAAAAAFjE8fAAAAAAWf6o4AAAAABapNPwAAAAAFveiuAAAAAAXIS18AAAAABdvmzgAAAAAF5kl/AAAAAAX55O4AAAAABgTbRwAAAAAGGHa2AAAAAAYi2WcAAAAABjZ01gAAAAAGQNeHAAAAAAZUcvYAAAAABl7VpwAAAAAGcnEWAAAAAAZ808cAAAAABpBvNgAAAAAGmtHnAAAAAAaubVYAAAAABrljrwAAAAAGzP8eAAAAAAbXYc8AAAAABur9PgAAAAAG9V/vAAAAAAcI+14AAAAABxNeDwAAAAAHJvl+AAAAAAcxXC8AAAAAB0T3ngAAAAAHT+33AAAAAAdjiWYAAAAAB23sFwAAAAAHgYeGAAAAAAeL6jcAAAAAB5+FpgAAAAAHqehXAAAAAAe9g8YAAAAAB8fmdwAAAAAH24HmAAAAAAfl5JcAAAAAB/mABgAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgMEAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQL//7qeAAD//8fAAQT//7mwAAj//8fAAQz//8fAARBMTVQARURUAEVTVABFV1QARVBUAAAAAAABAAAAAAEKRVNUNUVEVCxNMy4yLjAsTTExLjEuMAo= - owner: root:root - path: /etc/localtime - permissions: '0644' diff --git a/k3os_server.yaml b/k3os_server.yaml new file mode 100644 index 0000000..cec269d --- /dev/null +++ b/k3os_server.yaml @@ -0,0 +1,44 @@ +hostname: +ssh_authorized_keys: + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj/4dbq6aRmaQ2lnySJLUySXYGx/ZIrYcRb6kczGey63zfadURR+k/d3+8JD56Mm89D4bSpfB6alAYa4R5H4MVHhYbc6RHBAMuh76XXPEkJBpQZ1SNZA8ycZKX6Qc9zHCQYYiCmK6/WxyMjyX4NUiDu0+kQ7TQiJ5bFA6fVyIeCYvbO/SZcVVzlA3Xz25akCyB8/dJccj+3ais+sh+K8mFv0Kbs76G0xCXj7tZ6sWeDnXbIUn0SaqofKv+Z7Y0d1D54gZWROuM2fsDkHmQIuU5QT003m79JbQxAnkDPAI2DQxplrzw6Ifcvu0h6oqOQ412snVJ/FYYJyizSpKjs8JeNTeM47rL64VJO7jDmJLD/nWumEGLr6WyCebibekgApbr4QUyiABqjYs41opf8+AzOERcj8s563hdI3eBkKxHKAm6+EvzAs0evdao+NeHKWBgcG8b9UjL+l1IFchRGB1MGrCD8DTwvtYaf5RaXQZwROnW9LvsRxrMHHlwJuC8mAc=" +boot_cmd: + - "echo America/New_York > /etc/timezone" +k3os: + k3s_args: + - server + - "--cluster-init" + - "--private-registry=/var/lib/rancher/k3s/registries.yaml" + - "--disable" + - "traefik" + - "--disable" + - "local-storage" + ntp_servers: + - 0.us.pool.ntp.org + - 1.us.pool.ntp.org +write_files: + - encoding: "b64" + content: VFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABSAAAAAnqYecJ+662CghgBwoZrNYKJl4nCjg+ngpGqucKU1p2CmU8rwpxWJYKgzrPCo/qXgqhOO8Kreh+Cr83DwrL5p4K3TUvCunkvgr7M08LB+LeCxnFFwsmdKYLN8M3C0RyxgtVwVcLYnDmC3O/dwuAbwYLkb2XC55tJguwT18LvGtGC85Nfwva/Q4L7EufC/j7LgwKSb8MFvlODChH3ww0924MRkX/DFL1jgxk18cMcPOuDILV5wyPhXYMoNQHDK2Dlgy4jwcNIj9HDSYPvg03Xk8NRA3eDVVcbw1iC/4Nc1qPDYAKHg2RWK8Nngg+Da/qdw28Bl4NzeiXDdqYJg3r5rcN+JZGDgnk1w4WlGYOJ+L3DjSShg5F4RcOVXLuDmRy3w5zcQ4OgnD/DpFvLg6gbx8Or21ODr5tPw7Na24O3GtfDuv9Ng76/ScPCftWDxj7Rw8n+XYPNvlnD0X3lg9U94cPY/W2D3L1pw+Ch34PkPPHD6CFng+vhY8PvoO+D82Drw/cgd4P64HPD/p//gAJf+8AGH4eACd+DwA3D+YARg/XAFUOBgBkDfcAcwwmAHjRlwCRCkYAmtlPAK8IZgC+CFcAzZouANwGdwDrmE4A+pg/AQmWbgEYll8BJ5SOATaUfwFFkq4BVJKfAWOQzgFykL8BgiKWAZCO3wGgILYBryCnAb4e1gHNHscB3Bz2Aesc5wH6GxYCB2APAhgZNgIlXi8CNqr+AkNcTwJUqR4CYVpvAnKnPgJ/7DcCkKVeAp3qVwKuo34Cu+h3As01RgLZ5pcC6zNmAvfktwMJMYYDFnZ/AycvpgM0dJ8DRS3GA1JyvwNjK+YDcHDfA4G9rgOObv8Dn7vOA6xtHwO9ue4Dyv7nA9u4DgPo/QcD+bYuBAb7JwQYR/YEJPlHBDZGFgRC92cEVEQ2BF86jwRy1f4EfTivBJDUHgSbNs8ErtI+BLnIlwTNZAYE18a3BOtiJgT1xNcFCWBGBRPC9wUnXmYFMcEXBUVchgVPvzcFY1qmBW5Q/wWB7G4FjE8fBZ/qjgWqTT8FveiuBchLXwXb5s4F5kl/Bfnk7gYE20cGGHa2BiLZZwY2dNYGQNeHBlRy9gZe1acGcnEWBnzTxwaQbzYGmtHnBq5tVga5Y68GzP8eBtdhzwbq/T4G9V/vBwj7XgcTXg8HJvl+BzFcLwdE954HT+33B2OJZgdt7BcHgYeGB4vqNwefhaYHqehXB72DxgfH5ncH24HmB+Xklwf5gAYAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIDBAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgEC//+6ngAA///HwAEE//+5sAAI///HwAEM///HwAEQTE1UAEVEVABFU1QARVdUAEVQVAAAAAAAAQAAAAABVFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABT/////XgPwkP////+eph5w/////5+662D/////oIYAcP////+hms1g/////6Jl4nD/////o4Pp4P////+kaq5w/////6U1p2D/////plPK8P////+nFYlg/////6gzrPD/////qP6l4P////+qE47w/////6reh+D/////q/Nw8P////+svmng/////63TUvD/////rp5L4P////+vszTw/////7B+LeD/////sZxRcP////+yZ0pg/////7N8M3D/////tEcsYP////+1XBVw/////7YnDmD/////tzv3cP////+4BvBg/////7kb2XD/////uebSYP////+7BPXw/////7vGtGD/////vOTX8P////+9r9Dg/////77EufD/////v4+y4P/////ApJvw/////8FvlOD/////woR98P/////DT3bg/////8RkX/D/////xS9Y4P/////GTXxw/////8cPOuD/////yC1ecP/////I+Fdg/////8oNQHD/////ytg5YP/////LiPBw/////9Ij9HD/////0mD74P/////TdeTw/////9RA3eD/////1VXG8P/////WIL/g/////9c1qPD/////2ACh4P/////ZFYrw/////9ngg+D/////2v6ncP/////bwGXg/////9zeiXD/////3amCYP/////evmtw/////9+JZGD/////4J5NcP/////haUZg/////+J+L3D/////40koYP/////kXhFw/////+VXLuD/////5kct8P/////nNxDg/////+gnD/D/////6Rby4P/////qBvHw/////+r21OD/////6+bT8P/////s1rbg/////+3GtfD/////7r/TYP/////vr9Jw//////CftWD/////8Y+0cP/////yf5dg//////NvlnD/////9F95YP/////1T3hw//////Y/W2D/////9y9acP/////4KHfg//////kPPHD/////+ghZ4P/////6+Fjw//////voO+D//////Ng68P/////9yB3g//////64HPD//////6f/4AAAAAAAl/7wAAAAAAGH4eAAAAAAAnfg8AAAAAADcP5gAAAAAARg/XAAAAAABVDgYAAAAAAGQN9wAAAAAAcwwmAAAAAAB40ZcAAAAAAJEKRgAAAAAAmtlPAAAAAACvCGYAAAAAAL4IVwAAAAAAzZouAAAAAADcBncAAAAAAOuYTgAAAAAA+pg/AAAAAAEJlm4AAAAAARiWXwAAAAABJ5SOAAAAAAE2lH8AAAAAAUWSrgAAAAABVJKfAAAAAAFjkM4AAAAAAXKQvwAAAAABgiKWAAAAAAGQjt8AAAAAAaAgtgAAAAABryCnAAAAAAG+HtYAAAAAAc0exwAAAAAB3Bz2AAAAAAHrHOcAAAAAAfobFgAAAAACB2APAAAAAAIYGTYAAAAAAiVeLwAAAAACNqr+AAAAAAJDXE8AAAAAAlSpHgAAAAACYVpvAAAAAAJypz4AAAAAAn/sNwAAAAACkKVeAAAAAAKd6lcAAAAAAq6jfgAAAAACu+h3AAAAAALNNUYAAAAAAtnmlwAAAAAC6zNmAAAAAAL35LcAAAAAAwkxhgAAAAADFnZ/AAAAAAMnL6YAAAAAAzR0nwAAAAADRS3GAAAAAANScr8AAAAAA2Mr5gAAAAADcHDfAAAAAAOBva4AAAAAA45u/wAAAAADn7vOAAAAAAOsbR8AAAAAA7257gAAAAADyv7nAAAAAAPbuA4AAAAAA+j9BwAAAAAD+bYuAAAAAAQG+ycAAAAABBhH9gAAAAAEJPlHAAAAAAQ2RhYAAAAABEL3ZwAAAAAEVEQ2AAAAAARfOo8AAAAABHLV/gAAAAAEfTivAAAAAASQ1B4AAAAABJs2zwAAAAAErtI+AAAAAAS5yJcAAAAABM1kBgAAAAAE18a3AAAAAATrYiYAAAAABPXE1wAAAAAFCWBGAAAAAAUTwvcAAAAABSdeZgAAAAAFMcEXAAAAAAVFXIYAAAAABU+/NwAAAAAFY1qmAAAAAAVuUP8AAAAABYHsbgAAAAAFjE8fAAAAAAWf6o4AAAAABapNPwAAAAAFveiuAAAAAAXIS18AAAAABdvmzgAAAAAF5kl/AAAAAAX55O4AAAAABgTbRwAAAAAGGHa2AAAAAAYi2WcAAAAABjZ01gAAAAAGQNeHAAAAAAZUcvYAAAAABl7VpwAAAAAGcnEWAAAAAAZ808cAAAAABpBvNgAAAAAGmtHnAAAAAAaubVYAAAAABrljrwAAAAAGzP8eAAAAAAbXYc8AAAAABur9PgAAAAAG9V/vAAAAAAcI+14AAAAABxNeDwAAAAAHJvl+AAAAAAcxXC8AAAAAB0T3ngAAAAAHT+33AAAAAAdjiWYAAAAAB23sFwAAAAAHgYeGAAAAAAeL6jcAAAAAB5+FpgAAAAAHqehXAAAAAAe9g8YAAAAAB8fmdwAAAAAH24HmAAAAAAfl5JcAAAAAB/mABgAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgMEAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQL//7qeAAD//8fAAQT//7mwAAj//8fAAQz//8fAARBMTVQARURUAEVTVABFV1QARVBUAAAAAAABAAAAAAEKRVNUNUVEVCxNMy4yLjAsTTExLjEuMAo= + owner: root:root + path: /etc/localtime + permissions: '0644' + - content: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD3JshtNF0kfkiB6Dz4SQ7w5jSgx80N10egh39smzFUAmNECirdAJ9yMo28B2WD9uPX6NfAWySMuvi3H8fg0Lp/rLsDqrc3+wk72AmEf1KWSijAKwQ6/MI3Vvzi3m58oL3q6Y5CDaJN+Ir7ySYgTJntZ3jGfWBK0t/oIp7eET3d4zMYSJ5JbN2Rnj9cDxamT3sESe4ZVTn3inmgdijLR7r3epMButCszvZ7wsMra11nIHUHQRuqzEZTfms2lT+GpllhjSkLg95F+lFRKjV5huc9pb67wuFsWASYNqlAefa4w9vSW34idtvJyUJpSptIvtX1h0E2eVC0JX8R57n+Lf31UzcYqiY6+/HVd3ZPEjgtCcYVL97eIN/tDL9yzj/uDfXLp+qSDcxsv9EXshWuth0ZjOTlJUFDW9uCIMVO9cx7zzRYNtEZcUnXuWtSCNmTctFY5qt3s+qtkOu4Y8UjW7GHkJfSXlYbbply+mUwEIJ7D68hF+/MOSbrK22deD/Q8jlNh/ucSZOHckI2qb7PvTtibE5xu4qSEu/Gw+er5SVbEVvGl8a9hZJU3vH6GBIP5rqxpFR+ehejj3pEZHtss4/0EUUpILIkKsi50E6VWrPFaISBigX9e4RZF9iwHaG6ODMpFzuo3ljMzTelVaxyIuMmkqWgjL/KlMzpOcFHl1izbw== + owner: root:root + path: /etc/ssh/trusted-user-ca-keys.pem + - content: | + AllowTcpForwarding no + GatewayPorts no + PasswordAuthentication no + X11Forwarding no + PermitRootLogin no + LoginGraceTime 30s + MaxAuthTries 5 + + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com + KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 + + Subsystem sftp internal-sftp + TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem + owner: root:root + path: /etc/ssh/sshd_config diff --git a/mainframe.yaml b/mainframe.yaml index 5ce521a..e3467cb 100644 --- a/mainframe.yaml +++ b/mainframe.yaml @@ -1,11 +1,10 @@ hostname: mainframe ssh_authorized_keys: - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFb/p/AdaQMlWqUNlE3NdSiX8Wxpr2q4gmsW/h/IbC2uU47VynMK5NZjZs00+HTRRg6LSj42zF9Q6zxn2RCoG0WGvU7c9JJbmnr9OB+TWg+0vBK0Ic9p5or5pMLE7OGRMiNwvIxmNXyBEH7m1VIz+Z2iiuOtNeicSOa8nTtz7mt+fQX6rCpolekFFbi+Hraq/wI9EDZO3FqWISEkHkLbYhwJS87PYkqIiuLqZhYahx7KtYcfVMpPuYy6Wjtd8enTT7FWHaeU9YkDtLF0XhDQOAWAvfpz0xfmsl2obzLJ5KMMlhCMz9FPfuglxnFy8X7QsnZ2KdVjwu6QcYlULFWBxt ducoterra@DucoBook.local" - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaXVc2+dvnvzDE4GPQ/H9btIZL4mENo/u7aHFt/EbIvRsd8GdbO/ionpQqI9lh9syNkQMjld/zlA9rqzRv8MFMcVwiM0vfLMDs7Cu8Kd5u9bClgaR1NbfuWFM7kIfXI+MOZmpQokeYbOWr8agLALF4JAKplpOwSEirbUIM7ff6h3bvi8XKGlqQpZ1nbZLRwmRRjAvTNq/8j7Ql/nRlZmJo81ETlXAdCajOiIH+Fi3g/EM8XzRsMKFot3RtrbJeVJI5Yt5jhq6exATqlZfVciQUIHHez/Xgzjr1e5GJ39SSUFehgwWzl8TzMYT3fX1nopkb683gYr7bDMovraK79PYP