#cloud-config hostname: ${hostname} locale: en_IE keyboard: layout: ie ssh_pwauth: true users: - name: ${username} plain_text_passwd: ${password} shell: /bin/bash ssh_authorized_keys: - ${ssh_key} lock_passwd: false sudo: ALL=(ALL) NOPASSWD:ALL package_update: true package_upgrade: true package_reboot_if_required: false packages: # Install core packages - apparmor - base-devel - qemu-guest-agent - rng-tools - spice-vdagent # Install usefull core packages - bash-completion - git - htop - man - pass - python-notify2 - vim - wget runcmd: # Regenerate grub.cfg - grub-mkconfig -o /boot/grub/grub.cfg # Remove swapfile - swapoff -a - rm -rf /swap/ - sed -e "/swap/d" -i /etc/fstab # Enable core services - systemctl enable apparmor - systemctl enable auditd - systemctl enable rngd - systemctl enable systemd-timesyncd.service write_files: # Enable AppArmor in kernel parameters - path: /etc/default/grub append: true content: | GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT lsm=landlock,lockdown,yama,integrity,apparmor,bpf" # Set some bash aliases - path: /etc/skel/.bashrc append: true content: | [[ -f ~/.bash_aliases ]] && source ~/.bash_aliases # Setup shared directory - path: /etc/fstab append: true content: | 0a31bc478ef8e2461a4b1cc10a24cc4 /home/user/Projects/apparmor.d virtiofs defaults 0 1 # Network configuration - path: /etc/systemd/network/20-wired.network owner: "root:root" permissions: "0644" content: | [Match] Name=en* [Network] DHCP=yes [DHCPv4] RouteMetric=10