Created
March 18, 2021 15:45
-
-
Save j-brn/b551d30e658a4366fa5c006bdc7ba719 to your computer and use it in GitHub Desktop.
RKE host cloudinit config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #cloud-config | |
| users: | |
| - name: admin | |
| ssh-authorized_keys: | |
| - <your-key-goes-here> | |
| sudo: ['ALL=(ALL) NOPASSWD:ALL'] | |
| groups: | |
| - sudo | |
| - docker | |
| shell: /bin/bash | |
| package_update: true | |
| package_upgrade: true | |
| package_reboot_if_required: true | |
| packages: | |
| - vim | |
| - apt-transport-https | |
| - curl | |
| - nmap | |
| - git | |
| - htop | |
| - iperf | |
| write_files: | |
| - path: /etc/ssh/sshd_config | |
| content: | | |
| Protocol 2 | |
| Port 222 | |
| HostKey /etc/ssh/ssh_host_rsa_key | |
| HostKey /etc/ssh/ssh_host_ecdsa_key | |
| HostKey /etc/ssh/ssh_host_ed25519_key | |
| SyslogFacility AUTH | |
| LogLevel INFO | |
| PermitRootLogin no | |
| StrictModes yes | |
| IgnoreRhosts yes | |
| PubkeyAuthentication yes | |
| PasswordAuthentication no | |
| ChallengeResponseAuthentication no | |
| UsePAM yes | |
| X11Forwarding no | |
| PrintMotd no | |
| AcceptEnv LANG LC_* | |
| Subsystem sftp /usr/lib/openssh/sftp-server | |
| AllowUsers admin | |
| AllowTcpForwarding yes | |
| - path: /tmp/daemon.json | |
| permissions: 655 | |
| owner: root | |
| content: '{"exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2"}' | |
| runcmd: | |
| - curl https://get.docker.com | bash | |
| - mv /tmp/daemon.json /etc/docker/daemon.json | |
| - mkdir /etc/systemd/system/docker.service.d | |
| - systemctl daemon-reload | |
| - systemctl restart docker | |
| - modprobe ip_set && echo "ip_set" | tee -a /etc/modules | |
| - modprobe ip_set_hash_ip && echo "ip_set_hash_ip " | tee -a /etc/modules | |
| - modprobe ip_set_hash_net && echo "ip_set_hash_net " | tee -a /etc/modules | |
| - modprobe iptable_filter && echo "iptable_filter " | tee -a /etc/modules | |
| - modprobe iptable_nat && echo "iptable_nat " | tee -a /etc/modules | |
| - modprobe iptable_mangle && echo "iptable_mangle " | tee -a /etc/modules | |
| - modprobe iptable_raw && echo "iptable_raw " | tee -a /etc/modules | |
| - modprobe nf_conntrack_ipv4 && echo "nf_conntrack_ipv4 " | tee -a /etc/modules | |
| - modprobe nf_nat_masquerade_ipv4 && echo "nf_nat_masquerade_ipv4 " | tee -a /etc/modules | |
| - modprobe vxlan && echo "vxlan " | tee -a /etc/modules | |
| - modprobe xt_comment && echo "xt_comment " | tee -a /etc/modules | |
| - modprobe xt_mark && echo "xt_mark " | tee -a /etc/modules | |
| - modprobe xt_multiport && echo "xt_multiport " | tee -a /etc/modules | |
| - modprobe xt_recent && echo "xt_recent " | tee -a /etc/modules | |
| - modprobe xt_set && echo "xt_set " | tee -a /etc/modules | |
| - sysctl -w net.bridge.bridge-nf-call-ip6tables=1 | |
| - sysctl -w net.bridge.bridge-nf-call-iptables=1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment