171 lines
2.9 KiB
YAML
171 lines
2.9 KiB
YAML
# Debian Atomic Server
|
|
# Fedora CoreOS 1:1 parallel for Debian
|
|
# Based on coreos.yaml patterns
|
|
|
|
include: common.yaml
|
|
|
|
# Variant-specific reference
|
|
ref: debian-atomic/server
|
|
|
|
# Server-specific packages
|
|
packages:
|
|
# Server Infrastructure
|
|
- openssh-server
|
|
- nginx
|
|
- apache2
|
|
- postgresql
|
|
- mysql-server
|
|
- redis-server
|
|
- memcached
|
|
|
|
# Monitoring and Logging
|
|
- prometheus
|
|
- grafana
|
|
- node-exporter
|
|
- cadvisor
|
|
- logrotate
|
|
- rsyslog
|
|
- journald
|
|
|
|
# Container and Orchestration
|
|
- docker.io
|
|
- containerd
|
|
- kubernetes-client
|
|
- helm
|
|
- kubectl
|
|
- minikube
|
|
|
|
# Security and Authentication
|
|
- fail2ban
|
|
- ufw
|
|
- apparmor
|
|
- apparmor-utils
|
|
- auditd
|
|
- rkhunter
|
|
- chkrootkit
|
|
|
|
# System Administration
|
|
- htop
|
|
- iotop
|
|
- nethogs
|
|
- iftop
|
|
- nload
|
|
- vnstat
|
|
- iostat
|
|
|
|
# Backup and Storage
|
|
- rsync
|
|
- duplicity
|
|
- borgbackup
|
|
- lvm2
|
|
- mdadm
|
|
- zfs-dkms
|
|
- btrfs-tools
|
|
|
|
# Network Services
|
|
- bind9
|
|
- dhcpcd5
|
|
- hostapd
|
|
- iptables-persistent
|
|
- nftables
|
|
- tcpdump
|
|
- wireshark
|
|
|
|
# Web Development
|
|
- php
|
|
- php-fpm
|
|
- php-mysql
|
|
- php-pgsql
|
|
- nodejs
|
|
- npm
|
|
- python3
|
|
- python3-pip
|
|
|
|
# Database Tools
|
|
- postgresql-client
|
|
- mysql-client
|
|
- sqlite3
|
|
- redis-tools
|
|
|
|
# System Monitoring
|
|
- nagios-plugins
|
|
- zabbix-agent
|
|
- collectd
|
|
- munin
|
|
- icinga2
|
|
|
|
# Performance Tools
|
|
- sysbench
|
|
- iperf3
|
|
- fio
|
|
- stress-ng
|
|
- perf-tools-unstable
|
|
|
|
# Server-specific configuration
|
|
config:
|
|
# Server environment
|
|
server:
|
|
type: "general-purpose"
|
|
role: "production"
|
|
security_level: "high"
|
|
|
|
# Services configuration
|
|
services:
|
|
ssh:
|
|
enabled: true
|
|
port: 22
|
|
root_login: false
|
|
key_auth: true
|
|
|
|
firewall:
|
|
enabled: true
|
|
default_policy: "drop"
|
|
allowed_ports: [22, 80, 443, 8080]
|
|
|
|
monitoring:
|
|
enabled: true
|
|
metrics_collection: true
|
|
log_aggregation: true
|
|
|
|
backup:
|
|
enabled: true
|
|
schedule: "daily"
|
|
retention: "30_days"
|
|
|
|
# Performance tuning
|
|
performance:
|
|
kernel_parameters:
|
|
- "vm.swappiness=1"
|
|
- "vm.dirty_ratio=15"
|
|
- "vm.dirty_background_ratio=5"
|
|
- "net.core.rmem_max=16777216"
|
|
- "net.core.wmem_max=16777216"
|
|
|
|
systemd:
|
|
timeout: "300s"
|
|
kill_mode: "mixed"
|
|
restart: "always"
|
|
|
|
# Variant metadata
|
|
metadata:
|
|
variant: "server"
|
|
description: "Debian Atomic Server - Fedora CoreOS equivalent"
|
|
category: "server"
|
|
target: "enterprise"
|
|
server_type: "general-purpose"
|
|
fedora_equivalent: "coreos"
|
|
|
|
# Features
|
|
features:
|
|
- "Server Infrastructure"
|
|
- "Web Services (Apache/Nginx)"
|
|
- "Database Support (PostgreSQL/MySQL)"
|
|
- "Container Runtime (Docker/containerd)"
|
|
- "Kubernetes Support"
|
|
- "Monitoring and Logging"
|
|
- "Security Hardening"
|
|
- "High Performance Tuning"
|
|
- "Backup and Recovery"
|
|
- "Atomic Updates"
|
|
- "Rollback Capability"
|
|
- "Immutable Infrastructure"
|