Extend things that can be configured by yaml config files
In #254 (comment 907094846) @fdupoux proposed a way to define arbitrary system config files in YAML config files. I answered with a proposal to keeping arbitrary files in SRMs and defining dedicated config options for often used things instead.
This issue continues this discussion how to go about implementing further options to be configured with the yaml config files.
Here is a list of things I think would be nice to have configurable, just to get an idea about the scope:
- SSH authorized keys
- SSH login options, like password allowed or only with public key
- Entries in /etc/hosts
- Static networking config: IP, netmask, default gateway, DNS-servers
- Advanced networking, like Wifi (PSK and EAP auth), VLAN-tagging, static routes, link aggregation / LACP
- VPNs (through NetworkManager, Wireguard and OpenVPN)
- Firewall: list of ports/protocols to open
- Additional repositories for pacman
- GnuPG trusted keys (mainly for pacman, see above)
- Option to remove all default pacman repositories and only use the user supplied ones
- Additional packages to install with pacman
- Additional mountpoints, for local and network paths/devices
- Timezone, NTP servers
- Bookmarks for Firefox or other browsers
For Wifi, VPNs and network mountpoints we have to think about how to supply the passwords. The user should have the option to either supply them in the YAML config or enter them in some dialog during boot.
When the YAML config was originally introduced, there was some discussion in #170 (closed) if to implement a custom format (which was then implemented) or use cloud-init
instead. While using cloud-init
for SystemRescue specific settings doesn't make much sense, the things listed above have a broader scope and many of them are available in cloud-init
to some degree.
When looking at the options above, I think the biggest complexity will be in advanced networking. Unfortunately cloud-init
doesn't look like a good solution for that. This is because cloud-init
only uses the Ubuntu-specific "netplan" format. Unlike for example the Redhat "ifcfg" format, netplan is not a native config format for NetworkManager. This means the whole networking config has to be translated first, resulting in loss of features and depth in contrast to a more native NetworkManager config. Also cloud-init
doesn't seem to have a way to ask the user for credentials. This would have to be added and integrated with cloud-init
.