-
Notifications
You must be signed in to change notification settings - Fork 157
/
google.ks
78 lines (63 loc) · 1.95 KB
/
google.ks
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# Lorax Composer partitioned disk output kickstart template
# Firewall configuration
firewall --disabled
# NOTE: The root account is locked by default
# Network information
network --bootproto=dhcp --onboot=on --mtu=1460 --noipv6 --activate
# NOTE: keyboard and lang can be replaced by blueprint customizations.locale settings
# System keyboard
keyboard --xlayouts=us --vckeymap=us
# System language
lang en_US.UTF-8
# SELinux configuration
selinux --enforcing
# Installation logging level
logging --level=info
# Shutdown after installation
shutdown
# System timezone
timezone --ntpservers metadata.google.internal UTC
# System bootloader configuration
bootloader --location=mbr --append="console=ttyS0,38400n8d"
# Add platform specific partitions
reqpart --add-boot
services --disabled=irqbalance
%post
# Remove random-seed
rm /var/lib/systemd/random-seed
# Clear /etc/machine-id
rm /etc/machine-id
touch /etc/machine-id
# Remove the rescue kernel and image to save space
rm -f /boot/*-rescue*
# Replace the ssh configuration
cat > /etc/ssh/sshd_config << EOF
# Disable PasswordAuthentication as ssh keys are more secure.
PasswordAuthentication no
# Disable root login, using sudo provides better auditing.
PermitRootLogin no
PermitTunnel no
AllowTcpForwarding yes
X11Forwarding no
# Compute times out connections after 10 minutes of inactivity. Keep alive
# ssh connections by sending a packet every 7 minutes.
ClientAliveInterval 420
EOF
cat > /etc/ssh/ssh_config << EOF
Host *
Protocol 2
ForwardAgent no
ForwardX11 no
HostbasedAuthentication no
StrictHostKeyChecking no
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
Tunnel no
# Google Compute Engine times out connections after 10 minutes of inactivity.
# Keep alive ssh connections by sending a packet every 7 minutes.
ServerAliveInterval 420
EOF
%end
%packages
kernel
selinux-policy-targeted
# NOTE lorax-composer will add the blueprint packages below here, including the final %end