47 lines
1.2 KiB
YAML
47 lines
1.2 KiB
YAML
---
|
|
# Example configuration for bootstrap.yml
|
|
# Copy this to bootstrap.vars.yml and customize
|
|
|
|
# Required: User configuration
|
|
user_name: "operator"
|
|
|
|
# SSH public key (choose one method)
|
|
# Method 1: Direct key
|
|
user_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... your-key-comment"
|
|
|
|
# Method 2: From local file
|
|
# user_pubkey_file: "~/.ssh/id_ed25519.pub"
|
|
|
|
# Method 3: From URL (e.g., GitHub keys)
|
|
# user_pubkey_url: "https://github.com/username.keys"
|
|
|
|
# Optional: User password (for console access or sudo with password)
|
|
# user_password: "changeme"
|
|
|
|
# Optional: User configuration
|
|
# user_home: "/home/operator"
|
|
# user_uid: 1000
|
|
# user_shell: /bin/bash
|
|
# user_groups:
|
|
# - wheel
|
|
# - docker
|
|
|
|
# Sudo configuration
|
|
user_sudo_enabled: true
|
|
user_sudo_nopasswd: true
|
|
|
|
# Replace all existing authorized_keys with just this key
|
|
user_pubkey_exclusive: true
|
|
|
|
# SSH hardening options (defaults are secure)
|
|
# ssh_server_ports: ["22"]
|
|
# ssh_permit_root_login: "no"
|
|
# ssh_server_password_login: false
|
|
# ssh_max_auth_retries: 2
|
|
|
|
# Restrict SSH access to specific users (recommended after setup)
|
|
# ssh_allow_users: "operator"
|
|
|
|
# Allow TCP forwarding if needed (for SSH tunnels)
|
|
# ssh_allow_tcp_forwarding: "local"
|