Transpile ignition on the fly.

Otherwise it's so hard to read.
metal-stack · Feb 20, 2025 · dd7ee87 · dd7ee87
1 parent 007c82a
commit dd7ee87
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 30 deletions.
diff --git a/Makefile b/Makefile
@@ -60,6 +60,8 @@ else
   DOCKER_COMPOSE_RUN_ARG=--rm
 endif
 
+-include .env
+
 .PHONY: up
 up: env gen-certs control-plane-bake partition-bake
 	@chmod 600 files/ssh/id_rsa
@@ -163,13 +165,36 @@ cleanup-partition:
 _privatenet: env
 	docker compose run $(DOCKER_COMPOSE_RUN_ARG) metalctl network list --name user-private-network | grep user-private-network || docker compose run $(DOCKER_COMPOSE_RUN_ARG) metalctl network allocate --partition mini-lab --project 00000000-0000-0000-0000-000000000001 --name user-private-network
 
+.PHONY: _userdata
+_userdata:
+	$(eval USERDATA := $(shell cat files/ignition.yaml | docker run --rm -i ghcr.io/metal-stack/metal-deployment-base:$$DEPLOYMENT_BASE_IMAGE_TAG ct))
+
 .PHONY: machine
-machine: _privatenet
-	docker compose run $(DOCKER_COMPOSE_RUN_ARG) metalctl machine create --description test --name test --hostname test --project 00000000-0000-0000-0000-000000000001 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --userdata "@/tmp/ignition.json" --networks $(shell docker compose run $(DOCKER_COMPOSE_RUN_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')
+machine: _privatenet _userdata
+	docker compose run $(DOCKER_COMPOSE_RUN_ARG) metalctl machine create \
+		--description test \
+		--name test \
+		--hostname test \
+		--project 00000000-0000-0000-0000-000000000001 \
+		--partition mini-lab \
+		--image $(MACHINE_OS) \
+		--size v1-small-x86 \
+		--userdata '$(USERDATA)' \
+		--networks $(shell docker compose run $(DOCKER_COMPOSE_RUN_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')
 
 .PHONY: firewall
-firewall: _privatenet
-	docker compose run $(DOCKER_COMPOSE_RUN_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000001 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --userdata "@/tmp/ignition.json" --firewall-rules-file=/tmp/rules.yaml --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_RUN_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')
+firewall: _privatenet _userdata
+	docker compose run $(DOCKER_COMPOSE_RUN_ARG) metalctl firewall create \
+		--description fw \
+		--name fw \
+		--hostname fw \
+		--project 00000000-0000-0000-0000-000000000001 \
+		--partition mini-lab \
+		--image firewall-ubuntu-3.0 \
+		--size v1-small-x86 \
+		--userdata '$(USERDATA)' \
+		--firewall-rules-file=/tmp/rules.yaml \
+		--networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_RUN_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')
 
 .PHONY: public-ip
 public-ip:

diff --git a/compose.yaml b/compose.yaml
@@ -72,7 +72,6 @@ services:
       - METALCTL_API_URL=${METALCTL_API_URL}
     volumes:
       - ./files/ssh:/root/.ssh:ro
-      - ./files/ignition.json:/tmp/ignition.json
       - ./files/rules.yaml:/tmp/rules.yaml
     network_mode: host
     command: --version
diff --git a/files/ignition.json b/files/ignition.json
diff --git a/files/ignition.yaml b/files/ignition.yaml
@@ -0,0 +1,11 @@
+storage:
+  files:
+    - path: /etc/hosts.allow
+      filesystem: root
+      append: true
+      mode: 0644
+      contents:
+        inline: |
+          ALL: [fe80::]/10
+          ALL: 203.0.113.1
+          ALL: [2001:db8::1]