Forked from zdehasek/gist:877cb28a7f9dc5506ef4bc7f026179fd
Created
January 30, 2026 19:26
-
-
Save fmalina/c5481b29bf1d6da246449f90e0191a45 to your computer and use it in GitHub Desktop.
cloud-config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #cloud-config | |
| packages: | |
| - apache-utils | |
| - fail2ban | |
| - ufw | |
| - docker.io | |
| - curl | |
| - git | |
| package_update: true | |
| package_upgrade: true | |
| users: | |
| - name: app | |
| groups: users, admin, docker | |
| sudo: ALL=(ALL) NOPASSWD:ALL | |
| shell: /bin/bash | |
| ssh_authorized_keys: | |
| - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZe78S7iGyDQJW8Dx3gYl5Iloa/CKFeFIyzu3p9uGH6 zde@hasek | |
| write_files: | |
| - path: /etc/ssh/sshd_config.d/99-hardening.conf | |
| content: | | |
| PermitRootLogin no | |
| PasswordAuthentication no | |
| KbdInteractiveAuthentication no | |
| ChallengeResponseAuthentication no | |
| MaxAuthTries 2 | |
| AllowTcpForwarding no | |
| X11Forwarding no | |
| AllowAgentForwarding no | |
| AllowUsers app | |
| - path: /etc/fail2ban/jail.local | |
| content: | | |
| [sshd] | |
| enabled = true | |
| banaction = iptables-multiport | |
| runcmd: | |
| - systemctl enable fail2ban | |
| - ufw allow OpenSSH | |
| - ufw allow 80 | |
| - ufw allow 443 | |
| - ufw --force enable | |
| - systemctl restart sshd | |
| - reboot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment