Skip to content

Instantly share code, notes, and snippets.

@dylansm
Created April 10, 2017 02:20
Show Gist options
  • Save dylansm/ca16f04e73ff1405d448ba83a8476062 to your computer and use it in GitHub Desktop.
Save dylansm/ca16f04e73ff1405d448ba83a8476062 to your computer and use it in GitHub Desktop.
cloud-config for a base-box
#cloud-config
package_upgrade: true
packages:
- curl
- ntp
- wget
- git
- vim
users:
- name: mhutter
shell: /bin/bash
sudo: ['ALL=(ALL) NOPASSWD:ALL']
ssh-authorized-keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDefc6HMIYI72VdNoVLVWjQMrYceUTacsKode14tCUEMpgbQBGEf8km+AoFKjXRZGKailkGGy1c6jljuiRKXS/8bFfjRARu5+hwA/88mUIB66DWypngTBtbEMKMEp4Wx2BAEhWXnwx8UI6eq7kyvrvF5mIvsnvuAzHjRYM/K7eFH8oTWcOIJeSkg90ArXMoz9RMkERNXNvBJDCSYJm6rZP1P76wIpPrDZpaXzl/a7uxCicn3JVz4Z2SARjVUkwrq73OHiSfdkKbhjCSZ5B3s82pBovO1r/R7jqKx9fUpez7SPXcO3UAv243R7DNJkyBalGyoZqpx4evPYjtEGS+x7bfEMCssr5Bnpp+Llm6piXJdMIrvfvTKXuM2RyCfBbwTkRdg1DcBWjRyGavFcgDbxcRHpDnxFCCUPJ6In/KmndGLEp3oQNygh+oxupT97IjeugmrtiC/NXKKIIqP6viR/jcO0bSk6BxIOIKyMDwA+4YL7Njoc63u9ROIR1HISUnHuphYg2PsWfMoFsm9fzF+xfU5lXWb5wZXpLl4sR+gPD5bdHXO2ddB5rIP1AFQlgEXmTecDj13fKdTXleDA7dOfYKyvqoSLi5tYNSa17mLAa/36vOYtigyWRAdgR+vvWAps6NlCqGoJURpAylOgekYEgmlMu465BIFE4kJrzxTGh4NQ== mhu2015
runcmd:
- timedatectl set-timezone Europe/Zurich
- sed -ri 's/centos/de/' /etc/ntp.conf
- systemctl start ntpd
- systemctl enable ntpd
- fallocate -l 4G /swapfile
- chmod 600 /swapfile
- mkswap /swapfile
- swapon /swapfile
- echo "/swapfile none swap sw 0 0" >> /etc/fstab
- sed -i 's/mhutter:!/mhutter:*/' /etc/shadow
- |
sed -r -i \
-e '/^(#.*)?$/d' \
-e '/LoginGraceTime/d' \
-e '/PermitRootLogin/d' \
-e '/X11Forwarding/d' \
-e '/PasswordAuthentication/d' \
-e '/MaxStartups/d' \
-e '/UsePAM/d' \
/etc/ssh/sshd_config
- |
cat >> /etc/ssh/sshd_config <<EOT
PasswordAuthentication no
MaxStartups 2:30:10
UseDNS no
AllowUsers mhutter
PermitRootLogin without-password
X11Forwarding no
LoginGraceTime 10
EOT
- systemctl restart sshd
- systemctl start firewalld
- firewall-cmd --permanent --add-service=ssh
- firewall-cmd --permanent --zone=internal --remove-service=samba-client
- firewall-cmd --permanent --zone=internal --remove-service=ipp-client
- firewall-cmd --permanent --zone=internal --remove-service=mdns
- echo "ZONE=internal" >> /etc/sysconfig/network-scripts/ifcfg-eth1
- systemctl restart network.service
- systemctl restart firewalld.service
- echo 'export EDITOR=vim' >> /etc/profile
#cloud-config
package_upgrade: true
packages:
- curl
- git-core
- ntp
- ufw
- wget
users:
- name: mhutter
shell: /bin/bash
sudo: ['ALL=(ALL) NOPASSWD:ALL']
ssh-authorized-keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDefc6HMIYI72VdNoVLVWjQMrYceUTacsKode14tCUEMpgbQBGEf8km+AoFKjXRZGKailkGGy1c6jljuiRKXS/8bFfjRARu5+hwA/88mUIB66DWypngTBtbEMKMEp4Wx2BAEhWXnwx8UI6eq7kyvrvF5mIvsnvuAzHjRYM/K7eFH8oTWcOIJeSkg90ArXMoz9RMkERNXNvBJDCSYJm6rZP1P76wIpPrDZpaXzl/a7uxCicn3JVz4Z2SARjVUkwrq73OHiSfdkKbhjCSZ5B3s82pBovO1r/R7jqKx9fUpez7SPXcO3UAv243R7DNJkyBalGyoZqpx4evPYjtEGS+x7bfEMCssr5Bnpp+Llm6piXJdMIrvfvTKXuM2RyCfBbwTkRdg1DcBWjRyGavFcgDbxcRHpDnxFCCUPJ6In/KmndGLEp3oQNygh+oxupT97IjeugmrtiC/NXKKIIqP6viR/jcO0bSk6BxIOIKyMDwA+4YL7Njoc63u9ROIR1HISUnHuphYg2PsWfMoFsm9fzF+xfU5lXWb5wZXpLl4sR+gPD5bdHXO2ddB5rIP1AFQlgEXmTecDj13fKdTXleDA7dOfYKyvqoSLi5tYNSa17mLAa/36vOYtigyWRAdgR+vvWAps6NlCqGoJURpAylOgekYEgmlMu465BIFE4kJrzxTGh4NQ== mhu2015
write_files:
- path: /etc/timezone
content: |
Europe/Zurich
runcmd:
- sed -i 's/mhutter:!/mhutter:*/' /etc/shadow
- |
sed -r -i \
-e '/^(#.*)?$/d' \
-e '/LoginGraceTime/d' \
-e '/PermitRootLogin/d' \
-e '/X11Forwarding/d' \
-e '/PasswordAuthentication/d' \
-e '/MaxStartups/d' \
-e '/UsePAM/d' \
/etc/ssh/sshd_config
- |
cat >> /etc/ssh/sshd_config <<EOT
PasswordAuthentication no
MaxStartups 2:30:10
UseDNS no
AllowUsers mhutter
PermitRootLogin no
X11Forwarding no
LoginGraceTime 10
EOT
- service ssh restart
- echo 'export EDITOR=vim' >> /etc/profile
- apt-get autoremove -yq
- ufw allow 22/tcp
- ufw enable
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment