ignition.ign

{
  "ignition": {
    "config": {},
    "security": {
      "tls": {}
    },
    "timeouts": {},
    "version": "2.3.0"
  },
  "networkd": {
    "units": [
      {
        "contents": "[NetDev]\nName=james\nKind=bond\n\n[Bond]\nMode=802.3ad\nTransmitHashPolicy=layer3+4\nMIIMonitorSec=1s\nLACPTransmitRate=fast\n",
        "name": "25-jamesbond.netdev"
      },
      {
        "contents": "[Match]\nName=eno*\n\n[Network]\nBond=james\n",
        "name": "james.network"
      },
      {
        "contents": "[Match]\nName=james\n\n[Network]\nDHCP=yes\n",
        "name": "james_dhcp.network"
      }
    ]
  },
  "passwd": {
    "users": [
      {
        "name": "core",
        "sshAuthorizedKeys": [
          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCgakqOKbhaZe7ku2SOmHCrOCeAx//4PQy/nB6jSqIv94yDcyTcnxlJGhcoWdDFUzesFSYLvO63qgm5oA7ApFw413+R/M4FKuq4afhakSn8srthpW1gwI148hF+a8ugcz6h+COXEzOBdJLE0EUGcvKlI79+oF3h/egoO/2gLH0Pi5q5WQxkNXHBLUhZX4jU6uwS22ot4ThiAFKluB+/Asfvbd8ghZ0RDI6Q7H/yAKMp3E/CgA+xFQoTwybcUMm3e6ACJWD00yRczWapwv9ohaINac0ssym/3bFJZArW7foFgI0pyR56/s/0hWaGnA/nsTTHWs/HQ+324opm/a+908zv"
        ]
      }
    ]
  },
  "storage": {
    "files": [
      {
        "filesystem": "root",
        "overwrite": true,
        "path": "/etc/selinux/config",
        "contents": {
          "source": "data:,SELINUX%3Dpermissive%0ASELINUXTYPE%3Dtargeted",
          "verification": {}
        },
        "mode": 420
      },
      {
        "filesystem": "root",
        "group": {
          "name": "root"
        },
        "path": "/opt/bin/k3s",
        "user": {
          "name": "root"
        },
        "contents": {
          "source": "https://github.com/rancher/k3s/releases/download/v1.18.8%2Bk3s1/k3s",
          "verification": {
            "hash": "sha512-1d9d460763784146d0ecfb8ccda26122e8fe5fc1d4e89f5829e6ef8f61a751e44dc62d167baf3abd407561d9a979b50e59805389b01a860f48c2f5641920c5b3"
          }
        },
        "mode": 493
      },
      {
        "filesystem": "root",
        "group": {
          "name": "root"
        },
        "path": "/opt/bin/k_params",
        "user": {
          "name": "root"
        },
        "contents": {
          "source": "https://raw.githubusercontent.com/mcsaucy/k_params/master/k_params",
          "verification": {}
        },
        "mode": 493
      },
      {
        "filesystem": "root",
        "group": {
          "name": "root"
        },
        "path": "/opt/bin/namecheap_update",
        "user": {
          "name": "root"
        },
        "contents": {
          "source": "https://raw.githubusercontent.com/mcsaucy/ddns_scripts/master/namecheap.sh",
          "verification": {}
        },
        "mode": 493
      }
    ],
    "links": [
      {
        "filesystem": "root",
        "path": "/opt/bin/kubectl",
        "target": "/opt/bin/k3s"
      }
    ]
  },
  "systemd": {
    "units": [
      {
        "contents": "[Unit]\nDescription=Set hostname based upon kernel commandline\nConditionKernelCommandLine=hostname\n\n[Install]\nWantedBy=k3s.service\n\n[Service]\nExecStart=/bin/bash -c 'hostnamectl set-hostname --static \"$(/opt/bin/k_params hostname)\"'\nTimeoutStartSec=0\nRestart=on-failure\nRestartSec=30s\n",
        "enabled": true,
        "name": "sethostname.service"
      },
      {
