dhoppe/ignition.json

## ignition.json
{
  "ignition": {
    "config": {},
    "security": {
      "tls": {}
    },
    "timeouts": {},
    "version": "2.2.0"
  },
  "networkd": {
    "units": [
      {
        "contents": "[Match]\nName=eth*\n\n[Network]\nDHCP=yes\nLinkLocalAddressing=no\nIPv6AcceptRA=no\n",
        "name": "20-dhcp.network"
      }
    ]
  },
  "passwd": {
    "users": [
      {
        "name": "core",
        "sshAuthorizedKeys": [
          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDqvjv4ecwn6MB/gy/FeNpDipQ4CUur2fv9D4/jkOIhkYIxEcP0qqmPoQopB+HzcetusvoFBfsgWeRVGNc4n9WPgDMcHIKosOHlHj68swzHDJWT5PZ5JX6M+hfysG8vGy4yXaSsDYIHPHp91m1yx6FXOO71xXh5CnDDGGiA1+LVjs3pqfV5zfvxcKv2R7V8XpYqYq73HHrdYHIeM4URBADt00hDnm3jngxkRj3PbZVYvkNtvcQCeW2G+FNca+JTqd3YYF7RZxbPF1n2RNoZtiFc14aRvpOGRDFLW50JL1XOx3qr8UhNqRRGXxcYKhtnXaDb82qZH/n7nbminCuHBAlybUQkj0GSgY6VgZHnXFj5IFrp91WNrRfFOEmPGIEGTPt0qs3EzDMaoUiXkqkrnF10/KjDLrJmqV53sbCm1E/r+xl1bWSADJYl7AGn/xQ66Y0qwHc5Du4WE+H+n+CLZ3x9XT0zeN4U5iFrFysjkZ2LLLoH7DwKD2aB9nTojqVe0xRtFWtN/mZsImaBgomzG4dyTQdPB3KhwzL8Z5HNmsyWyDYODJjEENx427wr25ACLjv2Dmo0dK35FOI9acnYCynFNddoJ/lP4phN+hCEFw0ZDRfSa43ar18fqMTC0OIm2TgLjtalq0zRmhiY++Zv6sDIj5fVtwdkRxK960S2gTl5Xw== Hetzner Cloud"
        ]
      }
    ]
  },
  "storage": {
    "files": [
      {
        "filesystem": "root",
        "group": {
          "id": 0
        },
        "path": "/etc/ssh/sshd_config",
        "user": {
          "id": 0
        },
        "contents": {
          "source": "data:,Subsystem%20sftp%20internal-sftp%0AClientAliveInterval%20300%0AClientAliveCountMax%200%0AUseDNS%20no%0AUsePAM%20yes%0APrintLastLog%20no%0APrintMotd%20no%0APermitRootLogin%20no%0APasswordAuthentication%20no%0AKexAlgorithms%20curve25519-sha256%2Ccurve25519-sha256%40libssh.org%2Cecdh-sha2-nistp256%2Cecdh-sha2-nistp384%2Cecdh-sha2-nistp521%2Cdiffie-hellman-group-exchange-sha256%2Cdiffie-hellman-group16-sha512%2Cdiffie-hellman-group18-sha512%2Cdiffie-hellman-group14-sha256%0AHostKeyAlgorithms%20ecdsa-sha2-nistp256-cert-v01%40openssh.com%2Cecdsa-sha2-nistp384-cert-v01%40openssh.com%2Cecdsa-sha2-nistp521-cert-v01%40openssh.com%2Cssh-ed25519-cert-v01%40openssh.com%2Crsa-sha2-512-cert-v01%40openssh.com%2Crsa-sha2-256-cert-v01%40openssh.com%2Cssh-rsa-cert-v01%40openssh.com%2Cecdsa-sha2-nistp256%2Cecdsa-sha2-nistp384%2Cecdsa-sha2-nistp521%2Cssh-ed25519%2Crsa-sha2-512%2Crsa-sha2-256%2Cssh-rsa%0ACiphers%20chacha20-poly1305%40openssh.com%2Caes128-ctr%2Caes192-ctr%2Caes256-ctr%2Caes128-gcm%40openssh.com%2Caes256-gcm%40openssh.com%0AMACs%20umac-128-etm%40openssh.com%2Chmac-sha2-256-etm%40openssh.com%2Chmac-sha2-512-etm%40openssh.com%2Cumac-128%40openssh.com%2Chmac-sha2-256%2Chmac-sha2-512%0A",
