mirror of
https://github.com/leitbogioro/Tools.git
synced 2024-11-15 13:44:50 +08:00
97 lines
3.8 KiB
INI
97 lines
3.8 KiB
INI
#cloud-config
|
|
# CLOUD_IMG: This file was created/modified by the Cloud Image build process
|
|
|
|
# configure cloud-init for NoCloud
|
|
datasource_list: [ NoCloud, None ]
|
|
|
|
# configure repository
|
|
system_info:
|
|
package_mirrors:
|
|
- arches: [i386, amd64]
|
|
failsafe:
|
|
primary: http://targetLinuxMirror/ubuntu
|
|
security: http://targetLinuxSecurityMirror/ubuntu
|
|
- arches: [arm64, armel, armhf]
|
|
failsafe:
|
|
primary: http://targetLinuxMirror/ubuntu-ports
|
|
security: http://targetLinuxSecurityMirror/ubuntu-ports
|
|
|
|
# configure hostname
|
|
hostname: HostName
|
|
|
|
# configure localization
|
|
locale: en_US.UTF-8
|
|
|
|
# configure timezone
|
|
timezone: TimeZone
|
|
|
|
# configure root user
|
|
users:
|
|
- name: root
|
|
lock_passwd: false
|
|
shell: /bin/bash
|
|
|
|
chpasswd:
|
|
expire: false
|
|
list: |
|
|
root:tmpWORD
|
|
users:
|
|
- name: root
|
|
password: tmpWORD
|
|
type: text
|
|
|
|
# configure network
|
|
# Adding "on-link: true" for each routes is recommended for the "routes(gateway)" menu in network config file of netplan otherwise netplan will calculate whether the gateway is in range of IP/prefix, if not, the network can't work normally.
|
|
# Despite adding "on-link: true" is only necessary for the situation of irregular IPv4 configs(public IPv4 address with the a private IPv4 gateway or gateway is also a public address but from A class is different from the former),
|
|
# this setting won't affect the normal IPv4 configurations.
|
|
# So in order to considering the most general availability of the various complex environments of the networkings, we should add "on-link" in all items which need to be configurated manually cloud-init files.
|
|
# Reference: https://netplan.readthedocs.io/en/latest/netplan-yaml/#default-routes
|
|
network:
|
|
version: 2
|
|
ethernets:
|
|
networkAdapter:
|
|
dhcp4: false
|
|
addresses: [IPv4/ipPrefix]
|
|
routes:
|
|
- to: default
|
|
via: GATE
|
|
on-link: true
|
|
nameservers:
|
|
addresses: [ipDNS1, ipDNS2]
|
|
|
|
# later commands
|
|
# Disable "ssh.socket" service.
|
|
# Enable sshd service.
|
|
# Reload systemd.
|
|
# Make sshd service loading automatically at the next reboot.
|
|
# Kill the original sshd service so that to liberate the occupation of "0.0.0.0:22" and "[::]:22" to avoid "error: Bind to port sth on sth failed: Address already in use." causes restarting and applying new configs failure of the sshd service.
|
|
# Restart sshd service.
|
|
# Disable kernel need to restart: https://askubuntu.com/questions/1349884/how-to-disable-pending-kernel-upgrade-message
|
|
# Install some common components.
|
|
# Configure vim for more convenient to use.
|
|
# Rename netplan config file.
|
|
# Configure and restart fail2ban.
|
|
# Update grub.
|
|
# Delete cloud-init config file itself and disable it permanently after first execution.
|
|
runcmd:
|
|
- systemctl disable ssh.socket
|
|
- systemctl enable ssh.service
|
|
- systemctl daemon-reload
|
|
- update-rc.d ssh enable
|
|
- kill -9 $(ps -ef | grep '/usr/sbin/sshd' | gawk '$0 !~/grep/ {print $2}' | tr -s '\n' ' ')
|
|
- /etc/init.d/ssh restart
|
|
- sed -i 's/#$nrconf{restart} = '"'"'i'"'"';/$nrconf{restart} = '"'"'a'"'"';/g' /etc/needrestart/needrestart.conf
|
|
- sed -i "s/#\$nrconf{kernelhints} = -1;/\$nrconf{kernelhints} = -1;/g" /etc/needrestart/needrestart.conf
|
|
- apt update
|
|
- apt install dnsutils fail2ban file lrzsz net-tools vim wget -y
|
|
- sed -ri 's/set compatible/set nocompatible/g' /etc/vim/vimrc.tiny
|
|
- sed -ri '/set nocompatible/a\set backspace=2' /etc/vim/vimrc.tiny
|
|
- mv /etc/netplan/50-cloud-init.yaml /etc/netplan/20-netcfg.yaml
|
|
- netplan apply
|
|
- sed -i '/^\[Definition\]/a allowipv6 = auto' /etc/fail2ban/fail2ban.conf
|
|
- sed -ri 's/^backend = auto/backend = systemd/g' /etc/fail2ban/jail.conf
|
|
- update-rc.d fail2ban enable
|
|
- /etc/init.d/fail2ban restart
|
|
- grub-mkconfig -o /boot/grub/grub.cfg
|
|
- rm -rf /etc/cloud/cloud.cfg.d/99-fake_cloud.cfg
|
|
- touch /etc/cloud/cloud-init.disabled
|