initial commit

2026-02-27 04:59:56 +00:00
commit 12b9002638
6 changed files with 682 additions and 0 deletions
--- a/bash/kvm-deploy/kvm-cloud-init.sh
+++ b/bash/kvm-deploy/kvm-cloud-init.sh
@@ -0,0 +1,431 @@
+#!/bin/bash
+#set -vx
+
+hosts=("1.1.1.1" "2.2.2.2" "3.3.3.3")
+
+get_host_info() {
+echo "Refreshing host info..."
+for h in "${hosts[@]}"; do
+ virsh -c qemu+ssh://root@${h}/system pool-refresh --pool kvm_guests > /dev/null
+ virsh -c qemu+ssh://root@${h}/system pool-refresh --pool nvme_guests > /dev/null
+ virsh -c qemu+ssh://root@${h}/system pool-refresh --pool ISO > /dev/null
+ echo "+++++++++++++++++"
+ echo -e "Host ${h}\n"
+ echo "+++++++++++++++++"
+ virsh -c qemu+ssh://root@${h}/system list --all
+done
+echo "+++++++++++++++++"
+echo "Disk Volumes"
+echo "+++++++++++++++++"
+virsh -c qemu+ssh://root@${hosts[0]}/system vol-list --pool kvm_guests --details
+echo "+++++++++++++++++"
+echo "nVME Volumes"
+echo "+++++++++++++++++"
+virsh -c qemu+ssh://root@${hosts[0]}/system vol-list --pool nvme_guests --details
+echo "+++++++++++++++++"
+echo "ISO Volumes"
+echo "+++++++++++++++++"
+virsh -c qemu+ssh://root@${hosts[0]}/system vol-list --pool ISO --details
+$0
+}
+
+mass_startup(){
+read -p "Which host?" KVM_HOST
+guests=($(virsh -c qemu+ssh://root@${h}/system list --inactive | '/shut off/{print $2}'))
+
+for g in "${guests[@]}"
+do
+ virsh -c qemu+ssh://root@${h}/system start ${g}
+done
+}
+
+migrate_domain(){
+echo "Migration Types
+    1). Single Domain
+    2). Offline Domain
+    3). Mass Domain Migration
+    "
+read -p "Select Migration Type: " MIG
+if [ $MIG == 1 ]; then
+ read -p "Select source host. " SRC_URI
+ virsh -c qemu+ssh://root@${SRC_URI}/system list | '/running/{print $2}'
+ read -p "Select destination host. " DEST_URI
+ read -p "Select domain. " DOM
+ virsh -c qemu+ssh://root@${SRC_URI}/system migrate \
+ --domain $DOM \
+ --live \
+ --p2p \
+ --tunnelled \
+ --desturi qemu+ssh://root@${DEST_URI}/system \
+ --persistent \
+ --undefinesource \
+ --verbose
+ rerun
+elif [ $MIG == 2 ]; then
+ read -p "Select source host. " SRC_URI
+ read -p "Select destination host. " DEST_URI
+ domain=($(virsh -c qemu+ssh://root@${SRC_URI}/system list --inactive | '/shut off/{print $2}'))
+ for dom in "${domain[@]}"; do
+  read -p "Select destination host. " DEST_URI
+  virsh -c qemu+ssh://root@${SRC_URI}/system migrate \
+  --domain $DOM \
+  --live \
+  --p2p \
+  --tunnelled \
+  --desturi qemu+ssh://root@${DEST_URI}/system \
+  --persistent \
+  --undefinesource \
+  --verbose
+  rerun
+ done
+elif [ $MIG == 3]; then
+ read -p "Select source host. " SRC_URI
+ read -p "Select destination host. " DEST_URI
+ domain=($(virsh -c qemu+ssh://root@${SRC_URI}/system list | '/running/{print $2}'))
+ for dom in "${domain[@]}"; do
+  read -p "Select destination host. " DEST_URI
+  virsh -c qemu+ssh://root@${SRC_URI}/system migrate \
+  --domain $DOM \
+  --live \
+  --p2p \
+  --tunnelled \
+  --desturi qemu+ssh://root@${DEST_URI}/system \
+  --persistent \
+  --undefinesource \
+  --verbose
+ done
+else
+ echo "Invalid type..."
