#cloud-config
  write_files:
    - path: /etc/sysctl.d/k8s.conf
      content: |
        net.bridge.bridge-nf-call-ip6tables = 1
        net.bridge.bridge-nf-call-iptables = 1
    - path: /etc/sysctl.d/99-override_cilium_rp_filter.conf
      content: |
        net.ipv4.conf.lxc*.rp_filter = 0
    - path: /etc/fail2ban/jail.local
      content: |
        [sshd]
        enabled = true
        banaction = iptables-multiport
    - path: /etc/yum.repos.d/rpm-rancher-io.repo
      content: |
        [rancher] 
        name=Rancher 
        baseurl=https://rpm.rancher.io/k3s/stable/common/centos/8/noarch
        enabled=1 
        gpgcheck=1 
        gpgkey=https://rpm.rancher.io/public.key
    - path: /etc/dnf/automatic.conf
      content: |
        [commands]
        upgrade_type = default
        random_sleep = 10000
        network_online_timeout = 60
        download_updates = yes
        apply_updates = yes
        [emitters]
        emit_via = stdio
        [base]
        debuglevel = 1
  runcmd:
    - sed -i -e '/^PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
    - sed -i -e '/^X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
    - sed -i -e '/^#MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
    - sed -i -e '/^#AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
    - sed -i -e '/^#AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
    - sed -i -e '/^#AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config