78 lines
2.8 KiB
Django/Jinja
78 lines
2.8 KiB
Django/Jinja
variant: fcos
|
|
version: 1.5.0
|
|
passwd:
|
|
users:
|
|
- name: root
|
|
password_hash: "{{ vm_password | password_hash('sha512') }}"
|
|
ssh_authorized_keys:
|
|
- "{{ lookup('file', vm_ssh_public_key) | trim }}"
|
|
storage:
|
|
files:
|
|
- path: /etc/ssh/sshd_config.d/permit_root_login.conf
|
|
mode: 0644
|
|
contents:
|
|
inline: PermitRootLogin yes
|
|
systemd:
|
|
units:
|
|
# 1. Einmaliger Dienst, der das Subvolume "@home" physisch auf der Platte anlegt
|
|
- name: create-home-subvolume.service
|
|
enabled: true
|
|
contents: |
|
|
[Unit]
|
|
Description=Create Btrfs Subvolume for Home (Once)
|
|
After=local-fs-pre.target
|
|
Before=home.mount
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStartPre=/usr/bin/mkdir -p /run/mnt-root-init
|
|
ExecStartPre=/usr/bin/mount -o subvolid=5 /dev/disk/by-label/ROOT /run/mnt-root-init
|
|
# Hier werden die Subvolumes @home angelegt, falls sie nicht existieren
|
|
ExecStart=/usr/bin/bash -c "for sub in @home; do [ -d /run/mnt-root-init/\$$sub ] || /usr/sbin/btrfs subvolume create /run/mnt-root-init/$$sub; done"
|
|
ExecStartPost=/usr/bin/umount /run/mnt-root-init
|
|
ExecStartPost=/usr/bin/rmdir /run/mnt-root-init
|
|
RemainAfterExit=true
|
|
|
|
[Install]
|
|
RequiredBy=home.mount
|
|
# Der Name der Unit MUSS exakt dem Pfad entsprechen (aus /home wird home.mount)
|
|
- name: home.mount
|
|
enabled: true
|
|
contents: |
|
|
[Unit]
|
|
Description=Mount Separates Home Laufwerk
|
|
Before=local-fs.target
|
|
|
|
[Mount]
|
|
What=/dev/disk/by-label/ROOT
|
|
Where=/home
|
|
Type=btrfs
|
|
Options=defaults,subvol=@home
|
|
|
|
[Install]
|
|
WantedBy=local-fs.target
|
|
# HIER wird der zusätzliche User sicher angelegt, NACHDEM /home gemountet ist
|
|
- name: create-custom-users.service
|
|
enabled: true
|
|
contents: |
|
|
[Unit]
|
|
Description=Create Additional System Users safely after Mounts
|
|
After=home.mount
|
|
Requires=home.mount
|
|
Before=multi-user.target
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
# Legt den User an, setzt das Home-Verzeichnis, fügt ihn zu wheel (sudo) hinzu und setzt den SSH Key
|
|
ExecStart=/usr/bin/bash -c "\
|
|
/usr/sbin/useradd -m -s /bin/bash {{ vm_user }} && \
|
|
/usr/sbin/usermod -p '{{ vm_password | password_hash('sha512') }}' {{ vm_user }} && \
|
|
/usr/bin/mkdir -p /home/{{ vm_user }}/.ssh && \
|
|
/usr/bin/echo '{{ lookup('file', vm_ssh_public_key) | trim }}' > /home/{{ vm_user }}/.ssh/authorized_keys && \
|
|
/usr/bin/chown -R {{ vm_user }}:{{ vm_user }} /home/{{ vm_user }}/.ssh && \
|
|
/usr/bin/chmod 700 /home/{{ vm_user }}/.ssh && \
|
|
/usr/bin/chmod 600 /home/{{ vm_user }}/.ssh/authorized_keys"
|
|
RemainAfterExit=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target |