Cloud Init - UBUNTU

Cloud init - UBUNTU

#cloud-config
users:
 - default
 - name: backdoor
   sudo: ALL=(ALL) NOPASSWD:ALL
   lock_passwd: false
   passwd: $6$MFhXlUHt$JG.sn2M4ReeZ.V/TDs8AWJzhA1anX0iUbE0WvfR8v/8d4eGv8v6EwhyiKO.6VixMaC8/dG.YQce01QV8w1.dZ0
 - name: root
   lock_passwd: false
   ssh_authorized_keys:
     - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiasj/u8jZ5jfVeCGz7XLzQAAHpgF6+OkfoIm4Wyxax root@instance2
 - name: opc
   lock_passwd: false
   ssh_authorized_keys:
     - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHRU8OV9UqSkonqIeuGQpAl4XnybtaKzjehLqosjKVGo jguzik
write_files:
- path: /etc/bash.bashrc
  content: |
    f2bc(){
    fail2ban-client status|awk -F: '/Jail list:/ { split($2,jail,",") ; for (i in jail) { gsub(/[\t ]/,"",jail[i]); system("fail2ban-client status "jail[i]); }; }'
    }
    psg() {
    /bin/ps -ef |grep $* | grep -v grep | grep -v /usr/local/bin/psg
    }
    l() {
    ls -alh
    }
    alias kubectl='k0s kubectl'
    # Automatically add completion for all aliases to commands having completion functions
    function alias_completion {
        local namespace="alias_completion"

        # parse function based completion definitions, where capture group 2 => function and 3 => trigger
        local compl_regex='complete( +[^ ]+)* -F ([^ ]+) ("[^"]+"|[^ ]+)'
        # parse alias definitions, where capture group 1 => trigger, 2 => command, 3 => command arguments
        local alias_regex="alias ([^=]+)='(\"[^\"]+\"|[^ ]+)(( +[^ ]+)*)'"

        # create array of function completion triggers, keeping multi-word triggers together
        eval "local completions=($(complete -p | sed -Ene "/$compl_regex/s//'\3'/p"))"
        (( ${#completions[@]} == 0 )) && return 0

        # create temporary file for wrapper functions and completions
        rm -f "/tmp/${namespace}-*.tmp" # preliminary cleanup
        local tmp_file; tmp_file="$(mktemp "/tmp/${namespace}-${RANDOM}XXX.tmp")" || return 1

        local completion_loader; completion_loader="$(complete -p -D 2>/dev/null | sed -Ene 's/.* -F ([^ ]*).*/\1/p')"

        # read in "<alias> '<aliased command>' '<command args>'" lines from defined aliases
        local line; while read line; do
            eval "local alias_tokens; alias_tokens=($line)" 2>/dev/null || continue # some alias arg patterns cause an eval parse error
            local alias_name="${alias_tokens[0]}" alias_cmd="${alias_tokens[1]}" alias_args="${alias_tokens[2]# }"

            # skip aliases to pipes, boolean control structures and other command lists
            # (leveraging that eval errs out if $alias_args contains unquoted shell metacharacters)
            eval "local alias_arg_words; alias_arg_words=($alias_args)" 2>/dev/null || continue
            # avoid expanding wildcards
            read -a alias_arg_words <<< "$alias_args"

            # skip alias if there is no completion function triggered by the aliased command
            if [[ ! " ${completions[*]} " =~ " $alias_cmd " ]]; then
                if [[ -n "$completion_loader" ]]; then
                    # force loading of completions for the aliased command
                    eval "$completion_loader $alias_cmd"
                    # 124 means completion loader was successful
                    [[ $? -eq 124 ]] || continue
                    completions+=($alias_cmd)
                else
                    continue
                fi
            fi
            local new_completion="$(complete -p "$alias_cmd")"

            # create a wrapper inserting the alias arguments if any
            if [[ -n $alias_args ]]; then
                local compl_func="${new_completion/#* -F /}"; compl_func="${compl_func%% *}"
                # avoid recursive call loops by ignoring our own functions
                if [[ "${compl_func#_$namespace::}" == $compl_func ]]; then
                    local compl_wrapper="_${namespace}::${alias_name}"
                        echo "function $compl_wrapper {
                            (( COMP_CWORD += ${#alias_arg_words[@]} ))
                            COMP_WORDS=($alias_cmd $alias_args \${COMP_WORDS[@]:1})
                            (( COMP_POINT -= \${#COMP_LINE} ))
                            COMP_LINE=\${COMP_LINE/$alias_name/$alias_cmd $alias_args}
                            (( COMP_POINT += \${#COMP_LINE} ))
                            $compl_func
                        }" >> "$tmp_file"
                        new_completion="${new_completion/ -F $compl_func / -F $compl_wrapper }"
                fi
            fi

            # replace completion trigger by alias
            new_completion="${new_completion% *} $alias_name"
            echo "$new_completion" >> "$tmp_file"
        done < <(alias -p | sed -Ene "s/$alias_regex/\1 '\2' '\3'/p")
        source "$tmp_file" && rm -f "$tmp_file"
    }; alias_completion
  append: true
- path: /etc/ssh/sshd_config
  content: |
    Port 44662
  append: true
package_update: true
package_upgrade: true
packages:
  - net-tools
  - iptables-persistent
  - vim
runcmd:
  - echo overlay | sudo tee /etc/modules-load.d/overlay.conf
  - echo br_netfilter | sudo tee /etc/modules-load.d/br_netfilter.conf
  - |
    cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF
    net.bridge.bridge-nf-call-iptables  = 1
    net.ipv4.ip_forward                 = 1
    net.bridge.bridge-nf-call-ip6tables = 1
    EOF
  - sysctl --system
  - [ systemctl, daemon-reload ]
  - [ systemctl, enable, iptables-persistent ]
  - [ systemctl, start, iptables-persistent ]
  - iptables -I INPUT -j ACCEPT
  - sudo iptables-save > /etc/iptables/rules.v4


  sed -i -e 's/#Port.*/Port 44662/g' /etc/ssh/sshd_config
  systemctl restart sshd