cloud-init: update swarm-manager config

This commit is contained in:
Claudio Maradonna 2022-08-03 17:48:35 +02:00
parent dbca83ff52
commit e3ee76da83
Signed by: claudiomaradonna
GPG key ID: B1EDCB4C3B05C387

View file

@ -12,6 +12,7 @@ packages:
- curl - curl
- gnupg - gnupg
- lsb-release - lsb-release
- fail2ban
write_files: write_files:
- path: /etc/iptables/rules.v4 - path: /etc/iptables/rules.v4
@ -47,7 +48,24 @@ write_files:
-A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp6-port-unreachable -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp6-port-unreachable
COMMIT COMMIT
runcmd: runcmd:
- 'iptables-restore < /etc/iptables/rules.v4'
- 'ip6tables-restore < /etc/iptables/rules.v6'
- [systemctl, enable, --now, fail2ban]
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/ssh/etc/ssh/sshd_config, --output, /etc/ssh/sshd_config.d/99-hardening.conf]
- [systemctl, restart, ssh]
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/modprobe/etc/modprobe.d/disable-network-filesystems.conf, --output, /etc/modprobe.d/disable-network-filesystems.conf]
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/modprobe/etc/modprobe.d/disable-rare-filesystems.conf, --output, /etc/modprobe.d/disable-rare-filesystems.conf]
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/modprobe/etc/modprobe.d/disable-rare-protocols.conf, --output, /etc/modprobe.d/disable-rare-protocols.conf]
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/modprobe/etc/modprobe.d/disable-vivid.conf, --output, /etc/modprobe.d/disable-vivid.conf]
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/sysctl/etc/sysctl.conf, --output, /etc/sysctl.d/99-hardening.conf]
- [sysctl, -p]
- [mkdir, -p, /usr/local/apt-keys] - [mkdir, -p, /usr/local/apt-keys]
- [gpg, --fetch-keys, https://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/key.txt] - [gpg, --fetch-keys, https://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/key.txt]
- 'gpg --export 569130E8CA20FBC4CB3FDE555898470A764B32C9 | tee /usr/local/apt-keys/yggdrasil-keyring.gpg > /dev/null' - 'gpg --export 569130E8CA20FBC4CB3FDE555898470A764B32C9 | tee /usr/local/apt-keys/yggdrasil-keyring.gpg > /dev/null'