+ $0
+fi
+$0
+}
+
+backup_guest () {
+read -p "Enter the desired host: " KVM_HOST
+# declare/initialize global array
+guests=($(virsh -c qemu+ssh://root@${KVM_HOST}/system list | awk '/running/{print $2}'))
+
+# global variables
+SNAP_DEST=/mnt/snap/
+CPY_DEST=/mnt/backup/
+
+for n in "${guests[@]}"
+do
+   # initialize block storage array list and sets array variable
+   blks=($(virsh -c qemu+ssh://root@${KVM_HOST}/system domblklist --domain ${n} | awk '/vda/{print $2}'))
+   BLK_CALL=$(echo ${blks[0]})
+   # create external snapshot
+   virsh -c qemu+ssh://root@${KVM_HOST}/system snapshot-create-as --domain ${n} --name ${n} --diskspec vda,file=${SNAP_DEST}${n}.qcow2 \
+   --disk-only --atomic --no-metadata --quiesce | logger -t guest_snap
+   # syncs with backup destination
+   rsync -azq ${BLK_CALL} ${CPY_DEST}${n} | logger -t guest_sync
+   # active blockcommit
+   virsh -c qemu+ssh://root@${KVM_HOST}/system blockcommit --domain ${n} vda --active --pivot --verbose | logger -t guest_pivot
+   rm -rf ${SNAP_DEST}${n}.qcow2
+done
+$0
+}
+
+test_node(){
+read -p "Enter the desired host: " KVM_HOST
+read -p "Enter the name of guest: " GUEST
+read -p "Enter OS 1). AlmaLinux 10 2). Debian 13 " OS_CHO
+if [ $OS_CHO == 1 ]; then
+ virsh -c qemu+ssh://root@${KVM_HOST}/system vol-create-as --pool kvm_guests --name ${GUEST} --format qcow2 --capacity 500G --backing-vol /mnt/iso/AlmaLinux-10-GenericCloud-latest.x86_64_v2.qcow2 --backing-vol-format qcow2
+ echo "local-hostname: ${GUEST}" > ./meta-data
+ virt-install \
+     --connect qemu+ssh://root@${KVM_HOST}/system \
+     --name $GUEST \
+     --vcpus 2 \
+     --memory 2048 \
+     --os-variant almalinux9 \
+     --boot uefi \
+     --network bridge=_servers \
+     --disk /mnt/kvm_guests/$GUEST \
+     --cloud-init user-data=./user-data/cloud-init-configs/alma-node.yml,meta-data=./meta-data \
+     --import \
+     --autostart \
+     --noautoconsole
+elif [ $OS_CHO == 2 ]; then
+ virsh -c qemu+ssh://root@${KVM_HOST}/system vol-create-as --pool kvm_guests --name ${GUEST} --format qcow2 --capacity 500G --backing-vol /mnt/iso/debian-13-genericcloud-amd64-20250806-2196.qcow2 --backing-vol-format qcow2
+ echo "local-hostname: ${GUEST}" > ./meta-data
+ virt-install \
+     --connect qemu+ssh://root@${KVM_HOST}/system \
+     --name $GUEST \
+     --vcpus 2 \
+     --memory 2048 \
+     --os-variant debian13 \
+     --boot uefi \
+     --network bridge=_servers \
+     --disk /mnt/kvm_guests/$GUEST \
+     --cloud-init user-data=./user-data/debian-node.yml,meta-data=./meta-data \
+     --import \
+     --autostart \
+     --noautoconsole
+
+fi
+$0
+}
+
+pg_node(){
+read -p "Enter the desired host: " KVM_HOST
+read -p "Enter the name of guest: " GUEST
+virsh -c qemu+ssh://root@${KVM_HOST}/system vol-create-as --pool kvm_guests --name ${GUEST} --format qcow2 --capacity 500G --backing-vol /mnt/iso/AlmaLinux-10-GenericCloud-latest.x86_64_v2.qcow2 --backing-vol-format qcow2
+echo "local-hostname: ${GUEST}" > ./meta-data
+virt-install \
+    --connect qemu+ssh://root@${KVM_HOST}/system \
+    --name $GUEST \
+    --vcpus 4 \
+    --memory 4096 \
+    --os-variant almalinux9 \
