CoreOS/cloud-config.yml at master · shhkta/CoreOS · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#cloud-config
coreos:
  units:
    - name: static.network
      content: |
        [Match]
        Name=eth0

        [Network]
        Address=192.168.11.2/23
        Gateway=192.168.11.1
        DNS=210.188.224.10
        DNS=210.188.224.11
    - name: timezone.service
      command: start
      content: |
        [Unit]
        Description=set the timezone

        [Service]
        Type=oneshot
        ExecStart=/usr/bin/timedatectl set-timezone Asia/Tokyo
        RemainAfterExit=yes
    - name: systemd-sysctl.service
      command: restart
    - name: create-swap.service
      command: start
      runtime: true
      content: |
        [Unit]
        Description=Create swap file
        Before=swap.service

        [Service]
        Type=oneshot
        Environment="SWAPFILE=/2GiB.swap"
        ExecStart=/usr/bin/touch ${SWAPFILE}
        ExecStart=/usr/bin/chattr +C ${SWAPFILE}
        ExecStart=/usr/bin/fallocate -l 2048m ${SWAPFILE}
        ExecStart=/usr/bin/chmod 600 ${SWAPFILE}
        ExecStart=/usr/sbin/mkswap ${SWAPFILE}

        [Install]
        WantedBy=multi-user.target
    - name: swap.service
      command: start
      content: |
        [Unit]
        Description=Turn on swap

        [Service]
        Type=oneshot
        Environment="SWAPFILE=/2GiB.swap"
        RemainAfterExit=true
        ExecStartPre=/usr/sbin/losetup -f ${SWAPFILE}
        ExecStart=/usr/bin/sh -c "/sbin/swapon $(/usr/sbin/losetup -j ${SWAPFILE} | /usr/bin/cut -d : -f 1)"
        ExecStop=/usr/bin/sh -c "/sbin/swapoff $(/usr/sbin/losetup -j ${SWAPFILE} | /usr/bin/cut -d : -f 1)"
        ExecStopPost=/usr/bin/sh -c "/usr/sbin/losetup -d $(/usr/sbin/losetup -j ${SWAPFILE} | /usr/bin/cut -d : -f 1)"

        [Install]
        WantedBy=multi-user.target

ssh_authorized_keys:
  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXYZ8++p8gC6lZvqYeZytcg6R36TW7aPSm27Inth1OV0CFvohgNCVwmk0JrncmFSQF8ELIomdRdUsoeJblLcxT01oAPoBSyG5nwywwPj1akKwkQVA+dq0FEEzW5jLkQeYubra2DIksbnIXQMSsRhjf9N/ULL28cMv4ZOs4jW3DSCewTvvPl87XpX5RCLANKoCrqZ1nk1zmAufOt9Z02yTv8iqzFfGZMG1mJFNgYP5zffUX0OXbPI1wNdLLWAafYQFTzHYhwaneRur6VJ/ipaJKwyLZWa509ilUo1Wn0EABZGTNuMb8XYy4IE7iZ6wj946U3C4n65dDXDGzoJHwBZab

write_files:
  - path: /etc/ssh/sshd_config
    permissions: 0600
    owner: root:root
    content: |
      # Use most defaults for sshd configuration.
      UsePrivilegeSeparation sandbox
      Subsystem sftp internal-sftp

      PermitRootLogin no
      AllowUsers core
      PasswordAuthentication no
      ChallengeResponseAuthentication no
      AllowTcpForwarding yes