cloud-init: update swarm-manager config
This commit is contained in:
parent
dbca83ff52
commit
e3ee76da83
1 changed files with 18 additions and 0 deletions
|
@ -12,6 +12,7 @@ packages:
|
||||||
- curl
|
- curl
|
||||||
- gnupg
|
- gnupg
|
||||||
- lsb-release
|
- lsb-release
|
||||||
|
- fail2ban
|
||||||
|
|
||||||
write_files:
|
write_files:
|
||||||
- path: /etc/iptables/rules.v4
|
- path: /etc/iptables/rules.v4
|
||||||
|
@ -47,7 +48,24 @@ write_files:
|
||||||
-A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp6-port-unreachable
|
-A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp6-port-unreachable
|
||||||
COMMIT
|
COMMIT
|
||||||
|
|
||||||
|
|
||||||
runcmd:
|
runcmd:
|
||||||
|
- 'iptables-restore < /etc/iptables/rules.v4'
|
||||||
|
- 'ip6tables-restore < /etc/iptables/rules.v6'
|
||||||
|
|
||||||
|
- [systemctl, enable, --now, fail2ban]
|
||||||
|
|
||||||
|
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/ssh/etc/ssh/sshd_config, --output, /etc/ssh/sshd_config.d/99-hardening.conf]
|
||||||
|
- [systemctl, restart, ssh]
|
||||||
|
|
||||||
|
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/modprobe/etc/modprobe.d/disable-network-filesystems.conf, --output, /etc/modprobe.d/disable-network-filesystems.conf]
|
||||||
|
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/modprobe/etc/modprobe.d/disable-rare-filesystems.conf, --output, /etc/modprobe.d/disable-rare-filesystems.conf]
|
||||||
|
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/modprobe/etc/modprobe.d/disable-rare-protocols.conf, --output, /etc/modprobe.d/disable-rare-protocols.conf]
|
||||||
|
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/modprobe/etc/modprobe.d/disable-vivid.conf, --output, /etc/modprobe.d/disable-vivid.conf]
|
||||||
|
|
||||||
|
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/sysctl/etc/sysctl.conf, --output, /etc/sysctl.d/99-hardening.conf]
|
||||||
|
- [sysctl, -p]
|
||||||
|
|
||||||
- [mkdir, -p, /usr/local/apt-keys]
|
- [mkdir, -p, /usr/local/apt-keys]
|
||||||
- [gpg, --fetch-keys, https://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/key.txt]
|
- [gpg, --fetch-keys, https://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/key.txt]
|
||||||
- 'gpg --export 569130E8CA20FBC4CB3FDE555898470A764B32C9 | tee /usr/local/apt-keys/yggdrasil-keyring.gpg > /dev/null'
|
- 'gpg --export 569130E8CA20FBC4CB3FDE555898470A764B32C9 | tee /usr/local/apt-keys/yggdrasil-keyring.gpg > /dev/null'
|
||||||
|
|
Loading…
Reference in a new issue