Ignition Specification

    Ignition uses a JSON format that is specified in several major versions: v1, v2 and v3 (which itself has minor versions like 2.3.0). While v1 and v2 are still supported in Flatcar Container Linux, from version 3185.0.0, it’s recommended to write new configuration with v3.

    Ignition v3

    Starting from release 3185.0.0, Ignition v3 (specification 3.3.0) is supported in addition of Ignition v2. There are some things to be aware of:

    • v1 and v2 are still supported and get translated at runtime; while this is tested well there may be corner cases where the v2 config relied on unspecified behavior
    • clevis is not supported
    • kernelArguments are supported and will persist the changes in /usr/share/oem/grub.cfg before the reboot but it only works for unconditional set linux_append statements in grub.cfg and linux_console is not considered
    • The high-level Butane YAML format can be used to generate Ignition v3 configs:
    cat > config.yml <<EOF
    variant: flatcar
    version: 1.0.0
    storage:
      luks:
        - name: data
          device: /dev/disk/by-partlabel/USR-B
      filesystems:
        - path: /var/lib/data
          device: /dev/disk/by-id/dm-name-data
          format: ext4
          label: DATA
          with_mount_unit: true
    EOF
    podman run -i --rm quay.io/coreos/butane:release --pretty --strict < config.yml > ignition.json
    
    • ignition (object): metadata about the configuration itself.
      • version (string): the semantic version number of the spec. The spec version must be compatible with the latest version (3.3.0). Compatibility requires the major versions to match and the spec version be less than or equal to the latest version. -experimental versions compare less than the final version with the same number, and previous experimental versions are not accepted.
      • config (objects): options related to the configuration.
        • merge (list of objects): a list of the configs to be merged to the current config.
          • source (string): the URL of the config. Supported schemes are http, https, s3, gs, tftp, and data . Note: When using http, it is advisable to use the verification option to ensure the contents haven’t been modified.
          • compression (string): the type of compression used on the config (null or gzip). Compression cannot be used with S3.
          • httpHeaders (list of objects): a list of HTTP headers to be added to the request. Available for http and https source schemes only.
            • name (string): the header name.
            • value (string): the header contents.
          • verification (object): options related to the verification of the config.
            • hash (string): the hash of the config, in the form <type>-<value> where type is either sha512 or sha256.
        • replace (object): the config that will replace the current.
          • source (string): the URL of the config. Supported schemes are http, https, s3, gs, tftp, and data . Note: When using http, it is advisable to use the verification option to ensure the contents haven’t been modified.
          • compression (string): the type of compression used on the config (null or gzip). Compression cannot be used with S3.
          • httpHeaders (list of objects): a list of HTTP headers to be added to the request. Available for http and https source schemes only.
            • name (string): the header name.
            • value (string): the header contents.
          • verification (object): options related to the verification of the config.
            • hash (string): the hash of the config, in the form <type>-<value> where type is either sha512 or sha256.
      • timeouts (object): options relating to http timeouts when fetching files over http or https.
        • httpResponseHeaders (integer) the time to wait (in seconds) for the server’s response headers (but not the body) after making a request. 0 indicates no timeout. Default is 10 seconds.
        • httpTotal (integer) the time limit (in seconds) for the operation (connection, request, and response), including retries. 0 indicates no timeout. Default is 0.
      • security (object): options relating to network security.
        • tls (object): options relating to TLS when fetching resources over https.
          • certificateAuthorities (list of objects): the list of additional certificate authorities (in addition to the system authorities) to be used for TLS verification when fetching over https. All certificate authorities must have a unique source.
            • source (string): the URL of the certificate bundle (in PEM format). The bundle can contain multiple concatenated certificates. Supported schemes are http, https, s3, gs, tftp, and data . Note: When using http, it is advisable to use the verification option to ensure the contents haven’t been modified.
            • compression (string): the type of compression used on the certificate (null or gzip). Compression cannot be used with S3.
            • httpHeaders (list of objects): a list of HTTP headers to be added to the request. Available for http and https source schemes only.
