cloud-config for a base-box

cloud-config-centos.yml

#cloud-config
package_upgrade: true
packages:
  - curl
  - ntp
  - wget
  - git
  - vim
users:
  - name: mhutter
    shell: /bin/bash
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDefc6HMIYI72VdNoVLVWjQMrYceUTacsKode14tCUEMpgbQBGEf8km+AoFKjXRZGKailkGGy1c6jljuiRKXS/8bFfjRARu5+hwA/88mUIB66DWypngTBtbEMKMEp4Wx2BAEhWXnwx8UI6eq7kyvrvF5mIvsnvuAzHjRYM/K7eFH8oTWcOIJeSkg90ArXMoz9RMkERNXNvBJDCSYJm6rZP1P76wIpPrDZpaXzl/a7uxCicn3JVz4Z2SARjVUkwrq73OHiSfdkKbhjCSZ5B3s82pBovO1r/R7jqKx9fUpez7SPXcO3UAv243R7DNJkyBalGyoZqpx4evPYjtEGS+x7bfEMCssr5Bnpp+Llm6piXJdMIrvfvTKXuM2RyCfBbwTkRdg1DcBWjRyGavFcgDbxcRHpDnxFCCUPJ6In/KmndGLEp3oQNygh+oxupT97IjeugmrtiC/NXKKIIqP6viR/jcO0bSk6BxIOIKyMDwA+4YL7Njoc63u9ROIR1HISUnHuphYg2PsWfMoFsm9fzF+xfU5lXWb5wZXpLl4sR+gPD5bdHXO2ddB5rIP1AFQlgEXmTecDj13fKdTXleDA7dOfYKyvqoSLi5tYNSa17mLAa/36vOYtigyWRAdgR+vvWAps6NlCqGoJURpAylOgekYEgmlMu465BIFE4kJrzxTGh4NQ== mhu2015
runcmd:
  - timedatectl set-timezone Europe/Zurich
  - sed -ri 's/centos/de/' /etc/ntp.conf
  - systemctl start ntpd
  - systemctl enable ntpd
  - fallocate -l 4G /swapfile
  - chmod 600 /swapfile
  - mkswap /swapfile
  - swapon /swapfile
  - echo "/swapfile none swap sw 0 0" >> /etc/fstab
  - sed -i 's/mhutter:!/mhutter:*/' /etc/shadow
  - |
    sed -r -i \
      -e '/^(#.*)?$/d' \
      -e '/LoginGraceTime/d' \
      -e '/PermitRootLogin/d' \
      -e '/X11Forwarding/d' \
      -e '/PasswordAuthentication/d' \
      -e '/MaxStartups/d' \
      -e '/UsePAM/d' \
      /etc/ssh/sshd_config
  - |
    cat >> /etc/ssh/sshd_config <<EOT
    PasswordAuthentication no
    MaxStartups 2:30:10
    UseDNS no
    AllowUsers mhutter
    PermitRootLogin without-password
    X11Forwarding no
    LoginGraceTime 10
    EOT
  - systemctl restart sshd
  - systemctl start firewalld
  - firewall-cmd --permanent --add-service=ssh
  - firewall-cmd --permanent --zone=internal --remove-service=samba-client
  - firewall-cmd --permanent --zone=internal --remove-service=ipp-client
  - firewall-cmd --permanent --zone=internal --remove-service=mdns
  - echo "ZONE=internal" >> /etc/sysconfig/network-scripts/ifcfg-eth1
  - systemctl restart network.service
  - systemctl restart firewalld.service
  - echo 'export EDITOR=vim' >> /etc/profile

cloud-config-ubuntu.yml

#cloud-config
package_upgrade: true
packages:
  - curl
  - git-core
  - ntp
  - ufw
  - wget
users:
  - name: mhutter
    shell: /bin/bash
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDefc6HMIYI72VdNoVLVWjQMrYceUTacsKode14tCUEMpgbQBGEf8km+AoFKjXRZGKailkGGy1c6jljuiRKXS/8bFfjRARu5+hwA/88mUIB66DWypngTBtbEMKMEp4Wx2BAEhWXnwx8UI6eq7kyvrvF5mIvsnvuAzHjRYM/K7eFH8oTWcOIJeSkg90ArXMoz9RMkERNXNvBJDCSYJm6rZP1P76wIpPrDZpaXzl/a7uxCicn3JVz4Z2SARjVUkwrq73OHiSfdkKbhjCSZ5B3s82pBovO1r/R7jqKx9fUpez7SPXcO3UAv243R7DNJkyBalGyoZqpx4evPYjtEGS+x7bfEMCssr5Bnpp+Llm6piXJdMIrvfvTKXuM2RyCfBbwTkRdg1DcBWjRyGavFcgDbxcRHpDnxFCCUPJ6In/KmndGLEp3oQNygh+oxupT97IjeugmrtiC/NXKKIIqP6viR/jcO0bSk6BxIOIKyMDwA+4YL7Njoc63u9ROIR1HISUnHuphYg2PsWfMoFsm9fzF+xfU5lXWb5wZXpLl4sR+gPD5bdHXO2ddB5rIP1AFQlgEXmTecDj13fKdTXleDA7dOfYKyvqoSLi5tYNSa17mLAa/36vOYtigyWRAdgR+vvWAps6NlCqGoJURpAylOgekYEgmlMu465BIFE4kJrzxTGh4NQ== mhu2015
write_files:
  - path: /etc/timezone
    content: |
      Europe/Zurich
runcmd:
  - sed -i 's/mhutter:!/mhutter:*/' /etc/shadow
  - |
    sed -r -i \
      -e '/^(#.*)?$/d' \
      -e '/LoginGraceTime/d' \
      -e '/PermitRootLogin/d' \
      -e '/X11Forwarding/d' \
      -e '/PasswordAuthentication/d' \
      -e '/MaxStartups/d' \
      -e '/UsePAM/d' \
      /etc/ssh/sshd_config
  - |
    cat >> /etc/ssh/sshd_config <<EOT
    PasswordAuthentication no
    MaxStartups 2:30:10
    UseDNS no
    AllowUsers mhutter
    PermitRootLogin no
    X11Forwarding no
    LoginGraceTime 10
    EOT
  - service ssh restart
  - echo 'export EDITOR=vim' >> /etc/profile
  - apt-get autoremove -yq
  - ufw allow 22/tcp
  - ufw enable