41 lines
1.5 KiB
INI
41 lines
1.5 KiB
INI
#cloud-config
|
|
write_files:
|
|
- path: /etc/sysctl.d/k8s.conf
|
|
content: |
|
|
net.bridge.bridge-nf-call-ip6tables = 1
|
|
net.bridge.bridge-nf-call-iptables = 1
|
|
- path: /etc/sysctl.d/99-override_cilium_rp_filter.conf
|
|
content: |
|
|
net.ipv4.conf.lxc*.rp_filter = 0
|
|
- path: /etc/fail2ban/jail.local
|
|
content: |
|
|
[sshd]
|
|
enabled = true
|
|
banaction = iptables-multiport
|
|
- path: /etc/yum.repos.d/rpm-rancher-io.repo
|
|
content: |
|
|
[rancher]
|
|
name=Rancher
|
|
baseurl=https://rpm.rancher.io/k3s/stable/common/centos/8/noarch
|
|
enabled=1
|
|
gpgcheck=1
|
|
gpgkey=https://rpm.rancher.io/public.key
|
|
- path: /etc/dnf/automatic.conf
|
|
content: |
|
|
[commands]
|
|
upgrade_type = default
|
|
random_sleep = 10000
|
|
network_online_timeout = 60
|
|
download_updates = yes
|
|
apply_updates = yes
|
|
[emitters]
|
|
emit_via = stdio
|
|
[base]
|
|
debuglevel = 1
|
|
runcmd:
|
|
- sed -i -e '/^PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
|
|
- sed -i -e '/^X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
|
|
- sed -i -e '/^#MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
|
|
- sed -i -e '/^#AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
|
|
- sed -i -e '/^#AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
|
|
- sed -i -e '/^#AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config |