2023-07-30 06:18:25 +08:00
#cloud-config
2023-06-08 04:50:33 +08:00
# CLOUD_IMG: This file was created/modified by the Cloud Image build process
2023-07-30 05:25:33 +08:00
# configure cloud-init for NoCloud
2023-09-18 19:04:24 +08:00
datasource_list: [ NoCloud, None ]
2023-07-30 05:25:33 +08:00
2023-06-08 04:50:33 +08:00
# configure repository
system_info:
package_mirrors:
- arches: [i386, amd64]
failsafe:
primary: http://targetLinuxMirror/ubuntu
security: http://security.ubuntu.com/ubuntu
2023-06-29 12:53:05 +08:00
- arches: [arm64, armel, armhf]
2023-06-08 04:50:33 +08:00
failsafe:
primary: http://targetLinuxMirror/ubuntu-ports
security: http://targetLinuxMirror/ubuntu-ports
# configure hostname
hostname: HostName
2023-06-14 03:47:30 +08:00
# configure localization
locale: en_US.UTF-8
2023-06-14 04:42:16 +08:00
# configure timezone
timezone: TimeZone
2023-06-08 04:50:33 +08:00
# configure root user
users:
- name: root
lock_passwd: false
shell: /bin/bash
chpasswd:
expire: false
list: |
root:tmpWORD
users:
- name: root
password: tmpWORD
type: text
# configure network
2023-08-19 14:22:12 +08:00
# Adding "on-link: true" for each routes is recommended for the "routes(gateway)" menu in network config file of netplan otherwise netplan will calculate whether the gateway is in range of IP/prefix, if not, the network can't work normally.
# Despite adding "on-link: true" is only necessary for the situation of irregular IPv4 configs(public IPv4 address with the a private IPv4 gateway or gateway is also a public address but from A class is different from the former),
# this setting won't affect the normal IPv4 configurations.
# So in order to considering the most general availability of the various complex environments of the networkings, we should add "on-link" in all items which need to be configurated manually cloud-init files.
# Reference: https://netplan.readthedocs.io/en/latest/netplan-yaml/#default-routes
2023-06-08 04:50:33 +08:00
network:
2023-06-08 11:08:14 +08:00
version: 2
ethernets:
2023-08-23 17:25:10 +08:00
networkAdapter:
2023-06-08 11:08:14 +08:00
dhcp4: false
2023-06-08 11:46:18 +08:00
addresses: [IPv4/ipPrefix]
2023-06-08 19:06:39 +08:00
routes:
- to: default
via: GATE
2023-08-19 14:22:12 +08:00
on-link: true
2023-06-08 11:08:14 +08:00
nameservers:
addresses: [ipDNS1, ipDNS2]
2023-06-08 04:50:33 +08:00
# later commands
2023-08-27 15:49:59 +08:00
# Replace ssh port, permit root user login by password, enable sshd service.
# Disable kernel need to restart: https://askubuntu.com/questions/1349884/how-to-disable-pending-kernel-upgrade-message
# Install some common components.
2023-08-27 15:52:37 +08:00
# Configure vim for more convenient to use.
2023-08-27 15:49:59 +08:00
# Rename netplan config file.
# Configure fail2ban.
2023-08-27 15:52:37 +08:00
# Delete cloud-init config file itself and disable it permanently after first execution.
2023-06-08 04:50:33 +08:00
runcmd:
- sed -ri 's/^#?Port.*/Port sshPORT/g' /etc/ssh/sshd_config
- sed -ri 's/^#?PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config
- sed -ri 's/^#?PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config
- update-rc.d ssh enable
2023-08-31 18:08:31 +08:00
- ssh-keygen -A
2023-06-08 04:50:33 +08:00
- /etc/init.d/ssh restart
2023-06-17 07:28:42 +08:00
- sed -i 's/#$nrconf{restart} = '"'"'i'"'"';/$nrconf{restart} = '"'"'a'"'"';/g' /etc/needrestart/needrestart.conf
2023-06-18 13:38:46 +08:00
- sed -i "s/#\$nrconf{kernelhints} = -1;/\$nrconf{kernelhints} = -1;/g" /etc/needrestart/needrestart.conf
2023-08-27 17:08:59 +08:00
- apt update
2023-09-17 13:39:58 +08:00
- apt install dnsutils fail2ban file lrzsz net-tools vim wget -y
2023-06-17 01:33:55 +08:00
- sed -ri 's/set compatible/set nocompatible/g' /etc/vim/vimrc.tiny
- sed -ri '/set nocompatible/a\set backspace = 2' /etc/vim/vimrc.tiny
2023-06-08 17:21:10 +08:00
- mv /etc/netplan/50-cloud-init.yaml /etc/netplan/20-netcfg.yaml
- netplan apply
2023-08-28 03:08:56 +08:00
- sed -i '/^\[Definition\]/a allowipv6 = auto' /etc/fail2ban/fail2ban.conf
- sed -ri 's/^backend = auto/backend = systemd/g' /etc/fail2ban/jail.conf
2023-07-06 09:24:15 +08:00
- update-rc.d fail2ban enable
- /etc/init.d/fail2ban restart
2023-06-14 04:29:41 +08:00
- rm -rf /etc/cloud/cloud.cfg.d/99-fake_cloud.cfg
2023-06-08 19:54:13 +08:00
- touch /etc/cloud/cloud-init.disabled