              • name (string): the header name.
              • value (string): the header contents.
            • verification (object): options related to the verification of the certificate.
              • hash (string): the hash of the certificate, in the form <type>-<value> where type is either sha512 or sha256.
      • proxy (object): options relating to setting an HTTP(S) proxy when fetching resources.
        • httpProxy (string): will be used as the proxy URL for HTTP requests and HTTPS requests unless overridden by httpsProxy or noProxy.
        • httpsProxy (string): will be used as the proxy URL for HTTPS requests unless overridden by noProxy.
        • noProxy (list of strings): specifies a list of strings to hosts that should be excluded from proxying. Each value is represented by an IP address prefix (1.2.3.4), an IP address prefix in CIDR notation (1.2.3.4/8), a domain name, or a special DNS label (*). An IP address prefix and domain name can also include a literal port number (1.2.3.4:80). A domain name matches that name and all subdomains. A domain name with a leading . matches subdomains only. For example foo.com matches foo.com and bar.foo.com; .y.com matches x.y.com but not y.com. A single asterisk (*) indicates that no proxying should be done.
    • storage (object): describes the desired state of the system’s storage devices.
      • disks (list of objects): the list of disks to be configured and their options. Every entry must have a unique device.
        • device (string): the absolute path to the device. Devices are typically referenced by the /dev/disk/by-* symlinks.
        • wipeTable (boolean): whether or not the partition tables shall be wiped. When true, the partition tables are erased before any further manipulation. Otherwise, the existing entries are left intact.
        • partitions (list of objects): the list of partitions and their configuration for this particular disk. Every partition must have a unique number, or if 0 is specified, a unique label.
          • label (string): the PARTLABEL for the partition.
          • number (integer): the partition number, which dictates its position in the partition table (one-indexed). If zero, use the next available partition slot.
          • sizeMiB (integer): the size of the partition (in mebibytes). If zero, the partition will be made as large as possible.
          • startMiB (integer): the start of the partition (in mebibytes). If zero, the partition will be positioned at the start of the largest block available.
          • typeGuid (string): the GPT partition type GUID . If omitted, the default will be 0FC63DAF-8483-4772-8E79-3D69D8477DE4 (Linux filesystem data).
          • guid (string): the GPT unique partition GUID.
          • wipePartitionEntry (boolean) if true, Ignition will clobber an existing partition if it does not match the config. If false (default), Ignition will fail instead.
          • shouldExist (boolean) whether or not the partition with the specified number should exist. If omitted, it defaults to true. If false Ignition will either delete the specified partition or fail, depending on wipePartitionEntry. If false number must be specified and non-zero and label, start, size, guid, and typeGuid must all be omitted.
          • resize (boolean) whether or not the existing partition should be resized. If omitted, it defaults to false. If true, Ignition will resize an existing partition if it matches the config in all respects except the partition size.
      • raid (list of objects): the list of RAID arrays to be configured. Every RAID array must have a unique name.
        • name (string): the name to use for the resulting md device.
        • level (string): the redundancy level of the array (e.g. linear, raid1, raid5, etc.).
        • devices (list of strings): the list of devices (referenced by their absolute path) in the array.
        • spares (integer): the number of spares (if applicable) in the array.
        • options (list of strings): any additional options to be passed to mdadm.
      • filesystems (list of objects): the list of filesystems to be configured. device and format need to be specified. Every filesystem must have a unique device.
        • device (string): the absolute path to the device. Devices are typically referenced by the /dev/disk/by-* symlinks.
        • format (string): the filesystem format (ext4, btrfs, xfs, vfat, swap, or none).
        • path (string): the mount-point of the filesystem while Ignition is running relative to where the root filesystem will be mounted. This is not necessarily the same as where it should be mounted in the real root, but it is encouraged to make it the same.
        • wipeFilesystem (boolean): whether or not to wipe the device before filesystem creation, see the documentation on filesystems for more information. Defaults to false.
        • label (string): the label of the filesystem.
        • uuid (string): the uuid of the filesystem.