          "verification": {}
        },
        "mode": 384
      },
      {
        "filesystem": "root",
        "group": {
          "id": 0
        },
        "path": "/etc/hostname",
        "user": {
          "id": 0
        },
        "contents": {
          "source": "data:,core01",
          "verification": {}
        },
        "mode": 420
      },
      {
        "filesystem": "root",
        "group": {
          "id": 0
        },
        "path": "/var/lib/iptables/rules-save",
        "user": {
          "id": 0
        },
        "contents": {
          "source": "data:,*filter%0A%3AINPUT%20DROP%20%5B0%3A0%5D%0A%3AFORWARD%20DROP%20%5B0%3A0%5D%0A%3AOUTPUT%20ACCEPT%20%5B0%3A0%5D%0A-A%20INPUT%20-i%20lo%20-j%20ACCEPT%0A-A%20INPUT%20-i%20eth1%20-j%20ACCEPT%0A-A%20INPUT%20-m%20conntrack%20--ctstate%20RELATED%2CESTABLISHED%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20-m%20tcp%20--dport%2022%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20-m%20tcp%20--dport%2080%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20-m%20tcp%20--dport%20443%20-j%20ACCEPT%0A-A%20INPUT%20-p%20icmp%20-m%20icmp%20--icmp-type%200%20-j%20ACCEPT%0A-A%20INPUT%20-p%20icmp%20-m%20icmp%20--icmp-type%203%20-j%20ACCEPT%0A-A%20INPUT%20-p%20icmp%20-m%20icmp%20--icmp-type%2011%20-j%20ACCEPT%0ACOMMIT%0A",
          "verification": {}
        },
        "mode": 420
      },
      {
        "filesystem": "root",
        "group": {
          "id": 0
        },
        "path": "/etc/sysctl.d/10-disable-ipv6.conf",
        "user": {
          "id": 0
        },
        "contents": {
          "source": "data:,net.ipv6.conf.all.disable_ipv6%3D1%0Anet.ipv6.conf.default.disable_ipv6%3D1%0A",
          "verification": {}
        },
        "mode": 420
      },
      {
        "filesystem": "root",
        "path": "/etc/coreos/update.conf",
        "contents": {
          "source": "data:,%0AREBOOT_STRATEGY%3D%22etcd-lock%22%0ALOCKSMITHD_REBOOT_WINDOW_START%3D%22Sun%2004%3A00%22%0ALOCKSMITHD_REBOOT_WINDOW_LENGTH%3D%221h%22",
          "verification": {}
        },
        "mode": 420
      }
    ]
  },
  "systemd": {
    "units": [
      {
        "contents": "[Unit]\nDescription=Docker Socket for the API\n\n[Socket]\nListenStream=2375\nBindIPv6Only=both\nService=docker.service\n\n[Install]\nWantedBy=sockets.target\n",
        "enabled": true,
        "name": "docker-tcp.socket"
      },
      {
        "dropins": [
