Tools/Linux_reinstall/Ubuntu/CloudInit/ipv4_static_interfaces.cfg
2023-08-19 15:22:12 +09:00

82 lines
3 KiB
INI

#cloud-config
# CLOUD_IMG: This file was created/modified by the Cloud Image build process
# configure cloud-init for NoCloud
datasource_list: [ NoCloud, None ]
# configure repository
system_info:
package_mirrors:
- arches: [i386, amd64]
failsafe:
primary: http://targetLinuxMirror/ubuntu
security: http://security.ubuntu.com/ubuntu
- arches: [arm64, armel, armhf]
failsafe:
primary: http://targetLinuxMirror/ubuntu-ports
security: http://targetLinuxMirror/ubuntu-ports
# configure hostname
hostname: HostName
# configure localization
locale: en_US.UTF-8
# configure timezone
timezone: TimeZone
# configure root user
users:
- name: root
lock_passwd: false
shell: /bin/bash
chpasswd:
expire: false
list: |
root:tmpWORD
users:
- name: root
password: tmpWORD
type: text
# configure network
# Adding "on-link: true" for each routes is recommended for the "routes(gateway)" menu in network config file of netplan otherwise netplan will calculate whether the gateway is in range of IP/prefix, if not, the network can't work normally.
# Despite adding "on-link: true" is only necessary for the situation of irregular IPv4 configs(public IPv4 address with the a private IPv4 gateway or gateway is also a public address but from A class is different from the former),
# this setting won't affect the normal IPv4 configurations.
# So in order to considering the most general availability of the various complex environments of the networkings, we should add "on-link" in all items which need to be configurated manually cloud-init files.
# Reference: https://netplan.readthedocs.io/en/latest/netplan-yaml/#default-routes
network:
version: 2
ethernets:
eth0:
dhcp4: false
addresses: [IPv4/ipPrefix]
routes:
- to: default
via: GATE
on-link: true
nameservers:
addresses: [ipDNS1, ipDNS2]
# later commands
runcmd:
- sed -ri 's/^#?Port.*/Port sshPORT/g' /etc/ssh/sshd_config
- sed -ri 's/^#?PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config
- sed -ri 's/^#?PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config
- update-rc.d ssh enable
- /etc/init.d/ssh restart
- sed -i 's/#$nrconf{restart} = '"'"'i'"'"';/$nrconf{restart} = '"'"'a'"'"';/g' /etc/needrestart/needrestart.conf
- sed -i "s/#\$nrconf{kernelhints} = -1;/\$nrconf{kernelhints} = -1;/g" /etc/needrestart/needrestart.conf
- apt update
- apt install dnsutils fail2ban file lrzsz net-tools traceroute unzip vim wget xz-utils -y
- sed -ri 's/set compatible/set nocompatible/g' /etc/vim/vimrc.tiny
- sed -ri '/set nocompatible/a\set backspace=2' /etc/vim/vimrc.tiny
- mv /etc/netplan/50-cloud-init.yaml /etc/netplan/20-netcfg.yaml
- netplan apply
- sed -i '/\[Definition\]/a allowipv6 = auto' /etc/fail2ban/fail2ban.conf
- sed -ri 's/backend.*/backend = systemd/g' /etc/fail2ban/jail.conf
- update-rc.d fail2ban enable
- /etc/init.d/fail2ban restart
- rm -rf /etc/cloud/cloud.cfg.d/99-fake_cloud.cfg
- touch /etc/cloud/cloud-init.disabled