        • options (list of strings): any additional options to be passed to the format-specific mkfs utility.
        • mountOptions (list of strings): any special options to be passed to the mount command.
      • files (list of objects): the list of files to be written. Every file, directory and link must have a unique path.
        • path (string): the absolute path to the file.
        • overwrite (boolean): whether to delete preexisting nodes at the path. contents.source must be specified if overwrite is true. Defaults to false.
        • contents (object): options related to the contents of the file.
          • compression (string): the type of compression used on the contents (null or gzip). Compression cannot be used with S3.
          • source (string): the URL of the file contents. Supported schemes are http, https, tftp, s3, gs, and data . When using http, it is advisable to use the verification option to ensure the contents haven’t been modified. If source is omitted and a regular file already exists at the path, Ignition will do nothing. If source is omitted and no file exists, an empty file will be created.
          • httpHeaders (list of objects): a list of HTTP headers to be added to the request. Available for http and https source schemes only.
            • name (string): the header name.
            • value (string): the header contents.
          • verification (object): options related to the verification of the file contents.
            • hash (string): the hash of the contents, in the form <type>-<value> where type is either sha512 or sha256.
        • append (list of objects): list of contents to be appended to the file. Follows the same stucture as contents
          • compression (string): the type of compression used on the contents (null or gzip). Compression cannot be used with S3.
          • source (string): the URL of the contents to append. Supported schemes are http, https, tftp, s3, gs, and data . When using http, it is advisable to use the verification option to ensure the contents haven’t been modified.
          • httpHeaders (list of objects): a list of HTTP headers to be added to the request. Available for http and https source schemes only.
            • name (string): the header name.
            • value (string): the header contents.
          • verification (object): options related to the verification of the appended contents.
            • hash (string): the hash of the contents, in the form <type>-<value> where type is either sha512 or sha256.
        • mode (integer): the file’s permission mode. Note that the mode must be properly specified as a decimal value (i.e. 0644 -> 420). If not specified, the permission mode for files defaults to 0644 or the existing file’s permissions if overwrite is false, contents.source is unspecified, and a file already exists at the path.
        • user (object): specifies the file’s owner.
          • id (integer): the user ID of the owner.
          • name (string): the user name of the owner.
        • group (object): specifies the group of the owner.
          • id (integer): the group ID of the owner.
          • name (string): the group name of the owner.
      • directories (list of objects): the list of directories to be created. Every file, directory, and link must have a unique path.
        • path (string): the absolute path to the directory.
        • overwrite (boolean): whether to delete preexisting nodes at the path. If false and a directory already exists at the path, Ignition will only set its permissions. If false and a non-directory exists at that path, Ignition will fail. Defaults to false.
        • mode (integer): the directory’s permission mode. Note that the mode must be properly specified as a decimal value (i.e. 0755 -> 493). If not specified, the permission mode for directories defaults to 0755 or the mode of an existing directory if overwrite is false and a directory already exists at the path.
        • user (object): specifies the directory’s owner.
          • id (integer): the user ID of the owner.
          • name (string): the user name of the owner.
        • group (object): specifies the group of the owner.
          • id (integer): the group ID of the owner.
          • name (string): the group name of the owner.
      • links (list of objects): the list of links to be created. Every file, directory, and link must have a unique path.
        • path (string): the absolute path to the link
        • overwrite (boolean): whether to delete preexisting nodes at the path. If overwrite is false and a matching link exists at the path, Ignition will only set the owner and group. Defaults to false.
        • user (object): specifies the symbolic link’s owner.
          • id (integer): the user ID of the owner.
          • name (string): the user name of the owner.
        • group (object): specifies the group of the owner.
          • id (integer): the group ID of the owner.
          • name (string): the group name of the owner.
        • target (string): the target path of the link
        • hard (boolean): a symbolic link is created if this is false, a hard one if this is true.
      • luks (list of objects): the list of luks devices to be created. Every device must have a unique name.
        • name (string): the name of the luks device.
        • device (string): the absolute path to the device. Devices are typically referenced by the /dev/disk/by-* symlinks.
