Update ignition files

2026-02-08 11:04:02 +00:00
parent 986f18c8a5
commit 7575a1f666
6 changed files with 101 additions and 11 deletions
--- a/ignition/base-install-supporting-services.bu
+++ b/ignition/base-install-supporting-services.bu
@@ -1,5 +1,5 @@
 # Depends on base-install-docker
-# Installs Komodo Periphery, Telegraf and Certbot
+# Installs Komodo Periphery, Telegraf, sops and step-ca
 variant: fcos
 version: 1.6.0

@@ -10,7 +10,14 @@ storage:
        name: core
      group:
        name: docker
+    # Create sops config directory
+    - path: /var/home/core/.config/sops/age
+      user:
+        name: core
+      group:
+        name: core
  files:
+    # Configure telegraf
    - path: /var/docker/.supporting-services/telegraf/telegraf.conf
      user:
        name: core
@@ -18,6 +25,7 @@ storage:
        name: docker
      contents:
        source: https://git.mrmeeb.stream/mrmeeb-labs/supporting-services/telegraf.conf
+    # Add docker compose file
    - path: /var/docker/.supporting-services/komodo/repos/mrmeeb-labs/supporting-services/docker-compose.yml
      user:
        name: core
@@ -25,6 +33,7 @@ storage:
        name: docker
      contents:
        source: https://git.mrmeeb.stream/mrmeeb-labs/supporting-services/raw/branch/main/docker-compose.yml
+    # Add .env file
    - path: /var/docker/.supporting-services/komodo/repos/mrmeeb-labs/supporting-services/.env
      user:
        name: core
@@ -32,15 +41,21 @@ storage:
        name: docker
      contents:
        source: https://git.mrmeeb.stream/mrmeeb-labs/supporting-services/raw/branch/main/.env
+    - path: /var/home/core/.bashrc
+      append:
+        # Add step alias
+        - inline: "alias step='docker run --rm -v /var/home/core:/home/step -e STEPPATH=/home/step/.step smallstep/step-cli step'"
+        # Add sops alias
+        - inline: "alias sops='docker run --rm -it -v /var/home/core:/root -v /var/docker:/var/docker ghcr.io/getsops/sops:v3.11.0'"

 systemd:
  units:
-    # Install supporting services
-    - name: rpm-ostree-install-supporting-services.service
+    # Bootstrap step-ca
+    - name: bootstrap-step-ca.service
      enabled: true
      contents: |
        [Unit]
-        Description=Install Supporting Services
+        Description=Bootstrap step-ca
        Wants=network-online.target
        After=rpm-ostree-install-docker-ce.service
        Before=zincati.service
@@ -49,7 +64,7 @@ systemd:
        [Service]
        Type=oneshot
        RemainAfterExit=yes
-        ExecStart=/usr/bin/docker compose -p "supporting-services" --env-file /var/docker/.supporting-services/komodo/repos/mrmeeb-labs/supporting-services/.env -f /var/docker/.supporting-services/komodo/repos/mrmeeb-labs/supporting-services/docker-compose.yml up -d
+        ExecStart=/usr/bin/docker run --rm -v ${HOME}:/home/step -e STEPPATH=/home/step/.step smallstep/step-cli step ca bootstrap --team mtls --team-url "https://mrmeeb.co.uk/step/<>"
        ExecStart=/usr/bin/touch /var/lib/%N.stamp

        [Install]