You've already forked script-collection
55 lines
1.4 KiB
YAML
55 lines
1.4 KiB
YAML
|
#cloud-config
|
||
|
|
users:
|
||
|
|
- name: your-user
|
||
|
|
lock_passwd: false
|
||
|
|
passwd:
|
||
|
|
groups: wheel
|
||
|
|
ssh_authorized_keys:
|
||
|
|
-
|
||
|
|
shell: /bin/bash
|
||
|
|
sudo: ['ALL=(ALL) NOPASSWD: ALL']
|
||
|
|
write_files:
|
||
|
|
- path: /etc/ssh/sshd_config
|
||
|
|
content: |
|
||
|
|
Protocol 2
|
||
|
|
HostKey /etc/ssh/ssh_host_rsa_key
|
||
|
|
HostKey /etc/ssh/ssh_host_dsa_key
|
||
|
|
HostKey /etc/ssh/ssh_host_ecdsa_key
|
||
|
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
||
|
|
SyslogFacility AUTH
|
||
|
|
LogLevel INFO
|
||
|
|
LoginGraceTime 60
|
||
|
|
PasswordAuthentication no
|
||
|
|
PermitRootLogin no
|
||
|
|
StrictModes yes
|
||
|
|
PubkeyAuthentication yes
|
||
|
|
IgnoreRhosts yes
|
||
|
|
HostbasedAuthentication no
|
||
|
|
PermitEmptyPasswords no
|
||
|
|
ChallengeResponseAuthentication no
|
||
|
|
PrintLastLog yes
|
||
|
|
TCPKeepAlive yes
|
||
|
|
AcceptEnv LANG LC_*
|
||
|
|
UsePAM yes
|
||
|
|
- path: /etc/sysctl.d/01-k3s.conf
|
||
|
|
content: |
|
||
|
|
net.ipv4.ip_forward = 1
|
||
|
|
net.bridge.bridge-nf-call-iptables = 1
|
||
|
|
vm.swappiness = 0
|
||
|
|
vm.overcommit_memory = 1
|
||
|
|
|
||
|
|
timezone: Etc/UTC
|
||
|
|
packages:
|
||
|
|
- curl
|
||
|
|
- vim
|
||
|
|
- bind-utils
|
||
|
|
- nfs-utils
|
||
|
|
runcmd:
|
||
|
|
- echo "overlay" > /etc/modules-load.d/k3s.conf
|
||
|
|
- echo "br_netfilter" >> /etc/modules-load.d/k3s.conf
|
||
|
|
- modprobe overlay
|
||
|
|
- modprobe br_netfilter
|
||
|
|
- sed -i 's/=enforcing/=permissive/' /etc/selinux/config
|
||
|
|
- dnf upgrade -y
|
||
|
|
- reboot
|