#cloud-config
users:
  - name: your-user
    lock_passwd: false
    passwd: 
    groups: wheel
    ssh_authorized_keys:
      - 
    shell: /bin/bash
    sudo: ['ALL=(ALL) NOPASSWD: ALL']
write_files:
  - path: /etc/ssh/sshd_config
    content: |
         Protocol 2
         HostKey /etc/ssh/ssh_host_rsa_key
         HostKey /etc/ssh/ssh_host_dsa_key
         HostKey /etc/ssh/ssh_host_ecdsa_key
         HostKey /etc/ssh/ssh_host_ed25519_key         
         SyslogFacility AUTH
         LogLevel INFO
         LoginGraceTime 60
         PasswordAuthentication no
         PermitRootLogin no
         StrictModes yes
         PubkeyAuthentication yes
         IgnoreRhosts yes
         HostbasedAuthentication no
         PermitEmptyPasswords no
         ChallengeResponseAuthentication no
         PrintLastLog yes
         TCPKeepAlive yes
         AcceptEnv LANG LC_*         
         UsePAM yes
  - path: /etc/sysctl.d/01-k3s.conf
    content: |
         net.ipv4.ip_forward = 1
         net.bridge.bridge-nf-call-iptables = 1
         vm.swappiness = 0
         vm.overcommit_memory = 1

timezone: Etc/UTC
packages:
  - curl
  - vim
  - bind-utils
  - nfs-utils
runcmd:
  - echo "overlay" > /etc/modules-load.d/k3s.conf
  - echo "br_netfilter" >> /etc/modules-load.d/k3s.conf
  - modprobe overlay
  - modprobe br_netfilter
  - sed -i 's/=enforcing/=permissive/' /etc/selinux/config
  - dnf upgrade -y
  - reboot