#cloud-config
hostname: debian
fqdn: debian.localdomain
manage_etc_hosts: true

# Create ansible user
users:
  - name: ansible
    groups: sudo
    shell: /bin/bash
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    ssh_authorized_keys:
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILBrnivsqjhAxWYeuuvnYc3neeRRuHsr2SjeKv+Drtpu user@debian

# Set root password
chpasswd:
  list: |
    root:kpKzCuawxG3VFqOx0dEXrpRhbu/uNbdeu27GovG9IUU=
  expire: False

# SSH configuration
ssh_pwauth: true
disable_root: false

# Package installation
packages:
  - sudo
  - vim
  - htop
  - tmux
  - curl
  - wget
  - rsync
  - git
  - python3
  - python3-pip
  - jq
  - bc
  - aide
  - auditd
  - chrony
  - ufw

# Configure SSH
write_files:
  - path: /etc/ssh/sshd_config.d/99-security.conf
    content: |
      PermitRootLogin yes
      PasswordAuthentication yes
      PubkeyAuthentication yes
    permissions: '0644'
  - path: /etc/sudoers.d/ansible
    content: |
      ansible ALL=(ALL) NOPASSWD:ALL
    permissions: '0440'

# Run commands
runcmd:
  - systemctl enable ssh
  - systemctl restart ssh
  - systemctl enable chrony
  - systemctl start chrony

# Enable services
packages_update: true
packages_upgrade: true

# Set timezone
timezone: UTC

# Enable logging
output:
  all: '| tee -a /var/log/cloud-init-output.log'