| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114 | #cloud-configpreserve_hostname: falseprefer_fqdn_over_hostname: truemanage_etc_hosts: truehostname: ${hostname}salt-master: ${salt_master}fqdn: ${fqdn}apt:  http_proxy: "http://${proxy}:80/"  https_proxy: "http://${proxy}:80/"# Ubuntu Advantage - broken? Using cmd.run#ubuntu_advantage:#  enable:#  - fips#  - cis#  - esm-infra#  - fips-updates#  - livepatch # no livepatch with fips!# Write files happens earlywrite_files:- content: |    http_proxy="http://${proxy}:80/"    https_proxy="http://${proxy}:80/"    no_proxy=localhost,127.0.0.1,169.254.169.254  path: /etc/environment  append: true- content: |    Acquire::http::Proxy "http://${proxy}:80/";    Acquire::https::Proxy "http://${proxy}:80/";    APT::ExtractTemplates::TempDir "/opt/tmp/";  path: /etc/apt/apt.conf.d/75xdrexecpath  append: true- content: |    [global]    proxy=${proxy}:80  path: /etc/pip.conf- content: |    export HTTPS_PROXY=http://${proxy}:80    export HTTP_PROXY=http://${proxy}:80    export NO_PROXY=localhost,127.0.0.1,169.254.169.254,pvt.xdrtest.accenturefederalcyber.com,pvt.xdr.accenturefederalcyber.com,reposerver.msoc.defpoint.local,jenkins.msoc.defpoint.local,pod1search-splunk-sh.msoc.defpoint.local,s3.amazonaws.com,ssm.${ aws_region }.amazonaws.com,ec2messages.${ aws_region }.amazonaws.com,ec2.${ aws_region }.amazonaws.com,ssmmessages.${ aws_region }.amazonaws.com,iratemoses.mdr.defpoint.com,jira.mdr.defpoint.com,reposerver.pvt.xdr.accenturefederalcyber.com,jenkins.pvt.xdr.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdr.accenturefederalcyber.com,reposerver.pvt.xdrtest.accenturefederalcyber.com,jenkins.pvt.xdrtest.accenturefederalcyber.com,pod1search-splunk-sh.pvt.xdrtest.accenturefederalcyber.com,iratemoses.xdr.accenturefederalcyber.com,jira.xdr.accenturefederalcyber.com,iratemoses.xdrtest.accenturefederalcyber.com,jira.xdrtest.accenturefederalcyber.com    export https_proxy=$HTTPS_PROXY    export http_proxy=$HTTP_PROXY    export no_proxy=$NO_PROXY  path: /etc/profile.d/proxy.sh- content: |    net.ipv6.conf.eth0.disable_ipv6 = 1  permissions: 0644  owner: root  path: /etc/sysctl.d/10-disable-ipv6.conf- content: |    ${fqdn}  path: /etc/salt/minion_id- content: |    master: ${salt_master}  path: /etc/salt/minion- content: |    grains:      environment: ${ environment }      aws_partition: ${ aws_partition }      aws_partition_alias: ${ aws_partition_alias }      aws_region: ${ aws_region }  path: /etc/salt/minion.d/cloud_init_grains.conf#yum_repos:#  epel-release:#    baseurl: http://download.fedoraproject.org/pub/epel/7/$basearch#    enabled: false#    failovermethod: priority#    gpgcheck: true#    gpgkey: http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7#    name: Extra Packages for Enterprise Linux 7 - Releasepackages: - vimpackage_update: true # Always patchgrowpart:  mode: auto  devices: [ '/', '/var', '/var/log', '/var/log/audit', '/var/tmp', '/tmp', '/home' ]  ignore_growroot_disabled: falseruncmd: - find /usr/local/lib -type f -exec chmod o+r {} \; - export http_proxy=http://${proxy}:80 - export https_proxy=http://${proxy}:80 - export no_proxy=localhost,127.0.0.1,169.254.169.254 - ua auto-attach - ua enable --assume-yes cis fips fips-updates - /usr/share/ubuntu-scap-security-guides/cis-hardening/Canonical_Ubuntu_20.04_CIS-harden.sh lvl2_server - apt update  - apt upgrade -y - apt install -y firewalld - /bin/systemctl start firewalld - /bin/systemctl enable firewalld - /bin/systemctl restart salt-minion - /bin/systemctl enable salt-minion - /bin/systemctl start snap.amazon-ssm-agent.amazon-ssm-agent.service - /bin/systemctl enable snap.amazon-ssm-agent.amazon-ssm-agent.service - /usr/sbin/aide --update --verbose=0 - /bin/cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db# Either final message or power state, but probably not both#final_message: "The system is up after $UPTIME seconds"power_state:  # delay is in minutes  delay: "+1"  mode: reboot  message: "System configured after $UPTIME seconds"#  timeout: 300#  condition: true
 |