apparmor.d/tests/packer/init/archlinux-server.user-data.yml

86 lines
1.7 KiB
YAML
Raw Normal View History

#cloud-config
hostname: ${hostname}
locale: en_IE
keyboard:
layout: ie
ssh_pwauth: true
users:
- name: ${username}
plain_text_passwd: ${password}
shell: /bin/bash
ssh_authorized_keys:
- ${ssh_key}
lock_passwd: false
sudo: ALL=(ALL) NOPASSWD:ALL
package_update: true
package_upgrade: true
package_reboot_if_required: false
packages:
# Install core packages
- apparmor
- base-devel
- qemu-guest-agent
- rng-tools
- spice-vdagent
# Install usefull core packages
- bash-completion
- git
- htop
- man
- pass
- python-notify2
- vim
- wget
runcmd:
# Regenerate grub.cfg
- grub-mkconfig -o /boot/grub/grub.cfg
# Remove swapfile
- swapoff -a
- rm -rf /swap/
- sed -e "/swap/d" -i /etc/fstab
# Enable core services
- systemctl enable apparmor
- systemctl enable auditd
- systemctl enable rngd
- systemctl enable systemd-timesyncd.service
write_files:
# Enable AppArmor in kernel parameters
- path: /etc/default/grub
append: true
content: |
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT lsm=landlock,lockdown,yama,integrity,apparmor,bpf"
# Set some bash aliases
- path: /etc/skel/.bashrc
append: true
content: |
[[ -f ~/.bash_aliases ]] && source ~/.bash_aliases
# Setup shared directory
- path: /etc/fstab
append: true
content: |
0a31bc478ef8e2461a4b1cc10a24cc4 /home/user/Projects/apparmor.d virtiofs defaults 0 1
# Network configuration
- path: /etc/systemd/network/20-wired.network
owner: "root:root"
permissions: "0644"
content: |
[Match]
Name=en*
[Network]
DHCP=yes
[DHCPv4]
RouteMetric=10