          {
            "contents": "[Unit]\nRequires=metadata.service\nAfter=metadata.service\n\n[Service]\nEnvironmentFile=/run/metadata/coreos\nEnvironment=\"ETCD_IMAGE_TAG=v3.3.13\"\nExecStart=\nExecStart=/usr/lib/coreos/etcd-wrapper $ETCD_OPTS \\\n  --name=\"${COREOS_CUSTOM_HOSTNAME}\" \\\n  --initial-advertise-peer-urls=\"http://${COREOS_CUSTOM_PRIVATE_IPV4}:2380\" \\\n  --listen-peer-urls=\"http://${COREOS_CUSTOM_PRIVATE_IPV4}:2380\" \\\n  --listen-client-urls=\"http://${COREOS_CUSTOM_PRIVATE_IPV4}:2379,http://127.0.0.1:2379\" \\\n  --advertise-client-urls=\"http://${COREOS_CUSTOM_PRIVATE_IPV4}:2379\" \\\n  --discovery=\"https://discovery.etcd.io/827ac98b1b95085bd3dae877305d5151\"\n",
            "name": "20-clct-etcd-member.conf"
          }
        ],
        "enabled": true,
        "name": "etcd-member.service"
      },
      {
        "enabled": true,
        "name": "iptables-restore.service"
      },
      {
        "enabled": true,
        "name": "locksmithd.service"
      },
      {
        "contents": "[Unit]\nDescription=Custom metadata agent\n\n[Service]\nType=oneshot\nEnvironment=OUTPUT=/run/metadata/coreos\nExecStart=/usr/bin/mkdir --parent /run/metadata\nExecStart=/usr/bin/bash -c 'echo -e \"COREOS_CUSTOM_HOSTNAME=$(curl -s http://169.254.169.254/hetzner/v1/metadata/hostname)\\nCOREOS_CUSTOM_PUBLIC_IPV4=$(curl -s http://169.254.169.254/hetzner/v1/metadata/public-ipv4)\\nCOREOS_CUSTOM_PRIVATE_IPV4=$(curl -s http://169.254.169.254/hetzner/v1/metadata/private-networks | grep 'ip:' | cut -d: -f2 | sed \\\"s/ //g\\\")\" \u003e ${OUTPUT}'\n\n[Install]\nWantedBy=multi-user.target\n",
        "enabled": true,
        "name": "metadata.service"
      }
    ]
  }
}
	{
	"ignition": {
	"config": {},
	"security": {
	"tls": {}
	},
	"timeouts": {},
	"version": "2.2.0"
	},
	"networkd": {
	"units": [
	{
	"contents": "[Match]\nName=eth*\n\n[Network]\nDHCP=yes\nLinkLocalAddressing=no\nIPv6AcceptRA=no\n",
	"name": "20-dhcp.network"
	}
	]
	},
	"passwd": {
	"users": [
	{
	"name": "core",
	"sshAuthorizedKeys": [
	"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDqvjv4ecwn6MB/gy/FeNpDipQ4CUur2fv9D4/jkOIhkYIxEcP0qqmPoQopB+HzcetusvoFBfsgWeRVGNc4n9WPgDMcHIKosOHlHj68swzHDJWT5PZ5JX6M+hfysG8vGy4yXaSsDYIHPHp91m1yx6FXOO71xXh5CnDDGGiA1+LVjs3pqfV5zfvxcKv2R7V8XpYqYq73HHrdYHIeM4URBADt00hDnm3jngxkRj3PbZVYvkNtvcQCeW2G+FNca+JTqd3YYF7RZxbPF1n2RNoZtiFc14aRvpOGRDFLW50JL1XOx3qr8UhNqRRGXxcYKhtnXaDb82qZH/n7nbminCuHBAlybUQkj0GSgY6VgZHnXFj5IFrp91WNrRfFOEmPGIEGTPt0qs3EzDMaoUiXkqkrnF10/KjDLrJmqV53sbCm1E/r+xl1bWSADJYl7AGn/xQ66Y0qwHc5Du4WE+H+n+CLZ3x9XT0zeN4U5iFrFysjkZ2LLLoH7DwKD2aB9nTojqVe0xRtFWtN/mZsImaBgomzG4dyTQdPB3KhwzL8Z5HNmsyWyDYODJjEENx427wr25ACLjv2Dmo0dK35FOI9acnYCynFNddoJ/lP4phN+hCEFw0ZDRfSa43ar18fqMTC0OIm2TgLjtalq0zRmhiY++Zv6sDIj5fVtwdkRxK960S2gTl5Xw== Hetzner Cloud"