+    --boot uefi \
+    --network bridge=_servers \
+    --disk /mnt/kvm_guests/$GUEST \
+    --cloud-init user-data=./user-data/postgres.yml,meta-data=./meta-data \
+    --import \
+    --autostart \
+    --noautoconsole
+$0
+}
+
+zed_lake_node(){
+read -p "Enter the desired host: " KVM_HOST
+read -p "Enter the name of guest: " GUEST
+virsh -c qemu+ssh://root@${KVM_HOST}/system vol-create-as --pool kvm_guests --name ${GUEST} --format qcow2 --capacity 500G --backing-vol /mnt/iso/AlmaLinux-10-GenericCloud-latest.x86_64_v2.qcow2 --backing-vol-format qcow2
+echo "local-hostname: ${GUEST}" > ./meta-data
+virt-install \
+    --connect qemu+ssh://root@${KVM_HOST}/system \
+    --name $GUEST \
+    --vcpus 4 \
+    --memory 4096 \
+    --os-variant almalinux9 \
+    --boot uefi \
+    --network bridge=_servers \
+    --disk /mnt/kvm_guests/$GUEST \
+    --cloud-init user-data=./user-data/zed-lake.yml,meta-data=./meta-data \
+    --import \
+    --autostart \
+    --noautoconsole
+$0
+}
+
+int_docker_node(){
+read -p "Enter the desired host: " KVM_HOST
+read -p "Enter the name of guest: " GUEST
+read -p "1). Leader or 2). Worker: " NODE_TYPE
+if [ $NODE_TYPE == 1 ]; then
+ virsh -c qemu+ssh://root@${KVM_HOST}/system vol-create-as --pool nvme_guests --name ${GUEST} --format qcow2 --capacity 100G --backing-vol /mnt/iso/AlmaLinux-10-GenericCloud-latest.x86_64_v2.qcow2 --backing-vol-format qcow2
+ echo "local-hostname: ${GUEST}" > ./meta-data
+ virt-install \
+     --connect qemu+ssh://root@${KVM_HOST}/system \
+     --name $GUEST \
+     --vcpus 4 \
+     --memory 4096 \
+     --os-variant almalinux9 \
+     --boot uefi \
+     --network bridge=_servers \
+     --disk /mnt/nvme_guests/$GUEST \
+     --cloud-init user-data=./user-data/docker-leader.yml,meta-data=./meta-data \
+     --import \
+     --autostart \
+     --noautoconsole
+elif [ $NODE_TYPE == 2 ]; then
+ virsh -c qemu+ssh://root@${KVM_HOST}/system vol-create-as --pool nvme_guests --name ${GUEST} --format qcow2 --capacity 100G --backing-vol /mnt/iso/AlmaLinux-10-GenericCloud-latest.x86_64_v2.qcow2 --backing-vol-format qcow2
+ echo "local-hostname: ${GUEST}" > ./meta-data
+ virt-install \
+     --connect qemu+ssh://root@${KVM_HOST}/system \
+     --name $GUEST \
+     --vcpus 8 \
+     --memory 8192 \
+     --os-variant almalinux9 \
+     --boot uefi \
+     --network bridge=_servers \
+     --disk /mnt/nvme_guests/$GUEST \
+     --cloud-init user-data=./user-data/docker-worker.yml,meta-data=./meta-data \
+     --import \
+     --autostart \
+     --noautoconsole
+else
+ echo "Invalid type..."; $0
+fi
+$0
+}
+
+host_docker_node(){
+read -p "Enter the desired host: " KVM_HOST
+read -p "Enter the name of guest: " GUEST
+read -p "1). Leader or 2). Worker: " NODE_TYPE
+if [ $NODE_TYPE == 1 ]; then
+ virsh -c qemu+ssh://root@${KVM_HOST}/system vol-create-as --pool nvme_guests --name ${GUEST} --format qcow2 --capacity 100G --backing-vol /mnt/iso/AlmaLinux-10-GenericCloud-latest.x86_64_v2.qcow2 --backing-vol-format qcow2
+ echo "local-hostname: ${GUEST}" > ./meta-data
+ virt-install \
+     --connect qemu+ssh://root@${KVM_HOST}/system \
+     --name $GUEST \
+     --vcpus 4 \