        "contents": "[Unit]\nDescription=Lightweight Kubernetes\nDocumentation=https://k3s.io\nAfter=network-online.target\nConditionFileNotEmpty=/secrets/k3s_env\n\n[Install]\nWantedBy=multi-user.target\n\n[Service]\nType=notify\nKillMode=process\nDelegate=yes\nLimitNOFILE=1048576\nLimitNPROC=infinity\nLimitCORE=infinity\nTasksMax=infinity\nTimeoutStartSec=0\nRestart=always\nRestartSec=5s\nEnvironmentFile=/secrets/k3s_env\nExecStartPre=-/sbin/modprobe br_netfilter\nExecStartPre=-/sbin/modprobe overlay\nExecStart=/opt/bin/k3s server\n",
        "enabled": true,
        "name": "k3s.service"
      },
      {
        "contents": "[Unit]\nDescription=Log Exporter\nAfter=systemd-journald.service\nRequires=systemd-journald.service\nConditionFileNotEmpty=/secrets/logexport_env\n\n[Service]\nEnvironmentFile=/secrets/logexport_env\nExecStart=/bin/sh -c 'journalctl -f | ncat --ssl \"${LOGEXPORT_HOST}\" \"${LOGEXPORT_PORT}\"'\nTimeoutStartSec=0\nRestart=on-failure\nRestartSec=5s\n\n[Install]\nWantedBy=multi-user.target\n",
        "enabled": true,
        "name": "logexport.service"
      },
      {
        "contents": "[Unit]\nDescription=Monitoring Heartbeat Pulse\nRequires=network-online.target\nConditionFileNotEmpty=/secrets/heartbeat_env\n\n[Service]\nEnvironmentFile=/secrets/heartbeat_env\nExecStart=/bin/sh -c 'wget --spider \"${HEARTBEAT_URL}\" \u003e/dev/null 2\u003e\u00261'\nTimeoutStartSec=0\nRestart=on-failure\nRestartSec=5s\n\n[Install]\nWantedBy=multi-user.target\n",
        "enabled": true,
        "name": "heartbeat.service"
      },
      {
        "contents": "[Unit]\nDescription=Set the primary hostname via DDNS\nRequires=network-online.target k3s.service\nConditionFileNotEmpty=/secrets/namecheap_ddns_env\n\n[Service]\nEnvironmentFile=/secrets/namecheap_ddns_env\nExecStart=/bin/sh -c '/opt/bin/kubectl get nodes/$(hostname) | grep -q Ready \u0026\u0026 /opt/bin/namecheap_update \"${NAMECHEAP_DDNS_INTERFACE:-james}\" \"primary.$(hostname -d)\"'\nTimeoutStartSec=0\nRestart=on-failure\nRestartSec=1m\n\n[Install]\nWantedBy=multi-user.target\n",
        "enabled": true,
        "name": "primary_ddns.service"
      },
      {
        "contents": "[Unit]\nDescription=Update our host's dynamic DNS record\nAfter=sethostname.service\nRequires=network-online.target\nConditionFileNotEmpty=/secrets/namecheap_ddns_env\n\n[Service]\nEnvironmentFile=/secrets/namecheap_ddns_env\nExecStart=/bin/sh -c '[ \"$(hostname)\" != localhost ] \u0026\u0026 /opt/bin/namecheap_update \"${NAMECHEAP_DDNS_INTERFACE:-james}\"'\nTimeoutStartSec=0\nRestart=always\nRestartSec=10m\n\n[Install]\nWantedBy=multi-user.target\n",
        "enabled": true,
        "name": "host_ddns.service"
      },
      {
        "contents": "[Unit]\nDescription=Run Heartbeat every 5 minutes\nRequires=heartbeat.service\n\n[Timer]\nUnit=heartbeat.service\nOnUnitInactiveSec=5m\nAccuracySec=10s\n\n[Install]\nWantedBy=timers.target\n",
        "enabled": true,
        "name": "heartbeat.timer"
      },
      {
        "contents": "[Unit]\nDescription=Run primary_ddns every 5 minutes\nRequires=primary_ddns.service\n\n[Timer]\nUnit=primary_ddns.service\nOnUnitInactiveSec=5m\nAccuracySec=10s\n\n[Install]\nWantedBy=timers.target\n",
        "enabled": true,
        "name": "primary_ddns.timer"
      },
      {
        "contents": "[Unit]\nDescription=Secrets\n\n[Mount]\nWhat=/dev/disk/by-label/secrets\nWhere=/secrets\nOptions=ro\nDirectoryMode=0700\n\n[Install]\nWantedBy=k3s.service\n",
        "enabled": true,
        "name": "secrets.mount"
      }
    ]
  }
}