	]
	}
	]
	},
	"storage": {
	"files": [
	{
	"filesystem": "root",
	"group": {
	"id": 0
	},
	"path": "/etc/ssh/sshd_config",
	"user": {
	"id": 0
	},
	"contents": {
	"source": "data:,Subsystem%20sftp%20internal-sftp%0AClientAliveInterval%20300%0AClientAliveCountMax%200%0AUseDNS%20no%0AUsePAM%20yes%0APrintLastLog%20no%0APrintMotd%20no%0APermitRootLogin%20no%0APasswordAuthentication%20no%0AKexAlgorithms%20curve25519-sha256%2Ccurve25519-sha256%40libssh.org%2Cecdh-sha2-nistp256%2Cecdh-sha2-nistp384%2Cecdh-sha2-nistp521%2Cdiffie-hellman-group-exchange-sha256%2Cdiffie-hellman-group16-sha512%2Cdiffie-hellman-group18-sha512%2Cdiffie-hellman-group14-sha256%0AHostKeyAlgorithms%20ecdsa-sha2-nistp256-cert-v01%40openssh.com%2Cecdsa-sha2-nistp384-cert-v01%40openssh.com%2Cecdsa-sha2-nistp521-cert-v01%40openssh.com%2Cssh-ed25519-cert-v01%40openssh.com%2Crsa-sha2-512-cert-v01%40openssh.com%2Crsa-sha2-256-cert-v01%40openssh.com%2Cssh-rsa-cert-v01%40openssh.com%2Cecdsa-sha2-nistp256%2Cecdsa-sha2-nistp384%2Cecdsa-sha2-nistp521%2Cssh-ed25519%2Crsa-sha2-512%2Crsa-sha2-256%2Cssh-rsa%0ACiphers%20chacha20-poly1305%40openssh.com%2Caes128-ctr%2Caes192-ctr%2Caes256-ctr%2Caes128-gcm%40openssh.com%2Caes256-gcm%40openssh.com%0AMACs%20umac-128-etm%40openssh.com%2Chmac-sha2-256-etm%40openssh.com%2Chmac-sha2-512-etm%40openssh.com%2Cumac-128%40openssh.com%2Chmac-sha2-256%2Chmac-sha2-512%0A",
	"verification": {}
	},
	"mode": 384
	},
	{
	"filesystem": "root",
	"group": {
	"id": 0
	},
	"path": "/etc/hostname",
	"user": {
	"id": 0
	},
	"contents": {
	"source": "data:,core01",
	"verification": {}
	},
	"mode": 420
	},
	{
	"filesystem": "root",
	"group": {
	"id": 0
	},
	"path": "/var/lib/iptables/rules-save",
	"user": {
	"id": 0
	},
	"contents": {
	"source": "data:,*filter%0A%3AINPUT%20DROP%20%5B0%3A0%5D%0A%3AFORWARD%20DROP%20%5B0%3A0%5D%0A%3AOUTPUT%20ACCEPT%20%5B0%3A0%5D%0A-A%20INPUT%20-i%20lo%20-j%20ACCEPT%0A-A%20INPUT%20-i%20eth1%20-j%20ACCEPT%0A-A%20INPUT%20-m%20conntrack%20--ctstate%20RELATED%2CESTABLISHED%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20-m%20tcp%20--dport%2022%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20-m%20tcp%20--dport%2080%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20-m%20tcp%20--dport%20443%20-j%20ACCEPT%0A-A%20INPUT%20-p%20icmp%20-m%20icmp%20--icmp-type%200%20-j%20ACCEPT%0A-A%20INPUT%20-p%20icmp%20-m%20icmp%20--icmp-type%203%20-j%20ACCEPT%0A-A%20INPUT%20-p%20icmp%20-m%20icmp%20--icmp-type%2011%20-j%20ACCEPT%0ACOMMIT%0A",
