I would love to see Kairos images pass, and verify with CI, against the compliance profile for the DevSec SSH Baseline.
Describe alternatives you've considered
Supporting the cloud-init ansible module would allow folks to run any arbitrary ansible playbook during cloud-init, and the ansible role for this could be ran during that phase. It's a more generic solution, but I think meeting the baseline profile would be better for most users by default than requiring them to run this playbook.
Is your feature request related to a problem? Please describe.
I run the ssh role from dev-sec/ansible-collection-hardening on any linux box I run to harden ssh to the DevSec SSH Baseline. The Kairos images all appear to use the default configuration for ssh, which isn't as secure.
Describe the solution you'd like
I would love to see Kairos images pass, and verify with CI, against the compliance profile for the DevSec SSH Baseline.
Describe alternatives you've considered
Supporting the cloud-init ansible module would allow folks to run any arbitrary ansible playbook during cloud-init, and the ansible role for this could be ran during that phase. It's a more generic solution, but I think meeting the baseline profile would be better for most users by default than requiring them to run this playbook.