-
Notifications
You must be signed in to change notification settings - Fork 39
/
Copy pathsystem-config.ign
52 lines (52 loc) · 2.89 KB
/
system-config.ign
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
{
"ignition": {
"version": "3.3.0"
},
"storage": {
"files": [
{
"path": "/var/lib/iptables/rules-save",
"contents": {
"compression": "gzip",
"source": "data:;base64,H4sIAAAAAAAC/5SQQUvEMBCF7/0VcxYHUlxEeotNxMKuKdksHsRDyEaMZjehOx7899JtlSr20NOD974vkLl4CZF8V1TNQ7szILRq4YlV7Lmo7pR+5Fr86tTO9Biva9masUQOg4wBYgJ8G+fJcACXjkfqrHsHREcnsuRByzU3UlzKreG362Z7L8W/doaPfe4fOQfuc+oIVuX1qpzBgzuc+SGxD6TP7IEtFa6WCjdLhfLPJ76vjgE8vTLABGRDPDkbPZtFp0gaxR+0VptNY4qvAAAA//9Y7QzJ6wEAAA=="
},
"mode": 420
},
{
"overwrite": true,
"path": "/etc/flatcar/update.conf",
"contents": {
"compression": "gzip",
"source": "data:;base64,H4sIAAAAAAAC/wpydfL3D4kPDglyDHF1j7QtSk3Kzy/h8vF39g729QzxcImHqgj39HPxD48PDnEMCrE1MLIyMMCtyMfVzz3Ew9YwQwEOuAABAAD//xtak2VpAAAA"
},
"mode": 272
}
],
"links": [
{
"overwrite": true,
"path": "/etc/localtime",
"target": "/usr/share/zoneinfo/Etc/UTC"
}
]
},
"systemd": {
"units": [
{
"contents": "[Unit]\nDescription=Tailscale Docker Container\nAfter=docker.service\nRequires=docker.service\n\n[Service]\nExecStart=/usr/bin/docker run \\\n --name tailscale \\\n --rm \\\n --hostname vpn-server \\\n --network host \\\n --label com.centurylinklabs.watchtower.enable=true \\\n -e TS_AUTHKEY=ENTER_TAILSCALE_AUTH_KEY_HERE \\\n -e TS_STATE_DIR=/var/lib/tailscale \\\n -e TS_USERSPACE=false \\\n -e TS_EXTRA_ARGS=\"--advertise-exit-node\" \\\n -e TS_TAILSCALED_EXTRA_ARGS=\"--port=41641 --no-logs-no-support\" \\\n -v tailscale:/var/lib/tailscale \\\n --device=/dev/net/tun:/dev/net/tun \\\n --cap-add=NET_ADMIN \\\n ghcr.io/tailscale/tailscale:latest\nExecStop=/usr/bin/docker stop tailscale\nRestart=always\nRestartSec=5\n\n[Install]\nWantedBy=multi-user.target\n",
"enabled": true,
"name": "tailscale.service"
},
{
"contents": "[Unit]\nDescription=Watchtower Docker Container Auto-Updater\nAfter=docker.service\nRequires=docker.service\n\n[Service]\nExecStart=/usr/bin/docker run \\\n --name watchtower \\\n --rm \\\n --label com.centurylinklabs.watchtower.enable=true \\\n -e WATCHTOWER_LABEL_ENABLE=true \\\n -e WATCHTOWER_CLEANUP=true \\\n -e WATCHTOWER_NO_RESTART=true \\\n -v /var/run/docker.sock:/var/run/docker.sock \\\n ghcr.io/containrrr/watchtower:latest\nExecStop=/usr/bin/docker stop watchtower\nRestart=always\nRestartSec=5\n\n[Install]\nWantedBy=multi-user.target\n",
"enabled": true,
"name": "watchtower.service"
},
{
"contents": "[Unit]\nDescription=Restore iptables rules\nAfter=network.target\n\n[Service]\nType=oneshot\nExecStart=/sbin/iptables-restore -n /var/lib/iptables/rules-save\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target",
"enabled": true,
"name": "iptables-restore.service"
}
]
}
}