        • keyFile (string): options related to the contents of the key file.
          • compression (string): the type of compression used on the contents (null or gzip). Compression cannot be used with S3.
          • source (string): the URL of the contents to append. Supported schemes are http, https, tftp, s3, gs, and data . When using http, it is advisable to use the verification option to ensure the contents haven’t been modified.
          • httpHeaders (list of objects): a list of HTTP headers to be added to the request. Available for http and https source schemes only.
            • name (string): the header name.
            • value (string): the header contents.
          • verification (object): options related to the verification of the key file.
            • hash (string): the hash of the contents, in the form <type>-<value> where type is either sha512 or sha256.
        • label (string): the label of the luks device.
        • uuid (string): the uuid of the luks device.
        • options (list of strings): any additional options to be passed to the cryptsetup utility.
        • wipeVolume (boolean): whether or not to wipe the device before volume creation, see the documentation on filesystems for more information.
        • clevis (object): describes the clevis configuration for the luks device.
          • tang (list of objects): describes a tang server. Every server must have a unique url.
            • url (string): url of the tang server.
            • thumbprint (string): thumbprint of a trusted signing key.
          • tpm2 (bool): whether or not to use a tpm2 device.
          • threshold (int): sets the minimum number of pieces required to decrypt the device. Default is 1.
          • custom (object): overrides the clevis configuration. The pin & config will be passed directly to clevis luks bind. If specified, all other clevis options must be omitted.
            • pin (string): the clevis pin.
            • config (string): the clevis configuration JSON.
            • needsNetwork (bool): whether or not the device requires networking.
    • systemd (object): describes the desired state of the systemd units.
      • units (list of objects): the list of systemd units. Every unit must have a unique name.
        • name (string): the name of the unit. This must be suffixed with a valid unit type (e.g. “thing.service”).
        • enabled (boolean): whether or not the service shall be enabled. When true, the service is enabled. When false, the service is disabled. When omitted, the service is unmodified. In order for this to have any effect, the unit must have an install section.
        • mask (boolean): whether or not the service shall be masked. When true, the service is masked by symlinking it to /dev/null. When false, the service is unmasked by deleting the symlink to /dev/null if it exists.
        • contents (string): the contents of the unit.
        • dropins (list of objects): the list of drop-ins for the unit. Every drop-in must have a unique name.
          • name (string): the name of the drop-in. This must be suffixed with “.conf”.
          • contents (string): the contents of the drop-in.
    • passwd (object): describes the desired additions to the passwd database.
      • users (list of objects): the list of accounts that shall exist. All users must have a unique name.
        • name (string): the username for the account.
        • passwordHash (string): the encrypted password for the account.
        • sshAuthorizedKeys (list of strings): a list of SSH keys to be added as an SSH key fragment at .ssh/authorized_keys.d/ignition in the user’s home directory. All SSH keys must be unique.
        • uid (integer): the user ID of the account.
        • gecos (string): the GECOS field of the account.
        • homeDir (string): the home directory of the account.
        • noCreateHome (boolean): whether or not to create the user’s home directory. This only has an effect if the account doesn’t exist yet.
        • primaryGroup (string): the name of the primary group of the account.
        • groups (list of strings): the list of supplementary groups of the account.
        • noUserGroup (boolean): whether or not to create a group with the same name as the user. This only has an effect if the account doesn’t exist yet.
        • noLogInit (boolean): whether or not to add the user to the lastlog and faillog databases. This only has an effect if the account doesn’t exist yet.
        • shell (string): the login shell of the new account.
        • shouldExist (boolean) whether or not the user with the specified name should exist. If omitted, it defaults to true. If false, then Ignition will delete the specified user.
        • system (bool): whether or not this account should be a system account. This only has an effect if the account doesn’t exist yet.
      • groups (list of objects): the list of groups to be added. All groups must have a unique name.
        • name (string): the name of the group.
        • gid (integer): the group ID of the new group.
        • passwordHash (string): the encrypted password of the new group.
        • shouldExist (boolean) whether or not the group with the specified name should exist. If omitted, it defaults to true. If false, then Ignition will delete the specified group.
