name = "kiosk" description = "Example Kiosk" version = "0.0.8" modules = [] groups = [] [[packages]] name = "kiosk-config" version = "*" [[packages]] name = "cockpit" [[packages]] name = "microshift" # Because we embed microshift images in the ostree, we have to pin # the microshift version number here. version = "4.14.27-202405231223.p0.g45fddd1.assembly.4.14.27.el9" [[packages]] name = "microshift-manifests" version = "*" [[packages]] name = "ca-certificates-custom" version = "*" [[packages]] name = "cockpit-system" [customizations] hostname = "kiosk.local" [customizations.services] enabled = ["chronyd", "cockpit.socket", "sshd", "microshift", "rpm-ostreed", "rpm-ostreed-automatic.timer"] [customizations.timezone] timezone = "Europe/Paris" ntpservers = ["0.fr.pool.ntp.org", "1.fr.pool.ntp.org"] [customizations.locale] languages = ["fr_FR.UTF-8"] keyboard = "fr" #22 ssh / 9090 cockpit / 6443 microshift [customizations.firewall] ports = ["22:tcp", "30000:tcp", "9090:tcp", "6443:tcp"] ## ## Automatic updates ## ## This file is used by the rpm-ostreed service that is triggered by the ## rpm-ostreed-automatic systemd timer: ## ## [Timer] ## OnBootSec=1h # 1 hour after boot ## OnUnitInactiveSec=1d # 1 day after last check ## ## But you can trigger a check manually with: ## ## sudo rpm-ostree upgrade --trigger-automatic-update-policy ## [[customizations.files]] path = "/etc/rpm-ostreed.conf" data = """[Daemon] AutomaticUpdatePolicy=apply """ [[customizations.user]] name = "admin" description = "admin" password = '{{ blueprint_admin_password_hash }}' key = "{{ blueprint_admin_ssh_public_key }}" home = "/home/admin/" shell = "/usr/bin/bash" groups = ["users", "wheel"] [[customizations.user]] name = "kiosk" description = "kiosk" password = '{{ blueprint_kiosk_password_hash }}' home = "/home/kiosk/" shell = "/bin/bash" ## ## Container image embedding (for offline use) ## # Images used by our custom manifests [[containers]] source = "docker.io/library/haproxy:latest" [[containers]] source = "quay.io/nmasse_itix/kiosk-app:latest" ## ## The following lines are generated using: ## # sudo dnf install -y microshift-release-info # RELEASE_FILE=/usr/share/microshift/release/release-$(uname -m).json # jq -r '.images | .[] | ("[[containers]]\nsource = \"" + . + "\"\n")' "${RELEASE_FILE}" >> $PWD/kiosk.toml.j2 [[containers]] source = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:00e364011c67e7498c7ba0ee769c97b24e43b0b3863ec39860ea05fb7c15c279" [[containers]] source = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b0c6e2b7672e5d959a506baa803e18e6c0d73fdfe7534ae28c61f69583e5e5ec" [[containers]] source = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f699172cd627b0babbc67878fd78883648a1f8bd9c82441e875b67a9c8f5b71a" [[containers]] source = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:41cf2f6ddbe07a2356bada1196f1f09804bc2ff8b5b588117190ef4e8028f8b2" [[containers]] source = "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671" [[containers]] source = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:33745f0814b401a1dfd89ba9bdf374e52521f175d0578cab4900afbd70eff3cb" [[containers]] source = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0f6ec1e4ec9138491cd9c6b49038c49eabc1e9116a25e5be6ddc709a36339383" [[containers]] source = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:01c9e7fffa1e6c0cc6b1ded0f8c381ac00a6f34699f1281ac477657717806fe6" [[containers]] source = "registry.redhat.io/lvms4/topolvm-rhel9@sha256:d0c039eba8157965b0a7971ad4e01576d2c1e31b09fe938554163b324cc4dc73" [[containers]] source = "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:caa0bbab808d8cbed476e8fa3e296ceb90f8d7d253e36588fa77e639ea389d55" [[containers]] source = "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:829a8e4d34404abbd22fddb6ebfa0f74daa55f2697fb147da77b83fc8b473d8c" [[containers]] source = "registry.redhat.io/openshift4/ose-csi-external-resizer@sha256:7ee0257998b7f804fcde9c095b4dc240c510eb316d7223e8485f701b5c9f2fbf" [[containers]] source = "registry.redhat.io/openshift4/ose-csi-external-provisioner@sha256:b453a5c76ba4e975a978e31a51531b1d6233723b0d944622caf7844dedf9ad5a" [[containers]] source = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1ac24a4cc03b5c7fa8c6be5f4de9c9fdc946ddb302f0c028264bcfeea097fbf9" [[containers]] source = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9b20f6fdc6a4c62300eabbf967ed798ca6a3f5d43a067df4774ec76c5b038656" [[containers]] source = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:43b98f22d7383fbd10fcbf271c1a55f5ce90a7e89b5ffe390458cc772ce5a4a9"