variant: fcos
version: 1.6.0
passwd:
  users:
    - name: core
      password_hash: <PASSWORD_HASH>
      ssh_authorized_keys:
        - ssh-rsa ...
storage:
  files:
    - path: /etc/chrony.conf
      mode: 0644
      overwrite: true
      contents:
        inline: |
          server <IP-ROUTER> iburst
          sourcedir /run/chrony-dhcp
          driftfile /var/lib/chrony/drift
          makestep 1.0 3
          rtcsync
          ntsdumpdir /var/lib/chrony
          leapseclist /usr/share/zoneinfo/leap-seconds.list
          logdir /var/log/chrony
    - path: /etc/pki/ca-trust/source/anchors/root_ca.crt
      contents:
        inline: |
          -----BEGIN CERTIFICATE-----
          .
          .
          .
          -----END CERTIFICATE-----
  links:
    - path: /etc/localtime
      target: ../usr/share/zoneinfo/Europe/Amsterdam

systemd:
  units:
    - name: docker.service
      enabled: true
    - name: rpm-ostree-install.service
      enabled: true
      contents: |
        [Unit]
        Description=Layer packages with rpm-ostree
        Wants=network-online.target
        After=network-online.target
        # We run before `zincati.service` to avoid conflicting rpm-ostree
        # transactions.
        Before=zincati.service
        ConditionPathExists=!/var/lib/%N.stamp

        [Service]
        Type=oneshot
        RemainAfterExit=yes
        # `--allow-inactive` ensures that rpm-ostree does not return an error
        # if the package is already installed. This is useful if the package is
        # added to the root image in a future Fedora CoreOS release as it will
        # prevent the service from failing.
        ExecStart=/usr/bin/rpm-ostree install -y --allow-inactive docker-compose qemu-guest-agent
        ExecStart=/bin/touch /var/lib/%N.stamp
        ExecStart=/bin/systemctl --no-block reboot

        [Install]
        WantedBy=multi-user.target