Skip to content

Instantly share code, notes, and snippets.

@rbarry82

rbarry82/default-profile.yaml Secret

Created December 17, 2021 01:09
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rbarry82/36ba025c2a75f4d2fab6212778df886c to your computer and use it in GitHub Desktop.
Save rbarry82/36ba025c2a75f4d2fab6212778df886c to your computer and use it in GitHub Desktop.
Download ZIP
LXD profile with allows nested microk8s+juju
Raw
default-profile.yaml
config:
boot.autostart: "false"
environment.DISPLAY: :0
linux.kernel_modules: openvswitch,nbd,ip_tables,ip6_tables,kvm,ip_vs,ip_vs_rr,ip_vs_wrr,ip_vs_sh,ip_tables,ip6_tables,netlink_diag,nf_nat,overlay,br_netfilter,nf_conntrack
raw.lxc: |
lxc.apparmor.profile=unconfined
lxc.mount.auto=proc:rw sys:rw cgroup:rw
lxc.cgroup.devices.allow=a
lxc.cap.drop=
lxc.cgroup.devices.allow = c 10:237 rwm
lxc.cgroup.devices.allow = b 7:* rwm
lxc.cgroup.devices.allow = b 259:* rwm
lxc.cgroup.devices.allow = b 230:* rw
security.nesting: "true"
security.privileged: "true"
user.user-data: |
#cloud-config
users:
- name: yourusername
ssh_authorized_keys:
- ssh-rsa yourkey...
sudo: ['ALL=(ALL) NOPASSWD:ALL']
groups: [root,sudo,staff]
shell: /bin/bash
disable_root: false
network:
version: 1
config:
- type: physical
name: eth0
subnets:
- type: dhcp
runcmd:
- pkill snapd
- systemctl stop unattended-upgrades
- systemctl stop systemd-remount-fs
- system reset-failed
- passwd -d root
- passwd -d yourusername
- echo "debconf debconf/priority select low" | sudo debconf-set-selections
- DEBIAN_FRONTEND=noninteractive dpkg-reconfigure debconf
- DEBIAN_FRONTEND=noninteractive apt-get update -y
- DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y
- DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
- DEBIAN_FRONTEND=noninteractive apt-get autoclean -y
- rm -rf /root/.ssh/
- chown -r root:root /root/.ssh
- cp -rT /etc/skel /home/yourusername
- chown -R yourusername:yourusername /home/yourusername
packages:
- man
- manpages
- hello
- locales
- less
- vim
- jq
- uuid
- bash-completion
- sudo
- rsync
- bridge-utils
- net-tools
- vlan
- ncurses-term
- iputils-arping
- iputils-ping
- iputils-tracepath
- traceroute
- mtr-tiny
- tcpdump
- dnsutils
- ssh-import-id
- openssh-server
- openssh-client
- software-properties-common
- x11-apps
- mesa-utils
- build-essential
- snapd
power_state:
delay: 'now'
mode: reboot
timeout: 10
condition: True
final_message: "The system is finally up! Enjoy!"
write_files:
- path: /etc/ssh/sshd_config
content: |
Port 22
AddressFamily any
SyslogFacility AUTH
LogLevel INFO
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
UsePAM yes
IgnoreUserKnownHosts yes
IgnoreRhosts yes
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
PermitTTY yes
PrintMotd no
TCPKeepAlive yes
PermitTunnel yes
ClientAliveInterval 5
Banner none
AcceptEnv LANG LC_* EDITOR PAGER SYSTEMD_EDITOR
Subsystem sftp /usr/lib/openssh/sftp-server
- path: /etc/ssh/ssh_config
content: |
Host *
ForwardAgent no
ForwardX11 no
PasswordAuthentication yes
CheckHostIP no
AddressFamily any
SendEnv LANG LC_* EDITOR PAGER
StrictHostKeyChecking no
HashKnownHosts yes
ServerAliveInterval 5
- path: /etc/sudoers
content: |
Defaults env_keep += "LANG LANGUAGE LC_* _XKB_CHARSET"
Defaults env_keep += "HOME EDITOR SYSTEMD_EDITOR PAGER"
Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Defaults logfile=/var/log/sudo.log,loglinelen=0
Defaults !syslog, !pam_session
root ALL=(ALL) NOPASSWD: ALL
%wheel ALL=(ALL) NOPASSWD: ALL
%sudo ALL=(ALL) NOPASSWD: ALL
yourusername ALL=(ALL) NOPASSWD: ALL
apt:
preserve_sources_list: false
primary:
- arches: [default]
uri: http://us.archive.ubuntu.com/ubuntu
sources_list: |
deb $MIRROR $RELEASE main restricted universe multiverse
deb $MIRROR $RELEASE-updates main restricted universe multiverse
deb $MIRROR $RELEASE-proposed main restricted universe multiverse
# deb $MIRROR $RELEASE-backports main restricted universe multiverse
# deb $SECURITY $RELEASE-security universe multiverse
deb-src $MIRROR $RELEASE main restricted universe multiverse
deb-src $MIRROR $RELEASE-updates main restricted universe multiverse
deb-src $MIRROR $RELEASE-proposed main restricted universe multiverse
# deb-src $MIRROR $RELEASE-backports main restricted universe multiverse
# deb-src $SECURITY $RELEASE-security universe multiverse
sources:
debug.list:
source: |
# debug symbols
# deb http://ddebs.ubuntu.com $RELEASE main restricted universe multiverse
# deb http://ddebs.ubuntu.com $RELEASE-updates main restricted universe multiverse
# deb http://ddebs.ubuntu.com $RELEASE-proposed main restricted universe multiverse
keyid: C8CAB6595FDFF622
description: default
devices:
X0:
bind: container
connect: unix:@/tmp/.X11-unix/X0
listen: unix:@/tmp/.X11-unix/X0
security.gid: "1000"
security.uid: "1000"
type: proxy
aadisable:
path: /sys/module/nf_conntrack/parameters/hashsize
source: /sys/module/nf_conntrack/parameters/hashsize
type: disk
aadisable2:
path: /dev/kmsg
source: /dev/kmsg
type: disk
aadisable3:
path: /sys/fs/bpf
source: /sys/fs/bpf
type: disk
charms:
path: /home/yourusername/charms
source: /home/yourusername/charms
type: disk
homedir:
path: /home/yourusername/.ssh
source: /home/yourusername/.ssh
type: disk
kvm:
path: /dev/kvm
type: unix-char
lxdbr0:
nictype: bridged
parent: lxdbr0
type: nic
mapper:
path: /dev/mapper/control
type: unix-char
mem:
path: /dev/mem
type: unix-char
mygpu:
type: gpu
optdir:
path: /opt
source: /opt
type: disk
root:
path: /
pool: default
type: disk
rootdir:
path: /root
source: /root
type: disk
tun:
path: /dev/net/tun
type: unix-char
name: default
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment