infrastructure/modules/tenant-vm/cloud-init.yaml.tftpl

#cloud-config

hostname: ${hostname}
manage_etc_hosts: true

users:
  - name: ${username}
    lock_passwd: false
    ssh_authorized_keys:
      - ${ssh_key}
    sudo: ALL=(ALL) NOPASSWD:ALL
    shell: /bin/bash

chpasswd:
  expire: false
  users:
    - name: ${username}
      password: ${password}
      type: text

ssh_pwauth: true

package_update: true
packages:
  - fail2ban
  - ufw

runcmd:
  - ufw default deny incoming
  - ufw default allow outgoing
  - ufw allow 22/tcp
  - ufw --force enable
  - systemctl enable --now fail2ban