# The top level settings are used as module # and system configuration. # Update the contents of /etc/hosts. This will use the name you # specified when creating the VM in proxmox manage_etc_hosts: true # A set of users which may be applied and/or used by various modules # when a 'default' entry is found it will reference the 'default_user' # from the distro configuration specified below users: - default # If this is set, 'root' will not be able to ssh in and they # will get a message to login instead as the above $user (debian) disable_root: true # Change default root password from the preseed file to a random one chpasswd: list: | root:RANDOM # Update apt database on first boot (run 'apt-get update') apt_update: true # Upgrade the instance on first boot apt_upgrade: true # Reboot after package install/update if necessary apt_reboot_if_required: true # Install useful packages packages: - vim # Write out new SSH daemon configuration. Standard debian 11 configuration # apart from forbidding root login and disabling password authentication write_files: - path: /etc/ssh/sshd_config content: | PermitRootLogin no PubkeyAuthentication yes PasswordAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no UsePAM yes X11Forwarding yes PrintMotd no AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server # The modules that run in the 'init' stage cloud_init_modules: - seed_random - write-files - set_hostname - update_hostname - update_etc_hosts - ca-certs - users-groups - ssh # The modules that run in the 'config' stage cloud_config_modules: - set-passwords - ntp - timezone - disable-ec2-metadata # The modules that run in the 'final' stage cloud_final_modules: - package-update-upgrade-install - scripts-vendor - scripts-per-once - scripts-per-boot - scripts-per-instance - scripts-user - ssh-authkey-fingerprints - final-message # System and/or distro specific settings # (not accessible to handlers/transforms) system_info: # This will affect which distro class gets used distro: debian # Default user name + that default users groups (if added/used) default_user: name: debian lock_passwd: True gecos: Debian groups: [adm, audio, cdrom, dialout, dip, floppy, netdev, plugdev, sudo, video] sudo: ["ALL=(ALL) NOPASSWD:ALL"] shell: /bin/bash # Don't forget to add your public key here ssh_authorized_keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDd9zeqsZ1uC6kw3W4OFZH7i/ZMRD4Q3S8+i1+vhihlM9fIWRKUb7eVDYRBJPJBeKAiUaN78PWWwmBAgW8aFw/8aQfcKw1s+11F6WzGlwZ6bH6tyARC/2QVwLPORdUJmStuSLkvRTKFqIMbkO2sCEGl/58XNp+4yfIY23jx02eU8ZK2C608SXtE0FuIkXaXwTCaZl8AgAJKntzhlZ1ijGMWyMjMv8yZ/d0+kxROs6eo0QPz9EoJ0GDHPMTxkzkzK6/TQwRy9CF2TZr5xpRSKIZcRHIrk2eWGCBYoVgW4A3q/ZVRbUq5eWFEAHpMxmEv7nD9XxyXMwnt1R9t0EgWKjNLA73khCl/KC9tdN8aAkkfedM21Xa/PL1zjo0LX1sdI5tmTC42mqgP1ta+G5mJcf08CNTezoLHsdHaEm4sYuN0V7WKMUdcZ27ygz+mYvGJyKHPIkdF+JlUkh1G0uVPFAY0hSc/Sam6fVZpIsW4cKEp5QB59TF9cSPxlSgDRpnKLVXfZOo5WriTANeZPXi23fMEIXPuz7pN6rNAJMFcYng5IV8fb4yCvz2+5C9LzxVzePynHLJD89nd/njSVqEx1TBCvf/Kzh/DxJBJiuTHiS3xtKtSbDTBWrd0CPPLbPZ7V7n410In7usYUBISVoIpZsPjOQj/1tJ5YkPdILly5S3Qhw== - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAYgZh37Z6+4AQE1wElD+D8xiUjevI/1ZfwqbWFFknUb08/688qNI0PZme4yfKhD/DO5Bstk/l6J/Kqrh/R6v4mbAxvYcbUoAE0+zqK4j6xspdKSe0yN4GOAqWoMCgX3vhwnEUYqtLTPzhuDscnubLEpGsZxYeFJpFYMFwGFvBD/Ehoe2CndotCe238hodiKSOfMX+ZV8Itb2zJdfRGyqyiIgzZaP3DvaLSvx52NTju4EmHr6IOatkPMrk3gvERsHKAOevJyr/ng4ONzZM18x8x41a0vePatUURsc8J2Jp1Gu+X6r3BqnrNpPeuzW02EVZKjy/+C2cPUwO3x6edsGio9uEg7Sm3qa/wQ9FS55USt07LUt2SHvcfNPBF15aa2tAQMSAJmWFlVyQAHx2A6i1rk0eIEWJdBuL3yGjMT4y9Ilync04CYEdtqwW8Vd0zU6vmyXeW05yibtOz+V/AKCBpqvMdAuarDgXJhNCsOkQ7whgngV00e62J9rL0Y+Hdiv8R2yH4IOdc6t2sMi3uuu3qfaFTO16MLaoULCK1FpvGanxA/jE1qP73aCm4VnQ9UKeBswBYpUWEe7b+RpH26uOr/LE2M3PIaMsVtN2qMzyUt0I5wgpholbVKgPNmq1GBTRiPZkN5DcPLBq0lntUQxPgCtLDu/u/b+ti89cJEigvQ== # Other config here will be given to the distro class and/or path classes paths: cloud_dir: /var/lib/cloud/ templates_dir: /etc/cloud/templates/ upstart_dir: /etc/init/ package_mirrors: - arches: [default] failsafe: primary: http://deb.debian.org/debian security: http://security.debian.org/ ssh_svcname: ssh