	"verification": {}
	},
	"mode": 420
	},
	{
	"filesystem": "root",
	"group": {
	"id": 0
	},
	"path": "/etc/sysctl.d/10-disable-ipv6.conf",
	"user": {
	"id": 0
	},
	"contents": {
	"source": "data:,net.ipv6.conf.all.disable_ipv6%3D1%0Anet.ipv6.conf.default.disable_ipv6%3D1%0A",
	"verification": {}
	},
	"mode": 420
	},
	{
	"filesystem": "root",
	"path": "/etc/coreos/update.conf",
	"contents": {
	"source": "data:,%0AREBOOT_STRATEGY%3D%22etcd-lock%22%0ALOCKSMITHD_REBOOT_WINDOW_START%3D%22Sun%2004%3A00%22%0ALOCKSMITHD_REBOOT_WINDOW_LENGTH%3D%221h%22",
	"verification": {}
	},
	"mode": 420
	}
	]
	},
	"systemd": {
	"units": [
	{
	"contents": "[Unit]\nDescription=Docker Socket for the API\n\n[Socket]\nListenStream=2375\nBindIPv6Only=both\nService=docker.service\n\n[Install]\nWantedBy=sockets.target\n",
	"enabled": true,
	"name": "docker-tcp.socket"
	},
	{
	"dropins": [
	{
	"contents": "[Unit]\nRequires=metadata.service\nAfter=metadata.service\n\n[Service]\nEnvironmentFile=/run/metadata/coreos\nEnvironment=\"ETCD_IMAGE_TAG=v3.3.13\"\nExecStart=\nExecStart=/usr/lib/coreos/etcd-wrapper $ETCD_OPTS \\\n --name=\"${COREOS_CUSTOM_HOSTNAME}\" \\\n --initial-advertise-peer-urls=\"http://${COREOS_CUSTOM_PRIVATE_IPV4}:2380\" \\\n --listen-peer-urls=\"http://${COREOS_CUSTOM_PRIVATE_IPV4}:2380\" \\\n --listen-client-urls=\"http://${COREOS_CUSTOM_PRIVATE_IPV4}:2379,http://127.0.0.1:2379\" \\\n --advertise-client-urls=\"http://${COREOS_CUSTOM_PRIVATE_IPV4}:2379\" \\\n --discovery=\"https://discovery.etcd.io/827ac98b1b95085bd3dae877305d5151\"\n",
	"name": "20-clct-etcd-member.conf"
	}
	],
	"enabled": true,
	"name": "etcd-member.service"
	},
	{
	"enabled": true,
	"name": "iptables-restore.service"
	},
	{
	"enabled": true,
	"name": "locksmithd.service"
	},
	{
	"contents": "[Unit]\nDescription=Custom metadata agent\n\n[Service]\nType=oneshot\nEnvironment=OUTPUT=/run/metadata/coreos\nExecStart=/usr/bin/mkdir --parent /run/metadata\nExecStart=/usr/bin/bash -c 'echo -e \"COREOS_CUSTOM_HOSTNAME=$(curl -s http://169.254.169.254/hetzner/v1/metadata/hostname)\\nCOREOS_CUSTOM_PUBLIC_IPV4=$(curl -s http://169.254.169.254/hetzner/v1/metadata/public-ipv4)\\nCOREOS_CUSTOM_PRIVATE_IPV4=$(curl -s http://169.254.169.254/hetzner/v1/metadata/private-networks \| grep 'ip:' \| cut -d: -f2 \| sed \\\"s/ //g\\\")\" \u003e ${OUTPUT}'\n\n[Install]\nWantedBy=multi-user.target\n",
	"enabled": true,
	"name": "metadata.service"
	}
	]
	}
	}