+     --memory 4096 \
+     --os-variant almalinux9 \
+     --boot uefi \
+     --network bridge=_hosting \
+     --disk /mnt/nvme_guests/$GUEST \
+     --cloud-init user-data=./user-data//docker-leader.yml,meta-data=./meta-data \
+     --import \
+     --autostart \
+     --noautoconsole
+elif [ $NODE_TYPE == 2 ]; then
+ virsh -c qemu+ssh://root@${KVM_HOST}/system vol-create-as --pool nvme_guests --name ${GUEST} --format qcow2 --capacity 100G --backing-vol /mnt/iso/AlmaLinux-10-GenericCloud-latest.x86_64_v2.qcow2 --backing-vol-format qcow2
+ echo "local-hostname: ${GUEST}" > ./meta-data
+ virt-install \
+     --connect qemu+ssh://root@${KVM_HOST}/system \
+     --name $GUEST \
+     --vcpus 8 \
+     --memory 8192 \
+     --os-variant almalinux9 \
+     --boot uefi \
+     --network bridge=_hosting \
+     --disk /mnt/nvme_guests/$GUEST \
+     --cloud-init user-data=./user-data/docker-worker.yml,meta-data=./meta-data \
+     --import \
+     --autostart \
+     --noautoconsole
+else
+ echo "Invalid type..."; $0
+fi
+$0
+}
+
+elastic_node(){
+read -p "Enter the desired host: " KVM_HOST
+read -p "Enter the name of guest: " GUEST
+read -p "Elastic Node or Fleet Server (1=Node or 2=Fleet): " E_TYPE
+echo "local-hostname: ${GUEST}" > ./meta-data
+if [ $E_TYPE == 1 ]; then
+ virsh -c qemu+ssh://root@${KVM_HOST}/system vol-create-as --pool kvm_guests --name ${GUEST} --format qcow2 --capacity ${VOL_SIZE}G --backing-vol /mnt/iso/AlmaLinux-10-GenericCloud-latest.x86_64_v2.qcow2 --backing-vol-format qcow2
+ virt-install \
+     --connect qemu+ssh://root@${KVM_HOST}/system \
+     --name $GUEST \
+     --vcpus 4 \
+     --memory 8192 \
+     --os-variant almalinux9 \
+     --boot uefi \
+     --network bridge=_elastic \
+     --disk /mnt/kvm_guests/$GUEST \
+     --cloud-init user-data=./user-data//elastic-stack.yaml,meta-data=./meta-data \
+     --import \
+     --autostart \
+     --noautoconsole
+elif [ $E_TYPE == 2 ]; then
+ virsh -c qemu+ssh://root@${KVM_HOST}/system vol-create-as --pool kvm_guests --name ${GUEST} --format qcow2 --capacity 100G --backing-vol /mnt/iso/AlmaLinux-10-GenericCloud-latest.x86_64_v2.qcow2 --backing-vol-format qcow2
+ virt-install \
+     --connect qemu+ssh://root@${KVM_HOST}/system \
+     --name $GUEST \
+     --vcpus 2 \
+     --memory 2048 \
+     --os-variant almalinux9 \
+     --boot uefi \
+     --network bridge=_elastic \
+     --disk /mnt/kvm_guests/$GUEST \
+     --cloud-init user-data=./user-data//elastic-fleet.yml,meta-data=./meta-data \
+     --import \
+     --autostart \
+     --noautoconsole
+else
+ echo "Invalid option..."; $0
+fi
+$0
+}
+
+kube_node(){
+read -p "Enter the desired host: " KVM_HOST
+read -p "Enter the name of guest: " GUEST
+read -p "Dev or Prod (1=Prod or 2=Dev): " KUBE_E
+echo "local-hostname: ${GUEST}" > ./meta-data
+if [ ${KUBE_E} == 1 ]; then
+ virsh -c qemu+ssh://root@${KVM_HOST}/system vol-create-as --pool nvme_guests --name ${GUEST} --format qcow2 --capacity 100G --backing-vol /mnt/iso/AlmaLinux-10-GenericCloud-latest.x86_64_v2.qcow2 --backing-vol-format qcow2
+ virt-install \
+     --connect qemu+ssh://root@${KVM_HOST}/system \
+     --name $GUEST \
