#cloud-config

users:
- name: demo
  gecos: Demo
  groups: wheel
  lock_passwd: false
  passwd: $6$pkjw0DZirHVbQuBW$U/D84I3BVGutAOyg2GmOGPcHTptM4nFhULLuzpwwUQ400eiYonbVVfaqDts7AB3VgFsPR/4P6BsMD90811n6S0
  ssh_authorized_keys:
  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1tt58X0+vbvsCR12gMAqr+g7vjt1Fx/qqz9EiboIs nicolas@localhost.localdomain
  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFW62WJXI1ZCMfNA4w0dMpL0fsldhbEfULNGIUB0nQui nmasse@localhost.localdomain

write_files:
- path: /etc/sudoers
  content: |
    Defaults   !visiblepw
    Defaults    always_set_home
    Defaults    match_group_by_gid
    Defaults    always_query_group_plugin
    Defaults    env_reset
    Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
    Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
    Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
    Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
    Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
    Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
    root    ALL=(ALL)       ALL
    %wheel  ALL=(ALL)       NOPASSWD: ALL
    #includedir /etc/sudoers.d
  permissions: '0440'
  append: false
- path: /etc/ssh/sshd_config.d/00-demo.conf
  content: |
    KbdInteractiveAuthentication no
    GSSAPIAuthentication no
    PasswordAuthentication no
    PermitRootLogin prohibit-password
    KerberosAuthentication no
  permissions: '0440'
  append: false

runcmd:
- systemctl disable --now --no-block rpcbind.socket