56 lines
1.6 KiB
Plaintext
56 lines
1.6 KiB
Plaintext
# Build Configuration
|
|
image:
|
|
name: nullpoint
|
|
version: 39
|
|
arch: x86_64
|
|
hetzner_arch: x86
|
|
|
|
# System Configuration
|
|
system:
|
|
# LUKS Configuration
|
|
luks:
|
|
tang_url: https://tang.example.com
|
|
tang_thumbprint: your-tang-thumbprint
|
|
|
|
# TPM Configuration
|
|
tpm:
|
|
pcr_bank: sha256 # PCR bank to use (sha1 or sha256)
|
|
pcr_ids: [0,4,7,8,9] # PCRs to measure
|
|
# PCR descriptions:
|
|
# 0: Core System Firmware executable code (BIOS/UEFI) (RECOMMENDED)
|
|
# 1: Core System Firmware data (BIOS/UEFI settings)
|
|
# 2: Extended or pluggable executable code
|
|
# 3: Extended or pluggable firmware data
|
|
# 4: Boot Manager Code (bootloader) (RECOMMENDED)
|
|
# 5: Boot Manager Configuration and Data
|
|
# 6: Platform-specific code
|
|
# 7: Platform-specific configuration (RECOMMENDED)
|
|
# 8: UEFI driver and application code (RECOMMENDED)
|
|
# 9: UEFI driver and application configuration (RECOMMENDED)
|
|
# 10: UEFI Handoff Tables
|
|
# 11: UEFI Boot Services Code
|
|
# 12: UEFI Boot Services Data
|
|
# 13: UEFI Runtime Services Code
|
|
# 14: UEFI Runtime Services Data
|
|
# 15: UEFI Secure Boot State
|
|
|
|
# Cloud-init Configuration
|
|
cloud_init:
|
|
timezone: UTC
|
|
users:
|
|
- name: admin
|
|
groups: wheel
|
|
sudo: ALL=(ALL) NOPASSWD:ALL
|
|
ssh_authorized_keys:
|
|
- "your-ssh-key-here"
|
|
packages:
|
|
- btrfs-progs
|
|
- clevis
|
|
- clevis-luks
|
|
- clevis-tang
|
|
- clevis-tpm2
|
|
- tpm2-tools
|
|
- tpm2-tss
|
|
- cryptsetup
|
|
- systemd
|
|
- curl |