+     --vcpus 2 \
+     --memory 4096 \
+     --os-variant almalinux9 \
+     --boot uefi \
+     --network bridge=_hosting \
+     --disk /mnt/nvme_guests/$GUEST \
+     --cloud-init user-data=./user-data//k3s-install.yml,meta-data=./meta-data \
+     --import \
+     --autostart \
+     --noautoconsole
+elif [ ${KUBE_E} == 2 ]; then
+ virsh -c qemu+ssh://root@${KVM_HOST}/system vol-create-as --pool nvme_guests --name ${GUEST} --format qcow2 --capacity 100G --backing-vol /mnt/iso/AlmaLinux-10-GenericCloud-latest.x86_64_v2.qcow2 --backing-vol-format qcow2
+ virt-install \
+     --connect qemu+ssh://root@${KVM_HOST}/system \
+     --name $GUEST \
+     --vcpus 4 \
+     --memory 4096 \
+     --os-variant almalinux9 \
+     --boot uefi \
+     --network bridge=_servers \
+     --disk /mnt/nvme_guests/$GUEST \
+     --cloud-init user-data=./user-data//k3s-install.yml,meta-data=./meta-data \
+     --import \
+     --autostart \
+     --noautoconsole
+else
+ echo "Invalid option..."; $0
+fi
+$0
+}
+
+echo "Available options:
+1). Create Basic Node
+2). Create Internal Docker Node
+3). Create Hosting Docker Node
+4). Create Elastic Node
+5). Create k3s node
+6). Create kubeadm node
+7). Postgresql node
+8). Zed Lake node
+a). Get info on a host
+b). Domain migration
+00). Exit
+"
+read -p "Select an option: " OPT
+
+case "$OPT" in
+
+    1) test_node
+        ;;
+
+    2) int_docker_node
+        ;;
+
+    3) host_docker_node
+        ;;
+
+    4) elastic_node
+        ;;
+
+    5) kube_node
+        ;;
+
+    6) kubeadm_node
+        ;;
+
+    7) pg_node
+        ;;
+
+    8) zed_lake_node
+        ;;
+
+    a|A) get_host_info
+        ;;
+
+    b|B) migrate_domain
+        ;;
+
+    00|0) echo "Exiting..."; exit 0
+        ;;
+
+    *) echo "Invalid option."; sleep 1; $0
+        ;;
+esac
--- a/bash/kvm-deploy/user-data/alma-node.yml
+++ b/bash/kvm-deploy/user-data/alma-node.yml
@@ -0,0 +1,44 @@
+#cloud-config
+users:
+  - name: your-user
+    lock_passwd: false
+    passwd: 
+    groups: wheel
+    ssh_authorized_keys:
+      -
+    shell: /bin/bash
+    sudo: ['ALL=(ALL) NOPASSWD: ALL']
+write_files:
+  - path: /etc/ssh/sshd_config
+    content: |
+         Protocol 2
+         HostKey /etc/ssh/ssh_host_rsa_key
+         HostKey /etc/ssh/ssh_host_dsa_key
+         HostKey /etc/ssh/ssh_host_ecdsa_key
+         HostKey /etc/ssh/ssh_host_ed25519_key         
+         SyslogFacility AUTH
+         LogLevel INFO
+         LoginGraceTime 120
+         PasswordAuthentication no
+         PermitRootLogin no
+         StrictModes yes
+         PubkeyAuthentication yes
+         IgnoreRhosts yes
+         HostbasedAuthentication no
+         PermitEmptyPasswords no
+         ChallengeResponseAuthentication no
+         PrintLastLog yes
+         TCPKeepAlive yes
+         AcceptEnv LANG LC_*         
+         UsePAM yes
+prefer_fqdn_over_hostname: true
+package_update: true
+package_upgrade: true
+packages:
+  - plocate
+  - unzip
+  - tar
+  - policycoreutils-python-utils
+  - rsync
+  - nfs-utils
+  - vim
--- a/bash/kvm-deploy/user-data/docker-leader.yml
+++ b/bash/kvm-deploy/user-data/docker-leader.yml
