---
# early system configuration
anti_phishing_code: "direktil<3"

modules: /modules.sqfs

vpns:
  wgprov: |-
    [Interface]
    PrivateKey = GGM/MwPYrN9HZHsWrEv0RtX/aHXcXzkrZnZWiMgNrEg=
    ListenPort = 54321
    Address = 10.9.8.7/24

    [Peer] # admin1
    PresharedKey = oH1OhMWGPg+Qvq3w5mmp6paIi/1bMKl48r0Su2P1F3g=
    PublicKey = /j/uawB3nM+36fOxWgI/kK412TvHlYU3T8qxr38hpAs=
    AllowedIPs = 10.9.8.1/24

auths:
  - name:     novit
    sshKey:   ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkpbU6sf4t0f6XAv9DuW3XH5iLM0AI5rc8PT2jwea1N
    password: bXlzZWVk:HMSxrg1cYphaPuUYUbtbl/htep/tVYYIQAuvkNMVpw0 # mypass

signer_public_key: 'MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAd5sR4NqLtjSt8ESNlYWvuufYj7v+aYGDlgxQThcKbzDPVe639IfH94hHE0l9TAfyU94qtN/GpFyKJ68F/u2pu70A/umT1m24ELFDqXlQXqhTsH91r+nYUZ7due3EqSrvru/yjchNNRkpoCCu3QkDF25KnrYfWWHqj9ZIRlBTCJE9SwM='


ssh:
  listen: "[::]:22"
  user_ca: /user_ca.pub

networks:
- name: loopback
  interfaces: [ { var: iface, n: 1, udev: !eq [INTERFACE, lo] } ]
  script: |
    ip a add 127.0.0.1/8 dev lo
    ip a add ::1/128 dev lo
    ip li set lo up
- name: main
  interfaces:
  - var: iface
    n: 1
    udev: !has ID_NET_NAME_MAC
  script: |
    ip li set $iface up
    ip a add 192.168.12.42/24 dev $iface
    ip a add fd12:6e76:7474::1337:2eed/64 dev $iface
    ip route add default via 192.168.12.254
    ip route add default via fd12:6e76:7474::1 dev $iface

pre_lvm_crypt:
- name: sys-${name}
  udev: !glob [ DEVNAME, /dev/vd* ]

lvm:
- vg: storage
  pvs:
    n: 2
    regexps:
    - ^/dev/mapper/sys-
    # to match full disks
    #- /dev/nvme[0-9]+n[0-9]+
    #- /dev/vd[a-z]+
    #- /dev/sd[a-z]+
    #- /dev/hd[a-z]+
    # to match partitions:
    #- /dev/nvme[0-9]+n[0-9]+p[0-9]+
    #- /dev/vd[a-z]+[0-9]+
    #- /dev/sd[a-z]+[0-9]+
    #- /dev/hd[a-z]+[0-9]+

  defaults:
    fs: ext4
    raid:
      mirrors: 1

  lvs:
  - name: bootstrap
    size: 2g

  - name: varlog
    size: 256m
  - name: kubelet
    size: 256m
  - name: containerd
    size: 1g
  - name: etcd
    size: 256m

  - name: podman
    extents: 10%FREE
    # size: 10g

  - name: dls
    extents: 100%FREE
    # size: 10g

#crypt:
#- dev: /dev/storage/bootstrap
#- dev: /dev/storage/dls

bootstrap:
  dev: /dev/storage/bootstrap
  seed: http://192.168.12.254:7606/public/download-set/host/m1/bootstrap.tar?set=IDOXJLLOTHDU2UQPP7CQEBEWC4ZVHTH34BSNPBY6JUGPUVHD2MCKX46LIBOVPG46EXUNPUTYACUEVIQFC2HTIWJCMUXANM36TVKQSRAJAQRE2GDEOC4RWAAAQA3DSZJVGEZDKNT4NA5G2MJ2MJXW65DTORZGC4BOORQXEAAAAAAH4BI7JU