---

apk_tools_version: v2.14.4
apk_tools_arch: x86_64
apk_tools_url: https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic//{{ apk_tools_version }}/{{ apk_tools_arch }}/apk.static
apk_tools_checksum: sha256:42cea2a41dc09b263f04bb0ade8a2ba251256b91f89095ecc8a19903b2b3e39e

alpine_mirror: https://dl-cdn.alpinelinux.org/alpine
alpine_repositories:
  - url: '{{ alpine_mirror }}/edge/main'
  - tag: 'community'
    url: '{{ alpine_mirror }}/edge/community'
  - tag: 'testing'
    url: '{{ alpine_mirror }}/edge/testing'
  - tag: 'luzifer'
    url: 'https://alpinerepo.hub.luzifer.io/repo'

alpine_repository_keys:
  - name: 'alpine@ahlers.me-64562ea3.rsa.pub'
    public_key: |
      -----BEGIN PUBLIC KEY-----
      MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxxCxVKukbb/zGHBv1ks
      Gu+eRHNCf7aPyUZVEwMdBSO3GYaVC5np1wtzCZzG+1BVQEdgyomxzB2dU0hTSBIZ
      myu+u7344+4/XzbcIwNOfGyduYhlIDvQ4UMzFZfq0oXU9QTmsVl0iqi1CT8J4LWr
      X5i6h/zkmURCvTkK9SoZ3S+LcnCS8becUdiJpQksMQ8nFr6MtwN92W4fzyHTJYI9
      p+tuWr9j71xHLujWQU7aio+qGpvIS9y3R4eIkJ+YRRpTiZi7x+Aixn3JaGF0zk2h
      tsApoPQbVqomgDPYX6JrMx1T5amkONz1vwhg9QTYISafQg0sbrQYBrjKDZBM0zZw
      vUpVKHjr0S1rMJhzNXvoYBFwDv/d15B8B8QDyTKRJkhcfKpjN2UPinB0DNozJ8L5
      l8VmxKdiA0zbbvWuhRMo9Svkhn/N55M+cH4Xmkf+3Z8frqmQf5b02mDfh4kMLRKT
      SBwkqgx/Kqceiw8ZIDprPY3tr6ThQ9oJOzI8NomNmvmanWHJtm6oBNiyvH3G9cfe
      +CeXkOhwwug+xrnNsA8bedFLfm2XB5Y6k/xs88604igHxfjbAWXjIyHhrNAD885s
      cbZ7WJTWYHuoltHwFvmq5Z8ZFuFpqbWH7B618rLR92AmHGaaje8m4vVeUcTq2TeN
      Ld4erUMnkwbBDYOIlAc/vzMCAwEAAQ==
      -----END PUBLIC KEY-----

boot_size: +100m
root_size: '0'
hostname: alpine-k8s

dhcp_interfaces: [eth0, eth1]

packages:
  # Alpine base system
  curl: ''
  openssh: ''
  syslinux: ''
  linux-virt: ''
  sudo: '@community'
  vim: ''

  cloud-init: '@community'
  e2fsprogs-extra: ''
  py3-pyserial: '@community'
  py3-netifaces: '@community'

  wireguard-tools: ''

  chrony: ''
  chrony-openrc: ''

  # K8s requirements
  open-iscsi: ''
  open-iscsi-openrc: ''
  udev: ''

  cni-plugins: '@community'
  cri-tools: '@community'
  containerd: '@community'
  containerd-openrc: '@community'
  nfs-utils: ''
  uuidgen: ''

  kubelet: '@luzifer=1.30.2-r0'
  kubeadm: '@luzifer=1.30.2-r0'
  kubectl: '@luzifer=1.30.2-r0'

services:
  devfs: sysinit
  dmesg: sysinit
  hwdrivers: sysinit
  udev: sysinit
  udev-trigger: sysinit
  udev-settle: sysinit

  hwclock: boot
  modules: boot
  sysctl: boot
  hostname: boot
  bootmisc: boot
  syslog: boot
  networking: boot

  mount-ro: shutdown
  killprocs: shutdown
  savecache: shutdown

  chronyd: default
  sshd: default
  udev-postmount: default

  # K8s requirements
  containerd: default
  iscsid: default
  kubelet: default
  ntpd: default

nameservers:
  - 185.12.64.1
  - 185.12.64.2
  - 2a01:4ff:ff00::add:1
  - 2a01:4ff:ff00::add:2

sysctl:
  fs.inotify.max_user_instances: 8192
  net.bridge.bridge-nf-call-iptables: 1
  net.ipv4.ip_forward: 1

extlinux_modules:
  - ext4

mkinitfs_features:
  - ata
  - base
  - ext4
  - keymap
  - kms
  - nvme
  - raid
  - scsi
  - virtio

kernel_modules:
  - ipv6
  - af_packet

default_kernel_opts:
  - quiet

write_files:
  # Configure chrony
  - dest: /etc/chrony/chrony.conf
    content: |
      server ptbtime1.ptb.de iburst
      server ptbtime2.ptb.de iburst
      initstepslew 10 ptbtime1.ptb.de
      driftfile /var/lib/chrony/chrony.drift
      rtcsync
      cmdport 0

  # Disable overwriting network config
  - dest: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
    content: |
      network: {config: disabled}

  # Fix prometheus errors: Write service
  - dest: /etc/local.d/sharemetrics.start
    content: |
      #!/bin/sh
      mount --make-rshared /
    mode: '0755'

  # kernel stuff
  - dest: /etc/modules-load.d/k8s.conf
    content: |
      br_netfilter

chroot_commands:
  # Fix prometheus errors: Enable sharemetrics service
  - 'rc-update add local'

  # Force --cloud-provider=external
  - "sed -i 's/command_args=\"/command_args=\"--cloud-provider=external /' /etc/init.d/kubelet"

...