@@ -0,0 +1,53 @@
+#cloud-config
+users:
+  - name: your-user
+    lock_passwd: false
+    passwd: 
+    ssh_authorized_keys:
+      - 
+    shell: /bin/bash
+    groups: wheel
+    sudo: ['ALL=(ALL) NOPASSWD: ALL']
+write_files:
+  - path: /etc/ssh/sshd_config
+    content: |
+         Protocol 2
+         HostKey /etc/ssh/ssh_host_rsa_key
+         HostKey /etc/ssh/ssh_host_dsa_key
+         HostKey /etc/ssh/ssh_host_ecdsa_key
+         HostKey /etc/ssh/ssh_host_ed25519_key         
+         SyslogFacility AUTH
+         LogLevel INFO
+         LoginGraceTime 120
+         PasswordAuthentication no
+         PermitRootLogin no
+         StrictModes yes
+         PubkeyAuthentication yes
+         IgnoreRhosts yes
+         HostbasedAuthentication no
+         PermitEmptyPasswords no
+         ChallengeResponseAuthentication no
+         PrintLastLog yes
+         TCPKeepAlive yes
+         AcceptEnv LANG LC_*
+         Subsystem sftp /usr/lib/openssh/sftp-server
+         UsePAM yes
+packages:
+  - firewalld
+  - vim
+  - nfs-utils
+  - bind-utils
+  - qemu-guest-agent
+runcmd:
+  - firewall-cmd --permanent --add-port 2376/tcp
+  - firewall-cmd --permanent --add-port 2377/tcp
+  - firewall-cmd --permanent --add-port 7946/tcp
+  - firewall-cmd --permanent --add-port 4789/udp
+  - firewall-cmd --permanent --add-port 7946/udp
+  - firewall-cmd --permanent --remove-service cockpit
+  - firewall-cmd --reload
+  - dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+  - dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+  - systemctl enable --now docker
+  - gpasswd -a your-user docker
+  - dnf upgrade -y && reboot
--- a/bash/kvm-deploy/user-data/docker-worker.yml
+++ b/bash/kvm-deploy/user-data/docker-worker.yml
@@ -0,0 +1,52 @@
+#cloud-config
+users:
+  - name: your-user
+    lock_passwd: false
+    passwd: 
+    ssh_authorized_keys:
+      - 
+    shell: /bin/bash
+    groups: wheel
+    sudo: ['ALL=(ALL) NOPASSWD: ALL']
+write_files:
+  - path: /etc/ssh/sshd_config
+    content: |
+         Protocol 2
+         HostKey /etc/ssh/ssh_host_rsa_key
+         HostKey /etc/ssh/ssh_host_dsa_key
+         HostKey /etc/ssh/ssh_host_ecdsa_key
+         HostKey /etc/ssh/ssh_host_ed25519_key         
+         SyslogFacility AUTH
+         LogLevel INFO
+         LoginGraceTime 120
+         PasswordAuthentication no
+         PermitRootLogin no
+         StrictModes yes
+         PubkeyAuthentication yes
+         IgnoreRhosts yes
+         HostbasedAuthentication no
+         PermitEmptyPasswords no
+         ChallengeResponseAuthentication no
+         PrintLastLog yes
+         TCPKeepAlive yes
+         AcceptEnv LANG LC_*
+         Subsystem sftp /usr/lib/openssh/sftp-server
+         UsePAM yes
+packages:
+  - firewalld
+  - vim
+  - nfs-utils
+  - bind-utils
+  - qemu-guest-agent
+runcmd:
+  - firewall-cmd --permanent --add-port 2377/tcp
+  - firewall-cmd --permanent --add-port 7946/tcp
+  - firewall-cmd --permanent --add-port 4789/udp
+  - firewall-cmd --permanent --add-port 7946/udp
+  - firewall-cmd --permanent --remove-service cockpit
+  - firewall-cmd --reload
