# The top level settings are used as module # and system configuration. # Update the contents of /etc/hosts. This will use the name you # specified when creating the VM in proxmox manage_etc_hosts: true # A set of users which may be applied and/or used by various modules # when a 'default' entry is found it will reference the 'default_user' # from the distro configuration specified below users: - default # If this is set, 'root' will not be able to ssh in and they # will get a message to login instead as the above $user (debian) disable_root: true # Change default root password from the preseed file to a random one chpasswd: list: | root:RANDOM # Update apt database on first boot (run 'apt-get update') apt_update: true # Upgrade the instance on first boot apt_upgrade: true # Reboot after package install/update if necessary apt_reboot_if_required: true # Install useful packages packages: - vim # Write out new SSH daemon configuration. Standard debian 11 configuration # apart from forbidding root login and disabling password authentication write_files: - path: /etc/ssh/sshd_config content: | PermitRootLogin no PubkeyAuthentication yes PasswordAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no UsePAM yes X11Forwarding yes PrintMotd no AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server # The modules that run in the 'init' stage cloud_init_modules: - migrator - seed_random - bootcmd - write-files - growpart - resizefs - disk_setup - mounts - set_hostname - update_hostname - update_etc_hosts - ca-certs - rsyslog - users-groups - ssh # The modules that run in the 'config' stage cloud_config_modules: - emit_upstart - ssh-import-id - locale - set-passwords - grub-dpkg - apt-pipelining - apt-configure - ntp - timezone - disable-ec2-metadata - runcmd - byobu # The modules that run in the 'final' stage cloud_final_modules: - package-update-upgrade-install - scripts-vendor - scripts-per-once - scripts-per-boot - scripts-per-instance - scripts-user - ssh-authkey-fingerprints - final-message # System and/or distro specific settings # (not accessible to handlers/transforms) system_info: # This will affect which distro class gets used distro: debian # Default user name + that default users groups (if added/used) default_user: name: debian lock_passwd: True gecos: Debian groups: [adm, audio, cdrom, dialout, dip, floppy, netdev, plugdev, sudo, video] sudo: ["ALL=(ALL) NOPASSWD:ALL"] shell: /bin/bash # Don't forget to add your public key here ssh_authorized_keys: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHRYu07KxH1k+RvQ0JjDeLslwEgmWNdU5xtgYXCHoG7L tim@matabi - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6xkvp6hi1jat9640TMk3q3YwrsmwCDTmnMJTCsrCPn45JahGOA+nE8hrb75yd0WQb8Khn/prWfwWDaXzxg70pDuznlXfOnvATB0zPdNJngEM3vmo2U1bCnICCxKWRiGTH10LHb8ZGy0rRNDubryRWsIcxE4Vrp07e+suPkLjd55dKEsxz5G0lK7dMmEHlMy0Cy4tVBQlws0kFLtWLu3xL0TGRvhM0nrKNyHlRlOgWN1FIymukkpXLT71YwMidTr2y7fhmYP6qZB/2tKJT/4GzKsvfyHmzKxZgRXOJCUiu1mb9WIJ4wGDX9KVkAoCmH6yK1XulEib9+OeskolyYsdYGmpSFcFb9/6eHLEA94inHqe5xzLNnZMotzkEGy0xPH61c0TrUV5J8JU6jKtnl+F2VRPeemw7Y3nNDqka2O0U9AQDchjoHl7VvAWcV7XUyS9L/ve8FsHNRXpG9t6AJWd92MOPs2F9jXGbVDwwNrRhDp1emc0yKi4KxsSNlF+gvC4uD+p2IWhWoQSY4BYvxwK063fvTTu3xNUPL8EV8oX4E2+IzKJwwOIRawyjJuEfIGUA27ye7VrCkc/LOgpHU/lM7NzutBMBTKLJb012BncvZ14B6R3LeUuCKqN8qrhv2tbW4UIzhhn1g1+Wov7PFAOC/i6oDqsxOWh2heEX2UMKQQ== tim@matabi # Other config here will be given to the distro class and/or path classes paths: cloud_dir: /var/lib/cloud/ templates_dir: /etc/cloud/templates/ upstart_dir: /etc/init/ package_mirrors: - arches: [default] failsafe: primary: http://deb.debian.org/debian security: http://security.debian.org/ ssh_svcname: ssh