core-infrastructure/ignition/base.bu

variant: fcos
version: 1.6.0
storage:
  files:
    # Make the device wary of updating, and do maintenance early in the weekend mornings
    - path: /etc/zincati/config.d/51-rollout-wariness.toml
      contents:
        inline: |
          [identity]
          rollout_wariness = 0.8
    - path: /etc/zincati/config.d/55-updates-strategy.toml
      contents:
        inline: |
          [updates]
          strategy = "periodic"
          [[updates.periodic.window]]
          days = [ "Sat","Sun" ]
          start_time = "06:00"
          length_minutes = 60
    - path: /etc/issue.d/35-ssh-blocked.issue
      contents:
        inline: | 
          
          SSH currently disabled until configuration completes



systemd:
  units:
    # Disable SSH (so Ansible waits until config has completed before continuing)
    - name: ignition-start-config.service
      enabled: true
      contents: |
        [Unit]
        Description=Block SSH during configuration
        After=network-online.target
        Before=zincati.service
        ConditionPathExists=!/var/lib/%N.stamp

        [Service]
        Type=oneshot
        RemainAfterExit=yes
        ExecStart=/usr/bin/systemctl stop sshd
        ExecStart=/usr/bin/systemctl disable sshd
        ExecStart=/usr/bin/touch /var/lib/%N.stamp

        [Install]
        WantedBy=multi-user.target
    # Enable SSH once configuration has finished so Ansible can continue 
    - name: ignition-finish-config.service
      enabled: true
      contents: |
        [Unit]
        Description=Enable SSH after configuration
        After=multi-user.target
        ConditionPathExists=!/var/lib/%N.stamp

        [Service]
        Type=oneshot
        RemainAfterExit=yes
        ExecStart=/usr/bin/systemctl enable sshd
        ExecStart=/usr/bin/systemctl start sshd
        ExecStart=/usr/bin/rm /etc/issue.d/35-ssh-blocked.issue
        ExecStart=/usr/bin/systemctl restart getty@tty1
        ExecStart=/usr/bin/touch /var/lib/%N.stamp

        [Install]
        WantedBy=multi-user.target

    # Install qemu-guest-agent
    - name: rpm-ostree-install-qemu-guest-agent.service
      enabled: true
      contents: |
        [Unit]
        Description=Install QEMU Guest Agent
        Wants=network-online.target
        After=ignition-start-config.service
        Before=zincati.service
        ConditionPathExists=!/var/lib/%N.stamp

        [Service]
        Type=oneshot
        RemainAfterExit=yes
        ExecStart=/usr/bin/rpm-ostree install qemu-guest-agent
        ExecStart=/usr/bin/touch /var/lib/%N.stamp
        ExecStart=/usr/bin/systemctl --no-block reboot

        [Install]
        WantedBy=multi-user.target