        • system (bool): whether or not the group should be a system group. This only has an effect if the group doesn’t exist yet.
    • kernelArguments (object): describes the desired kernel arguments.
      • shouldExist (list of strings): the list of kernel arguments that should exist.
      • shouldNotExist (list of strings): the list of kernel arguments that should not exist.

    Ignition v2

    Ignition v2 is not developed anymore but still supported (specification 2.3.0), the high-level Container Linux Config YAML format can be used to emit Ignition v2 configs:

    • ignition (object): metadata about the configuration itself.
      • version (string): the semantic version number of the spec. The spec version must be compatible with the latest version (2.3.0). Compatibility requires the major versions to match and the spec version be less than or equal to the latest version. -experimental versions compare less than the final version with the same number, and previous experimental versions are not accepted.
      • config (objects): options related to the configuration.
        • append (list of objects): a list of the configs to be appended to the current config.
          • source (string): the URL of the config. Supported schemes are http, https, s3, tftp, and data . Note: When using http, it is advisable to use the verification option to ensure the contents haven’t been modified.
          • verification (object): options related to the verification of the config.
            • hash (string): the hash of the config, in the form <type>-<value> where type is sha512.
        • replace (object): the config that will replace the current.
          • source (string): the URL of the config. Supported schemes are http, https, s3, tftp, and data . Note: When using http, it is advisable to use the verification option to ensure the contents haven’t been modified.
          • verification (object): options related to the verification of the config.
            • hash (string): the hash of the config, in the form <type>-<value> where type is sha512.
      • timeouts (object): options relating to http timeouts when fetching files over http or https.
        • httpResponseHeaders (integer) the time to wait (in seconds) for the server’s response headers (but not the body) after making a request. 0 indicates no timeout. Default is 10 seconds.
        • httpTotal (integer) the time limit (in seconds) for the operation (connection, request, and response), including retries. 0 indicates no timeout. Default is 0.
      • security (object): options relating to network security.
        • tls (object): options relating to TLS when fetching resources over https.
          • certificateAuthorities (list of objects): the list of additional certificate authorities (in addition to the system authorities) to be used for TLS verification when fetching over https.
            • source (string): the URL of the certificate (in PEM format). Supported schemes are http, https, s3, tftp, and data . Note: When using http, it is advisable to use the verification option to ensure the contents haven’t been modified.
            • verification (object): options related to the verification of the certificate.
              • hash (string): the hash of the certificate, in the form <type>-<value> where type is sha512.
    • storage (object): describes the desired state of the system’s storage devices.
      • disks (list of objects): the list of disks to be configured and their options.
        • device (string): the absolute path to the device. Devices are typically referenced by the /dev/disk/by-* symlinks.
        • wipeTable (boolean): whether or not the partition tables shall be wiped. When true, the partition tables are erased before any further manipulation. Otherwise, the existing entries are left intact.
        • partitions (list of objects): the list of partitions and their configuration for this particular disk.
          • label (string): the PARTLABEL for the partition.
          • number (integer): the partition number, which dictates it’s position in the partition table (one-indexed). If zero, use the next available partition slot.
          • sizeMiB (integer): the size of the partition (in mebibytes). If zero, the partition will be made as large as possible.
          • startMiB (integer): the start of the partition (in mebibytes). If zero, the partition will be positioned at the start of the largest block available.
          • size (integer, DEPRECATED): the size of the partition (in device logical sectors, 512 or 4096 bytes). If zero, the partition will be made as large as possible. This object has been marked for deprecation, please use sizeMiB field instead.
          • start (integer, DEPRECATED): the start of the partition (in device logical sectors). If zero, the partition will be positioned at the start of the largest block available. This object has been marked for deprecation, please use startMiB field instead.
          • typeGuid (string): the GPT partition type GUID . If omitted, the default will be 0FC63DAF-8483-4772-8E79-3D69D8477DE4 (Linux filesystem data).
          • guid (string): the GPT unique partition GUID.
