From c5c8004928d7b1efed716d0c84e83b5529426bb1 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Wed, 2 Mar 2022 22:19:58 +0100 Subject: [PATCH] tweaked userdata --- modules/host/main.tf | 12 ----- modules/host/templates/boothook.sh.tpl | 5 -- modules/host/templates/userdata.yaml.tpl | 62 +++++++++++++----------- 3 files changed, 35 insertions(+), 44 deletions(-) delete mode 100644 modules/host/templates/boothook.sh.tpl diff --git a/modules/host/main.tf b/modules/host/main.tf index b8c4d17..869fc8a 100644 --- a/modules/host/main.tf +++ b/modules/host/main.tf @@ -75,16 +75,4 @@ data "template_cloudinit_config" "config" { } ) } - - # Initialization script (runs at every reboot) - part { - content_type = "text/cloud-boothook" - filename = "boothook.sh" - content = templatefile( - "${path.module}/templates/boothook.sh.tpl", - { - hostname = var.name - } - ) - } } diff --git a/modules/host/templates/boothook.sh.tpl b/modules/host/templates/boothook.sh.tpl deleted file mode 100644 index 0b1f461..0000000 --- a/modules/host/templates/boothook.sh.tpl +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -#cloud-boothook - -# Fix hostname after reboot -hostnamectl hostname "${hostname}" diff --git a/modules/host/templates/userdata.yaml.tpl b/modules/host/templates/userdata.yaml.tpl index e9d9845..64d91c5 100644 --- a/modules/host/templates/userdata.yaml.tpl +++ b/modules/host/templates/userdata.yaml.tpl @@ -1,32 +1,38 @@ #cloud-config + write_files: + # Configure private network + - content: | + BOOTPROTO='dhcp' + STARTMODE='auto' + path: /etc/sysconfig/network/ifcfg-eth1 -# Configure private network -- content: | - BOOTPROTO='dhcp' - STARTMODE='auto' - path: /etc/sysconfig/network/ifcfg-eth1 + # Disable ssh password authentication + - content: | + PasswordAuthentication no + X11Forwarding no + MaxAuthTries 2 + AllowTcpForwarding no + AllowAgentForwarding no + AuthorizedKeysFile .ssh/authorized_keys + path: /etc/ssh/sshd_config.d/kube-hetzner.conf -# Disable ssh password authentication -- content: | - PasswordAuthentication no - X11Forwarding no - MaxAuthTries 2 - AllowTcpForwarding no - AllowAgentForwarding no - AuthorizedKeysFile .ssh/authorized_keys - path: /etc/ssh/sshd_config.d/kube-hetzner.conf + # Setting the right reboot mode + - content: | + REBOOT_METHOD=rebootmgr + path: /etc/transactional-update.conf -# Setting the right reboot mode -- content: | - REBOOT_METHOD=rebootmgr - path: /etc/transactional-update.conf + # Add ssh authorized keys + ssh_authorized_keys: + %{ for key in sshAuthorizedKeys ~} + - ${key} + %{ endfor ~} -# Add ssh authorized keys -ssh_authorized_keys: -%{ for key in sshAuthorizedKeys ~} - - ${key} -%{ endfor ~} +# Making sure the hostname is set correctly +manage_etc_hosts: "localhost" +preserve_hostname: true +prefer_fqdn_over_hostname: false +hostname: ${hostname} runcmd: # Activate the private network @@ -35,9 +41,11 @@ runcmd: # Activate ssh configuration - systemctl reload sshd - # Fix hostname (during first boot) - - hostnamectl hostname ${hostname} - # Finishing automatic reboot via Kured setup - rebootmgrctl set-strategy off - \ No newline at end of file + + # Reduce the default number of snapshots from 2-10 number limit, to 4 + # And from 4-10 number limit important, to 2 + - snapper -c root set-config "NUMBER_LIMIT=4" + - snapper -c root set-config "NUMBER_LIMIT_IMPORTANT=2" +