#cloud-config
# CLOUD_IMG: This file was created/modified by the Cloud Image build process
# https://cloudinit.readthedocs.io/en/22.1_a/
datasource_list: [ NoCloud, None ]

# configure localization
locale: en_US.UTF-8

# configure timezone
timezone: TimeZone

# configure root user
users:
  - name: root
    lock_passwd: false
    shell: /bin/bash

chpasswd:
  expire: false
  list: |
    root:tmpWORD
  users:
    - name: root
      password: tmpWORD
      type: text

# Despite cloud-init 22.1-9 supports version 2 of network configurations but the "renderers:" doesn't support "network-manager".
# https://cloudinit.readthedocs.io/en/22.1_a/topics/network-config.html#network-output-policy
system_info:
  network:
    renderers: ['sysconfig']

# The gateway of network for cloud-init 22.1-9 must be "gateway4"(for IPv4) or "gateway6"(for IPv6).
network:
  version: 2
  ethernets:
    networkAdapter:
      dhcp4: false
      addresses: [IPv4/ipPrefix]
      gateway4: GATE
      nameservers:
        addresses: [ipDNS1, ipDNS2]

# later commands
# Replace ssh port, permit root user login by password, enable sshd service.
# Add new ssh port for firewalld.
# Stop and disable kdump service.
# Set hostname.
# Allocate 512MB swap to provent yum dead.
# Install dnf, epel repository.
# Install some common components.
# Configure fail2ban.
# Update grub2.
# Delete cloud-init config file itself and disable it permanently after first execution.
runcmd:
  - sed -ri 's/^#?Port.*/Port sshPORT/g' /etc/ssh/sshd_config
  - sed -ri 's/^#?PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config
  - sed -ri 's/^#?PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config
  - systemctl enable sshd
  - ssh-keygen -A
  - systemctl restart sshd
  - sed -i '6i \ \ <port port="sshPORT" protocol="tcp"/>' /etc/firewalld/zones/public.xml
  - sed -i '7i \ \ <port port="sshPORT" protocol="udp"/>' /etc/firewalld/zones/public.xml
  - systemctl enable firewalld
  - firewall-cmd --reload
  - systemctl stop kdump
  - systemctl disable kdump
  - hostnamectl set-hostname HostName
  - fallocate -l 512M /swapspace
  - chmod 600 /swapspace
  - mkswap /swapspace
  - swapon /swapspace
  - echo '/swapspace none swap sw 0 0' >> /etc/fstab
  - yum install dnf epel-release -y
  - dnf install curl dnsutils fail2ban file lrzsz net-tools vim wget -y
  - sed -i '/^\[Definition\]/a allowipv6 = auto' /etc/fail2ban/fail2ban.conf
  - sed -ri 's/^backend = auto/backend = systemd/g' /etc/fail2ban/jail.conf
  - systemctl enable fail2ban
  - systemctl restart fail2ban
  - grub2-mkconfig
  - rm -rf /etc/cloud/cloud.cfg.d/99-fake_cloud.cfg
  - touch /etc/cloud/cloud-init.disabled