Add NVMe storage auto-setup, sops secrets, fix SSH permissions
- setup-node-storage service auto-partitions NVMe for containerd/longhorn - Root password encrypted with sops/age, decrypted during build - Fix SSH host key permissions (0600) so sshd actually starts - Disable SSH socket activation for reliable boot - Add OPERATIONS.md with runbook - Makefile tracks source dependencies
This commit is contained in:
26
files/setup-node-storage.service
Normal file
26
files/setup-node-storage.service
Normal file
@@ -0,0 +1,26 @@
|
||||
[Unit]
|
||||
Description=Setup local NVMe storage for K3s
|
||||
Documentation=file:///usr/local/bin/setup-node-storage
|
||||
|
||||
# Run early, after devices are available but before container services
|
||||
After=local-fs.target systemd-udevd.service
|
||||
Before=containerd.service
|
||||
|
||||
# Only run if not already mounted
|
||||
ConditionPathIsMountPoint=!/var/lib/containerd
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/local/bin/setup-node-storage
|
||||
RemainAfterExit=yes
|
||||
|
||||
# Console access for interactive prompt
|
||||
StandardInput=tty
|
||||
TTYPath=/dev/tty1
|
||||
TTYReset=yes
|
||||
|
||||
# Generous timeout for user interaction (3 minutes)
|
||||
TimeoutStartSec=180
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user