ducoterra@freenas.ducoterra.net" - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM6LvK2IMLXAJPAip0ozV6WcWsxtnGFZRfQzvpJbZl+r+TPdW+coKMenrnD5SZHfoL9EV6Wmg+F+td+rWAYGZ7xPOO3Kz1F5dEOnQ14YUttneTrsbj+4KGbxj9wNX3iQyFIsDSqjjumZVzUjQfFVbWrt1/UQFL35XttQju9mRVXGrE/AMKlbGmycpqabxyti0G1xCW81sXiMCTd0L/he83q18CGQbsdAEQkniTdiAtkPEn5QGl3UgGPAKoV3TbYjYCQ+LZ0FOGEV9A2O+U/nw9L1GpqwXHPJ/RNo+WzSFLIRkn3fFPrvIki7t2yzlxnWMrnRz+2LBTA5ake6FJfi8p ducoterra@dev" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj/4dbq6aRmaQ2lnySJLUySXYGx/ZIrYcRb6kczGey63zfadURR+k/d3+8JD56Mm89D4bSpfB6alAYa4R5H4MVHhYbc6RHBAMuh76XXPEkJBpQZ1SNZA8ycZKX6Qc9zHCQYYiCmK6/WxyMjyX4NUiDu0+kQ7TQiJ5bFA6fVyIeCYvbO/SZcVVzlA3Xz25akCyB8/dJccj+3ais+sh+K8mFv0Kbs76G0xCXj7tZ6sWeDnXbIUn0SaqofKv+Z7Y0d1D54gZWROuM2fsDkHmQIuU5QT003m79JbQxAnkDPAI2DQxplrzw6Ifcvu0h6oqOQ412snVJ/FYYJyizSpKjs8JeNTeM47rL64VJO7jDmJLD/nWumEGLr6WyCebibekgApbr4QUyiABqjYs41opf8+AzOERcj8s563hdI3eBkKxHKAm6+EvzAs0evdao+NeHKWBgcG8b9UjL+l1IFchRGB1MGrCD8DTwvtYaf5RaXQZwROnW9LvsRxrMHHlwJuC8mAc=" boot_cmd: - "echo '6.0.22.2 freenas' | tee --append /etc/hosts" - "echo America/New_York > /etc/timezone" + - "echo 'TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem' >> /etc/ssh/sshd_config" run_cmd: - "ip addr add 6.0.22.1/24 dev eth0" - "ip link set dev eth0 up" @@ -26,4 +25,8 @@ write_files: content: VFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABSAAAAAnqYecJ+662CghgBwoZrNYKJl4nCjg+ngpGqucKU1p2CmU8rwpxWJYKgzrPCo/qXgqhOO8Kreh+Cr83DwrL5p4K3TUvCunkvgr7M08LB+LeCxnFFwsmdKYLN8M3C0RyxgtVwVcLYnDmC3O/dwuAbwYLkb2XC55tJguwT18LvGtGC85Nfwva/Q4L7EufC/j7LgwKSb8MFvlODChH3ww0924MRkX/DFL1jgxk18cMcPOuDILV5wyPhXYMoNQHDK2Dlgy4jwcNIj9HDSYPvg03Xk8NRA3eDVVcbw1iC/4Nc1qPDYAKHg2RWK8Nngg+Da/qdw28Bl4NzeiXDdqYJg3r5rcN+JZGDgnk1w4WlGYOJ+L3DjSShg5F4RcOVXLuDmRy3w5zcQ4OgnD/DpFvLg6gbx8Or21ODr5tPw7Na24O3GtfDuv9Ng76/ScPCftWDxj7Rw8n+XYPNvlnD0X3lg9U94cPY/W2D3L1pw+Ch34PkPPHD6CFng+vhY8PvoO+D82Drw/cgd4P64HPD/p//gAJf+8AGH4eACd+DwA3D+YARg/XAFUOBgBkDfcAcwwmAHjRlwCRCkYAmtlPAK8IZgC+CFcAzZouANwGdwDrmE4A+pg/AQmWbgEYll8BJ5SOATaUfwFFkq4BVJKfAWOQzgFykL8BgiKWAZCO3wGgILYBryCnAb4e1gHNHscB3Bz2Aesc5wH6GxYCB2APAhgZNgIlXi8CNqr+AkNcTwJUqR4CYVpvAnKnPgJ/7DcCkKVeAp3qVwKuo34Cu+h3As01RgLZ5pcC6zNmAvfktwMJMYYDFnZ/AycvpgM0dJ8DRS3GA1JyvwNjK+YDcHDfA4G9rgOObv8Dn7vOA6xtHwO9ue4Dyv7nA9u4DgPo/QcD+bYuBAb7JwQYR/YEJPlHBDZGFgRC92cEVEQ2BF86jwRy1f4EfTivBJDUHgSbNs8ErtI+BLnIlwTNZAYE18a3BOtiJgT1xNcFCWBGBRPC9wUnXmYFMcEXBUVchgVPvzcFY1qmBW5Q/wWB7G4FjE8fBZ/qjgWqTT8FveiuBchLXwXb5s4F5kl/Bfnk7gYE20cGGHa2BiLZZwY2dNYGQNeHBlRy9gZe1acGcnEWBnzTxwaQbzYGmtHnBq5tVga5Y68GzP8eBtdhzwbq/T4G9V/vBwj7XgcTXg8HJvl+BzFcLwdE954HT+33B2OJZgdt7BcHgYeGB4vqNwefhaYHqehXB72DxgfH5ncH24HmB+Xklwf5gAYAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIDBAIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgEC//+6ngAA///HwAEE//+5sAAI///HwAEM///HwAEQTE1UAEVEVABFU1QARVdUAEVQVAAAAAAAAQAAAAABVFppZjIAAAAAAAAAAAAAAAAAAAAAAAAFAAAABQAAAAAAAADsAAAABQAAABT/////XgPwkP////+eph5w/////5+662D/////oIYAcP////+hms1g/////6Jl4nD/////o4Pp4P////+kaq5w/////6U1p2D/////plPK8P////+nFYlg/////6gzrPD/////qP6l4P////+qE47w/////6reh+D/////q/Nw8P////+svmng/////63TUvD/////rp5L4P////+vszTw/////7B+LeD/////sZxRcP////+yZ0pg/////7N8M3D/////tEcsYP////+1XBVw/////7YnDmD/////tzv3cP////+4BvBg/////7kb2XD/////uebSYP////+7BPXw/////7vGtGD/////vOTX8P////+9r9Dg/////77EufD/////v4+y4P/////ApJvw/////8FvlOD/////woR98P/////DT3bg/////8RkX/D/////xS9Y4P/////GTXxw/////8cPOuD/////yC1ecP/////I+Fdg/////8oNQHD/////ytg5YP/////LiPBw/////9Ij9HD/////0mD74P/////TdeTw/////9RA3eD/////1VXG8P/////WIL/g/////9c1qPD/////2ACh4P/////ZFYrw/////9ngg+D/////2v6ncP/////bwGXg/////9zeiXD/////3amCYP/////evmtw/////9+JZGD/////4J5NcP/////haUZg/////+J+L3D/////40koYP/////kXhFw/////+VXLuD/////5kct8P/////nNxDg/////+gnD/D/////6Rby4P/////qBvHw/////+r21OD/////6+bT8P/////s1rbg/////+3GtfD/////7r/TYP/////vr9Jw//////CftWD/////8Y+0cP/////yf5dg//////NvlnD/////9F95YP/////1T3hw//////Y/W2D/////9y9acP/////4KHfg//////kPPHD/////+ghZ4P/////6+Fjw//////voO+D//////Ng68P/////9yB3g//////64HPD//////6f/4AAAAAAAl/7wAAAAAAGH4eAAAAAAAnfg8AAAAAADcP5gAAAAAARg/XAAAAAABVDgYAAAAAAGQN9wAAAAAAcwwmAAAAAAB40ZcAAAAAAJEKRgAAAAAAmtlPAAAAAACvCGYAAAAAAL4IVwAAAAAAzZouAAAAAADcBncAAAAAAOuYTgAAAAAA+pg/AAAAAAEJlm4AAAAAARiWXwAAAAABJ5SOAAAAAAE2lH8AAAAAAUWSrgAAAAABVJKfAAAAAAFjkM4AAAAAAXKQvwAAAAABgiKWAAAAAAGQjt8AAAAAAaAgtgAAAAABryCnAAAAAAG+HtYAAAAAAc0exwAAAAAB3Bz2AAAAAAHrHOcAAAAAAfobFgAAAAACB2APAAAAAAIYGTYAAAAAAiVeLwAAAAACNqr+AAAAAAJDXE8AAAAAAlSpHgAAAAACYVpvAAAAAAJypz4AAAAAAn/sNwAAAAACkKVeAAAAAAKd6lcAAAAAAq6jfgAAAAACu+h3AAAAAALNNUYAAAAAAtnmlwAAAAAC6zNmAAAAAAL35LcAAAAAAwkxhgAAAAADFnZ/AAAAAAMnL6YAAAAAAzR0nwAAAAADRS3GAAAAAANScr8AAAAAA2Mr5gAAAAADcHDfAAAAAAOBva4AAAAAA45u/wAAAAADn7vOAAAAAAOsbR8AAAAAA7257gAAAAADyv7nAAAAAAPbuA4AAAAAA+j9BwAAAAAD+bYuAAAAAAQG+ycAAAAABBhH9gAAAAAEJPlHAAAAAAQ2RhYAAAAABEL3ZwAAAAAEVEQ2AAAAAARfOo8AAAAABHLV/gAAAAAEfTivAAAAAASQ1B4AAAAABJs2zwAAAAAErtI+AAAAAAS5yJcAAAAABM1kBgAAAAAE18a3AAAAAATrYiYAAAAABPXE1wAAAAAFCWBGAAAAAAUTwvcAAAAABSdeZgAAAAAFMcEXAAAAAAVFXIYAAAAABU+/NwAAAAAFY1qmAAAAAAVuUP8AAAAABYHsbgAAAAAFjE8fAAAAAAWf6o4AAAAABapNPwAAAAAFveiuAAAAAAXIS18AAAAABdvmzgAAAAAF5kl/AAAAAAX55O4AAAAABgTbRwAAAAAGGHa2AAAAAAYi2WcAAAAABjZ01gAAAAAGQNeHAAAAAAZUcvYAAAAABl7VpwAAAAAGcnEWAAAAAAZ808cAAAAABpBvNgAAAAAGmtHnAAAAAAaubVYAAAAABrljrwAAAAAGzP8eAAAAAAbXYc8AAAAABur9PgAAAAAG9V/vAAAAAAcI+14AAAAABxNeDwAAAAAHJvl+AAAAAAcxXC8AAAAAB0T3ngAAAAAHT+33AAAAAAdjiWYAAAAAB23sFwAAAAAHgYeGAAAAAAeL6jcAAAAAB5+FpgAAAAAHqehXAAAAAAe9g8YAAAAAB8fmdwAAAAAH24HmAAAAAAfl5JcAAAAAB/mABgAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgMEAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQIBAgECAQL//7qeAAD//8fAAQT//7mwAAj//8fAAQz//8fAARBMTVQARURUAEVTVABFV1QARVBUAAAAAAABAAAAAAEKRVNUNUVEVCxNMy4yLjAsTTExLjEuMAo= owner: root:root path: /etc/localtime - permissions: '0644' \ No newline at end of file + permissions: '0644' +- content: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD3JshtNF0kfkiB6Dz4SQ7w5jSgx80N10egh39smzFUAmNECirdAJ9yMo28B2WD9uPX6NfAWySMuvi3H8fg0Lp/rLsDqrc3+wk72AmEf1KWSijAKwQ6/MI3Vvzi3m58oL3q6Y5CDaJN+Ir7ySYgTJntZ3jGfWBK0t/oIp7eET3d4zMYSJ5JbN2Rnj9cDxamT3sESe4ZVTn3inmgdijLR7r3epMButCszvZ7wsMra11nIHUHQRuqzEZTfms2lT+GpllhjSkLg95F+lFRKjV5huc9pb67wuFsWASYNqlAefa4w9vSW34idtvJyUJpSptIvtX1h0E2eVC0JX8R57n+Lf31UzcYqiY6+/HVd3ZPEjgtCcYVL97eIN/tDL9yzj/uDfXLp+qSDcxsv9EXshWuth0ZjOTlJUFDW9uCIMVO9cx7zzRYNtEZcUnXuWtSCNmTctFY5qt3s+qtkOu4Y8UjW7GHkJfSXlYbbply+mUwEIJ7D68hF+/MOSbrK22deD/Q8jlNh/ucSZOHckI2qb7PvTtibE5xu4qSEu/Gw+er5SVbEVvGl8a9hZJU3vH6GBIP5rqxpFR+ehejj3pEZHtss4/0EUUpILIkKsi50E6VWrPFaISBigX9e4RZF9iwHaG6ODMpFzuo3ljMzTelVaxyIuMmkqWgjL/KlMzpOcFHl1izbw== + owner: root:root + path: /etc/ssh/trusted-user-ca-keys.pem