          • wipePartitionEntry (boolean) if true, Ignition will clobber an existing partition if it does not match the config. If false (default), Ignition will fail instead.
          • shouldExist (boolean) whether or not the partition with the specified number should exist. If omitted, it defaults to true. If false Ignition will either delete the specified partition or fail, depending on wipePartitionEntry. If false number must be specified and non-zero and label, start, size, guid, and typeGuid must all be omitted.
      • raid (list of objects): the list of RAID arrays to be configured.
        • name (string): the name to use for the resulting md device.
        • level (string): the redundancy level of the array (e.g. linear, raid1, raid5, etc.).
        • devices (list of strings): the list of devices (referenced by their absolute path) in the array.
        • spares (integer): the number of spares (if applicable) in the array.
        • options (list of strings): any additional options to be passed to mdadm.
      • filesystems (list of objects): the list of filesystems to be configured and/or used in the “files” section. Either “mount” or “path” needs to be specified.
        • name (string): the identifier for the filesystem, internal to Ignition. This is only required if the filesystem needs to be referenced in the “files” section.
        • mount (object): contains the set of mount and formatting options for the filesystem. A non-null entry indicates that the filesystem should be mounted before it is used by Ignition.
          • device (string): the absolute path to the device. Devices are typically referenced by the /dev/disk/by-* symlinks.
          • format (string): the filesystem format (ext4, btrfs, xfs, vfat, or swap).
          • wipeFilesystem (boolean): whether or not to wipe the device before filesystem creation, see the documentation on filesystems for more information.
          • label (string): the label of the filesystem.
          • uuid (string): the uuid of the filesystem.
          • options (list of strings): any additional options to be passed to the format-specific mkfs utility.
          • create (object, DEPRECATED): contains the set of options to be used when creating the filesystem.
            • force (boolean, DEPRECATED): whether or not the create operation shall overwrite an existing filesystem.
            • options (list of strings, DEPRECATED): any additional options to be passed to the format-specific mkfs utility.
        • path (string): the mount-point of the filesystem. A non-null entry indicates that the filesystem has already been mounted by the system at the specified path. This is really only useful for “/sysroot”.
      • files (list of objects): the list of files to be written.
        • filesystem (string): the internal identifier of the filesystem in which to write the file. This matches the last filesystem with the given identifier.
        • path (string): the absolute path to the file.
        • overwrite (boolean): whether to delete preexisting nodes at the path. Defaults to true.
        • append (boolean): whether to append to the specified file. Creates a new file if nothing exists at the path. Cannot be set if overwrite is set to true.
        • contents (object): options related to the contents of the file.
          • compression (string): the type of compression used on the contents (null or gzip). Compression cannot be used with S3.
          • source (string): the URL of the file contents. Supported schemes are http, https, tftp, s3, and data . When using http, it is advisable to use the verification option to ensure the contents haven’t been modified.
          • verification (object): options related to the verification of the file contents.
            • hash (string): the hash of the config, in the form <type>-<value> where type is sha512.
        • mode (integer): the file’s permission mode. Note that the mode must be properly specified as a decimal value (i.e. 0644 -> 420).
        • user (object): specifies the file’s owner.
          • id (integer): the user ID of the owner.
          • name (string): the user name of the owner.
        • group (object): specifies the group of the owner.
          • id (integer): the group ID of the owner.
          • name (string): the group name of the owner.
      • directories (list of objects): the list of directories to be created.
        • filesystem (string): the internal identifier of the filesystem in which to create the directory. This matches the last filesystem with the given identifier.
        • path (string): the absolute path to the directory.
        • overwrite (boolean): whether to delete preexisting nodes at the path.
        • mode (integer): the directory’s permission mode. Note that the mode must be properly specified as a decimal value (i.e. 0755 -> 493).
        • user (object): specifies the directory’s owner.
          • id (integer): the user ID of the owner.
          • name (string): the user name of the owner.
        • group (object): specifies the group of the owner.
          • id (integer): the group ID of the owner.
          • name (string): the group name of the owner.
