initial commit

bash/kvm-deploy/user-data/alma-node.yml

@@ -0,0 +1,44 @@
+#cloud-config
+users:
+  - name: your-user
+    lock_passwd: false
+    passwd: 
+    groups: wheel
+    ssh_authorized_keys:
+      -
+    shell: /bin/bash
+    sudo: ['ALL=(ALL) NOPASSWD: ALL']
+write_files:
+  - path: /etc/ssh/sshd_config
+    content: |
+         Protocol 2
+         HostKey /etc/ssh/ssh_host_rsa_key
+         HostKey /etc/ssh/ssh_host_dsa_key
+         HostKey /etc/ssh/ssh_host_ecdsa_key
+         HostKey /etc/ssh/ssh_host_ed25519_key         
+         SyslogFacility AUTH
+         LogLevel INFO
+         LoginGraceTime 120
+         PasswordAuthentication no
+         PermitRootLogin no
+         StrictModes yes
+         PubkeyAuthentication yes
+         IgnoreRhosts yes
+         HostbasedAuthentication no
+         PermitEmptyPasswords no
+         ChallengeResponseAuthentication no
+         PrintLastLog yes
+         TCPKeepAlive yes
+         AcceptEnv LANG LC_*         
+         UsePAM yes
+prefer_fqdn_over_hostname: true
+package_update: true
+package_upgrade: true
+packages:
+  - plocate
+  - unzip
+  - tar
+  - policycoreutils-python-utils
+  - rsync
+  - nfs-utils
+  - vim

bash/kvm-deploy/user-data/docker-leader.yml

@@ -0,0 +1,53 @@
+#cloud-config
+users:
+  - name: your-user
+    lock_passwd: false
+    passwd: 
+    ssh_authorized_keys:
+      - 
+    shell: /bin/bash
+    groups: wheel
+    sudo: ['ALL=(ALL) NOPASSWD: ALL']
+write_files:
+  - path: /etc/ssh/sshd_config
+    content: |
+         Protocol 2
+         HostKey /etc/ssh/ssh_host_rsa_key
+         HostKey /etc/ssh/ssh_host_dsa_key
+         HostKey /etc/ssh/ssh_host_ecdsa_key
+         HostKey /etc/ssh/ssh_host_ed25519_key         
+         SyslogFacility AUTH
+         LogLevel INFO
+         LoginGraceTime 120
+         PasswordAuthentication no
+         PermitRootLogin no
+         StrictModes yes
+         PubkeyAuthentication yes
+         IgnoreRhosts yes
+         HostbasedAuthentication no
+         PermitEmptyPasswords no
+         ChallengeResponseAuthentication no
+         PrintLastLog yes
+         TCPKeepAlive yes
+         AcceptEnv LANG LC_*
+         Subsystem sftp /usr/lib/openssh/sftp-server
+         UsePAM yes
+packages:
+  - firewalld
+  - vim
+  - nfs-utils
+  - bind-utils
+  - qemu-guest-agent
+runcmd:
+  - firewall-cmd --permanent --add-port 2376/tcp
+  - firewall-cmd --permanent --add-port 2377/tcp
+  - firewall-cmd --permanent --add-port 7946/tcp
+  - firewall-cmd --permanent --add-port 4789/udp
+  - firewall-cmd --permanent --add-port 7946/udp
+  - firewall-cmd --permanent --remove-service cockpit
+  - firewall-cmd --reload
+  - dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+  - dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+  - systemctl enable --now docker
+  - gpasswd -a your-user docker
+  - dnf upgrade -y && reboot

bash/kvm-deploy/user-data/docker-worker.yml

@@ -0,0 +1,52 @@
+#cloud-config
+users:
+  - name: your-user
+    lock_passwd: false
+    passwd: 
+    ssh_authorized_keys:
+      - 
+    shell: /bin/bash
+    groups: wheel
+    sudo: ['ALL=(ALL) NOPASSWD: ALL']
+write_files:
+  - path: /etc/ssh/sshd_config
+    content: |
+         Protocol 2
+         HostKey /etc/ssh/ssh_host_rsa_key
+         HostKey /etc/ssh/ssh_host_dsa_key
+         HostKey /etc/ssh/ssh_host_ecdsa_key
+         HostKey /etc/ssh/ssh_host_ed25519_key         
+         SyslogFacility AUTH
+         LogLevel INFO
+         LoginGraceTime 120
+         PasswordAuthentication no
+         PermitRootLogin no
+         StrictModes yes
+         PubkeyAuthentication yes
+         IgnoreRhosts yes
+         HostbasedAuthentication no
+         PermitEmptyPasswords no
+         ChallengeResponseAuthentication no
+         PrintLastLog yes
+         TCPKeepAlive yes
+         AcceptEnv LANG LC_*
+         Subsystem sftp /usr/lib/openssh/sftp-server
+         UsePAM yes
+packages:
+  - firewalld
+  - vim
+  - nfs-utils
+  - bind-utils
+  - qemu-guest-agent
+runcmd:
+  - firewall-cmd --permanent --add-port 2377/tcp
+  - firewall-cmd --permanent --add-port 7946/tcp
+  - firewall-cmd --permanent --add-port 4789/udp
+  - firewall-cmd --permanent --add-port 7946/udp
+  - firewall-cmd --permanent --remove-service cockpit
+  - firewall-cmd --reload
+  - dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+  - dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+  - systemctl enable --now docker
+  - gpasswd -a your-user docker
+  - dnf upgrade -y && reboot

