initial commit

init.cfg

@@ -0,0 +1,41 @@
+  #cloud-config
+  write_files:
+    - path: /etc/sysctl.d/k8s.conf
+      content: |
+        net.bridge.bridge-nf-call-ip6tables = 1
+        net.bridge.bridge-nf-call-iptables = 1
+    - path: /etc/sysctl.d/99-override_cilium_rp_filter.conf
+      content: |
+        net.ipv4.conf.lxc*.rp_filter = 0
+    - path: /etc/fail2ban/jail.local
+      content: |
+        [sshd]
+        enabled = true
+        banaction = iptables-multiport
+    - path: /etc/yum.repos.d/rpm-rancher-io.repo
+      content: |
+        [rancher] 
+        name=Rancher 
+        baseurl=https://rpm.rancher.io/k3s/stable/common/centos/8/noarch
+        enabled=1 
+        gpgcheck=1 
+        gpgkey=https://rpm.rancher.io/public.key
+    - path: /etc/dnf/automatic.conf
+      content: |
+        [commands]
+        upgrade_type = default
+        random_sleep = 10000
+        network_online_timeout = 60
+        download_updates = yes
+        apply_updates = yes
+        [emitters]
+        emit_via = stdio
+        [base]
+        debuglevel = 1
+  runcmd:
+    - sed -i -e '/^PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
+    - sed -i -e '/^X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
+    - sed -i -e '/^#MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
+    - sed -i -e '/^#AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
+    - sed -i -e '/^#AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
+    - sed -i -e '/^#AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config