      • links (list of objects): the list of links to be created
        • filesystem (string): the internal identifier of the filesystem in which to write the link. This matches the last filesystem with the given identifier.
        • path (string): the absolute path to the link
        • overwrite (boolean): whether to delete preexisting nodes at the path.
        • user (object): specifies the symbolic link’s owner.
          • id (integer): the user ID of the owner.
          • name (string): the user name of the owner.
        • group (object): specifies the group of the owner.
          • id (integer): the group ID of the owner.
          • name (string): the group name of the owner.
        • target (string): the target path of the link
        • hard (boolean): a symbolic link is created if this is false, a hard one if this is true.
    • systemd (object): describes the desired state of the systemd units.
      • units (list of objects): the list of systemd units.
        • name (string): the name of the unit. This must be suffixed with a valid unit type (e.g. “thing.service”).
        • enable (boolean, DEPRECATED): whether or not the service shall be enabled. When true, the service is enabled. In order for this to have any effect, the unit must have an install section.
        • enabled (boolean): whether or not the service shall be enabled. When true, the service is enabled. When false, the service is disabled. When omitted, the service is unmodified. In order for this to have any effect, the unit must have an install section.
        • mask (boolean): whether or not the service shall be masked. When true, the service is masked by symlinking it to /dev/null.
        • contents (string): the contents of the unit.
        • dropins (list of objects): the list of drop-ins for the unit.
          • name (string): the name of the drop-in. This must be suffixed with “.conf”.
          • contents (string): the contents of the drop-in.
    • networkd (object): describes the desired state of the networkd files.
      • units (list of objects): the list of networkd files.
        • name (string): the name of the file. This must be suffixed with a valid unit type (e.g. “00-eth0.network”).
        • contents (string): the contents of the networkd file.
        • dropins (list of objects): the list of drop-ins for the unit.
          • name (string): the name of the drop-in. This must be suffixed with “.conf”.
          • contents (string): the contents of the drop-in.
    • passwd (object): describes the desired additions to the passwd database.
      • users (list of objects): the list of accounts that shall exist.
        • name (string): the username for the account.
        • passwordHash (string): the encrypted password for the account.
        • sshAuthorizedKeys (list of strings): a list of SSH keys to be added to the user’s authorized_keys.
        • uid (integer): the user ID of the account.
        • gecos (string): the GECOS field of the account.
        • homeDir (string): the home directory of the account.
        • noCreateHome (boolean): whether or not to create the user’s home directory. This only has an effect if the account doesn’t exist yet.
        • primaryGroup (string): the name of the primary group of the account.
        • groups (list of strings): the list of supplementary groups of the account.
        • noUserGroup (boolean): whether or not to create a group with the same name as the user. This only has an effect if the account doesn’t exist yet.
        • noLogInit (boolean): whether or not to add the user to the lastlog and faillog databases. This only has an effect if the account doesn’t exist yet.
        • shell (string): the login shell of the new account.
        • system (bool): whether or not this account should be a system account. This only has an effect if the account doesn’t exist yet.
        • create (object, DEPRECATED): contains the set of options to be used when creating the user. A non-null entry indicates that the user account shall be created. This object has been marked for deprecation, please use the users level fields instead.
          • uid (integer): the user ID of the new account.
          • gecos (string): the GECOS field of the new account.
          • homeDir (string): the home directory of the new account.
          • noCreateHome (boolean): whether or not to create the user’s home directory.
          • primaryGroup (string): the name or ID of the primary group of the new account.
          • groups (list of strings): the list of supplementary groups of the new account.
          • noUserGroup (boolean): whether or not to create a group with the same name as the user.
          • noLogInit (boolean): whether or not to add the user to the lastlog and faillog databases.
          • shell (string): the login shell of the new account.
          • system (bool): whether or not to make the user a system user.
      • groups (list of objects): the list of groups to be added.
        • name (string): the name of the group.
        • gid (integer): the group ID of the new group.
        • passwordHash (string): the encrypted password of the new group.
        • system (bool): whether or not the group should be a system group. This only has an effect if the group doesn’t exist yet.