initrd/test-initrd/config.yaml

---
# early system configuration
anti_phishing_code: "direktil<3"

modules: /modules.sqfs

vpns:
  wgprov: |-
    [Interface]
    PrivateKey = GGM/MwPYrN9HZHsWrEv0RtX/aHXcXzkrZnZWiMgNrEg=
    ListenPort = 54321
    Address = 10.9.8.7/24

    [Peer] # admin1
    PresharedKey = oH1OhMWGPg+Qvq3w5mmp6paIi/1bMKl48r0Su2P1F3g=
    PublicKey = /j/uawB3nM+36fOxWgI/kK412TvHlYU3T8qxr38hpAs=
    AllowedIPs = 10.9.8.1/24

auths:
  - name:     novit
    sshKey:   ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkpbU6sf4t0f6XAv9DuW3XH5iLM0AI5rc8PT2jwea1N
    password: bXlzZWVk:HMSxrg1cYphaPuUYUbtbl/htep/tVYYIQAuvkNMVpw0 # mypass

networks:
- name: loopback
  interfaces: [ { var: iface, n: 1, regexps: [ "^lo$" ] } ]
  script: |
    ip a add 127.0.0.1/8 dev lo
    ip a add ::1/128 dev lo
    ip li set lo up
- name: main
  interfaces:
  - var: iface
    n: 1
    regexps:
    - eth.*
    - veth.*
    - eno.*
    - enp.*
  script: |
    ip li set $iface up
    udhcpc -i $iface -b -t1 -T1 -A5 ||
    ip a add 2001:41d0:306:168f::1337:2eed/64 dev $iface

pre_lvm_crypt:
- dev: /dev/vda
  name: sys0
- dev: /dev/vdb
  name: sys1

lvm:
- vg: storage
  pvs:
    n: 2
    regexps:
    - /dev/mapper/sys[01]
    # to match full disks
    #- /dev/nvme[0-9]+n[0-9]+
    #- /dev/vd[a-z]+
    #- /dev/sd[a-z]+
    #- /dev/hd[a-z]+
    # to match partitions:
    #- /dev/nvme[0-9]+n[0-9]+p[0-9]+
    #- /dev/vd[a-z]+[0-9]+
    #- /dev/sd[a-z]+[0-9]+
    #- /dev/hd[a-z]+[0-9]+

  defaults:
    fs: ext4
    raid:
      mirrors: 1

  lvs:
  - name: bootstrap
    size: 2g

  - name: varlog
    extents: 10%FREE
    # size: 10g

  - name: podman
    extents: 10%FREE
    # size: 10g

  - name: dls
    extents: 100%FREE
    # size: 10g

#crypt:
#- dev: /dev/storage/bootstrap
#- dev: /dev/storage/dls

bootstrap:
  #dev: /dev/mapper/bootstrap
  dev: /dev/storage/bootstrap
  # TODO seed: https://direktil.novit.io/bootstraps/dls-crypt
  seed: http://192.168.10.254:7606/hosts/m1/bootstrap.tar
  # TODO seed_sign_key: "..."
  # TODO load_and_close: true