+  - dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+  - dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+  - systemctl enable --now docker
+  - gpasswd -a your-user docker
+  - dnf upgrade -y && reboot
--- a/bash/kvm-deploy/user-data/k3s-install.yml
+++ b/bash/kvm-deploy/user-data/k3s-install.yml
@@ -0,0 +1,54 @@
+#cloud-config
+users:
+  - name: your-user
+    lock_passwd: false
+    passwd: 
+    groups: wheel
+    ssh_authorized_keys:
+      - 
+    shell: /bin/bash
+    sudo: ['ALL=(ALL) NOPASSWD: ALL']
+write_files:
+  - path: /etc/ssh/sshd_config
+    content: |
+         Protocol 2
+         HostKey /etc/ssh/ssh_host_rsa_key
+         HostKey /etc/ssh/ssh_host_dsa_key
+         HostKey /etc/ssh/ssh_host_ecdsa_key
+         HostKey /etc/ssh/ssh_host_ed25519_key         
+         SyslogFacility AUTH
+         LogLevel INFO
+         LoginGraceTime 60
+         PasswordAuthentication no
+         PermitRootLogin no
+         StrictModes yes
+         PubkeyAuthentication yes
+         IgnoreRhosts yes
+         HostbasedAuthentication no
+         PermitEmptyPasswords no
+         ChallengeResponseAuthentication no
+         PrintLastLog yes
+         TCPKeepAlive yes
+         AcceptEnv LANG LC_*         
+         UsePAM yes
+  - path: /etc/sysctl.d/01-k3s.conf
+    content: |
+         net.ipv4.ip_forward = 1
+         net.bridge.bridge-nf-call-iptables = 1
+         vm.swappiness = 0
+         vm.overcommit_memory = 1
+
+timezone: Etc/UTC
+packages:
+  - curl
+  - vim
+  - bind-utils
+  - nfs-utils
+runcmd:
+  - echo "overlay" > /etc/modules-load.d/k3s.conf
+  - echo "br_netfilter" >> /etc/modules-load.d/k3s.conf
+  - modprobe overlay
+  - modprobe br_netfilter
+  - sed -i 's/=enforcing/=permissive/' /etc/selinux/config
+  - dnf upgrade -y
+  - reboot
--- a/bash/kvm-deploy/user-data/postgres.yml
+++ b/bash/kvm-deploy/user-data/postgres.yml
@@ -0,0 +1,48 @@
+#cloud-config
+users:
+  - name: your-user
+    lock_passwd: false
+    passwd: 
+    ssh_authorized_keys:
+      - 
+    shell: /bin/bash
+    groups: wheel
+    sudo: ['ALL=(ALL) NOPASSWD: ALL']
+write_files:
+  - path: /etc/ssh/sshd_config
+    content: |
+         Protocol 2
+         HostKey /etc/ssh/ssh_host_rsa_key
+         HostKey /etc/ssh/ssh_host_dsa_key
+         HostKey /etc/ssh/ssh_host_ecdsa_key
+         HostKey /etc/ssh/ssh_host_ed25519_key         
+         SyslogFacility AUTH
+         LogLevel INFO
+         LoginGraceTime 120
+         PasswordAuthentication no
+         PermitRootLogin no
+         StrictModes yes
+         PubkeyAuthentication yes
+         IgnoreRhosts yes
+         HostbasedAuthentication no
+         PermitEmptyPasswords no
+         ChallengeResponseAuthentication no
+         PrintLastLog yes
+         TCPKeepAlive yes
+         AcceptEnv LANG LC_*         
+         UsePAM yes
+prefer_fqdn_over_hostname: true
+packages:
+  - firewalld
+  - vim
+  - plocate
+  - unzip
+  - tar
+  - policycoreutils-python-utils
+  - rsync
+  - nfs-utils
+  - bind-utils
+runcmd:
+  - dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-10-x86_64/pgdg-redhat-repo-latest.noarch.rpm
+  - dnf -qy module disable postgresql
+  - dnf install -y postgresql17-server