flatcar.butane.yaml

variant: flatcar
version: 1.0.0
kernel_arguments:
  should_not_exist:
    - flatcar.autologin
passwd:
  users:
    - name: root
      # openssl passwd -6 -salt SALT PASSWORD
      password_hash: $6$kovacs$.UwiKUJuLYO/.y7Qcxi/owx2H3dSy3GeX9j5NEyglpdWlGjSJZ0ITcN7NJk3yuXeU.MUYzw/sbZmG/tkVQD0j0
      ssh_authorized_keys:
        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMskC9phaoO1WJkQOvXcUxH+DlG8u/2u1ReMXOO9vkbW mritd@linux.com
storage:
  links:
    - path: /etc/localtime
      target: ../usr/share/zoneinfo/Asia/Shanghai
  files:
    # Update policy
    - path: /etc/flatcar/update.conf
      mode: 0420
      contents:
        inline: |
          REBOOT_STRATEGY=reboot
          LOCKSMITHD_REBOOT_WINDOW_START=10:30
          LOCKSMITHD_REBOOT_WINDOW_LENGTH=1h          
    # Set hostname
    - path: /etc/hostname
      mode: 0644
      contents:
        inline: tpclash
    # Set static ip
    - path: /etc/systemd/network/25-xnet.network
      contents:
        inline: |
          [Match]
          Name=en*

          [Network]
          DHCP=no
          NTP=time.windows.com time.apple.com

          [Address]
          Address=192.168.1.11/24

          [Route]
          Destination=0.0.0.0/0
          Gateway=192.168.1.1
    # Fix clash `tun.auto-route`
    - path: /etc/systemd/resolved.conf.d/25-xnet.conf
      contents:
        inline: |
          [Resolve]
          DNS=223.5.5.5
          DNS=119.29.29.29
          Domains=~.
          DNSStubListener=no

systemd:
  units:
    - name: tpclash.service
      enabled: true
      contents: |
        [Unit]
        Description=Transparent proxy tool for Clash
        After=network-online.target
        Wants=network-online.target

        [Service]
        TimeoutStartSec=0
        ExecStartPre=-/usr/bin/docker stop tpclash
        ExecStartPre=-/usr/bin/docker rm tpclash
        ExecStartPre=/usr/bin/docker pull mritd/tpclash
        ExecStart=/usr/bin/docker run --tty \
                                  --privileged \
                                  --network host \
                                  --name tpclash \
                                  -v /data:/data \
                                  -v /run:/run \
                                    mritd/tpclash tpclash \
                                      --config https://example.com/clash.yaml

        [Install]
        WantedBy=multi-user.target