bash/kvm-deploy/user-data/k3s-install.yml

@@ -0,0 +1,54 @@
+#cloud-config
+users:
+  - name: your-user
+    lock_passwd: false
+    passwd: 
+    groups: wheel
+    ssh_authorized_keys:
+      - 
+    shell: /bin/bash
+    sudo: ['ALL=(ALL) NOPASSWD: ALL']
+write_files:
+  - path: /etc/ssh/sshd_config
+    content: |
+         Protocol 2
+         HostKey /etc/ssh/ssh_host_rsa_key
+         HostKey /etc/ssh/ssh_host_dsa_key
+         HostKey /etc/ssh/ssh_host_ecdsa_key
+         HostKey /etc/ssh/ssh_host_ed25519_key         
+         SyslogFacility AUTH
+         LogLevel INFO
+         LoginGraceTime 60
+         PasswordAuthentication no
+         PermitRootLogin no
+         StrictModes yes
+         PubkeyAuthentication yes
+         IgnoreRhosts yes
+         HostbasedAuthentication no
+         PermitEmptyPasswords no
+         ChallengeResponseAuthentication no
+         PrintLastLog yes
+         TCPKeepAlive yes
+         AcceptEnv LANG LC_*         
+         UsePAM yes
+  - path: /etc/sysctl.d/01-k3s.conf
+    content: |
+         net.ipv4.ip_forward = 1
+         net.bridge.bridge-nf-call-iptables = 1
+         vm.swappiness = 0
+         vm.overcommit_memory = 1
+
+timezone: Etc/UTC
+packages:
+  - curl
+  - vim
+  - bind-utils
+  - nfs-utils
+runcmd:
+  - echo "overlay" > /etc/modules-load.d/k3s.conf
+  - echo "br_netfilter" >> /etc/modules-load.d/k3s.conf
+  - modprobe overlay
+  - modprobe br_netfilter
+  - sed -i 's/=enforcing/=permissive/' /etc/selinux/config
+  - dnf upgrade -y
+  - reboot

bash/kvm-deploy/user-data/postgres.yml

@@ -0,0 +1,48 @@
+#cloud-config
+users:
+  - name: your-user
+    lock_passwd: false
+    passwd: 
+    ssh_authorized_keys:
+      - 
+    shell: /bin/bash
+    groups: wheel
+    sudo: ['ALL=(ALL) NOPASSWD: ALL']
+write_files:
+  - path: /etc/ssh/sshd_config
+    content: |
+         Protocol 2
+         HostKey /etc/ssh/ssh_host_rsa_key
+         HostKey /etc/ssh/ssh_host_dsa_key
+         HostKey /etc/ssh/ssh_host_ecdsa_key
+         HostKey /etc/ssh/ssh_host_ed25519_key         
+         SyslogFacility AUTH
+         LogLevel INFO
+         LoginGraceTime 120
+         PasswordAuthentication no
+         PermitRootLogin no
+         StrictModes yes
+         PubkeyAuthentication yes
+         IgnoreRhosts yes
+         HostbasedAuthentication no
+         PermitEmptyPasswords no
+         ChallengeResponseAuthentication no
+         PrintLastLog yes
+         TCPKeepAlive yes
+         AcceptEnv LANG LC_*         
+         UsePAM yes
+prefer_fqdn_over_hostname: true
+packages:
+  - firewalld
+  - vim
+  - plocate
+  - unzip
+  - tar
+  - policycoreutils-python-utils
+  - rsync
+  - nfs-utils
+  - bind-utils
+runcmd:
+  - dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-10-x86_64/pgdg-redhat-repo-latest.noarch.rpm
+  - dnf -qy module disable postgresql
+  - dnf install -y postgresql17-server