-
-
Notifications
You must be signed in to change notification settings - Fork 11
Example Cloud init Script
Dave Shoreman edited this page Mar 18, 2023
·
2 revisions
#cloud-config
hostname: YOUR_HOSTNAME
fqdn: YOUR_HOSTNAME.YOUR_DOMAIN.TLD
prefer_fqdn_over_hostname: true
users:
- name: YOUR_USER
shell: /bin/fish
groups: users, admin, adm
sudo: ALL=(ALL) NOPASSWD:ALL
lock_passwd: true
ssh_import_id:
- gh:YOUR_GITHUB_USER
locale: en_GB
timezone: Etc/UTC
packages:
- fish
- nginx
- fail2ban
package_update: true
package_upgrade: true
disable_root: true
runcmd:
- printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local
- systemctl enable fail2ban
- ufw allow 'Nginx Full'
- ufw allow OpenSSH
- ufw allow 8042
- ufw enable
- sed -i '$a AllowUsers YOUR_USER' /etc/ssh/sshd_config
- sed -i -E '/^#?PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
- sed -i -E '/^#?PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
- sed -i -E '/^#?X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
- sed -i -E '/^#?MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
- sed -i -E '/^#?AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
- sed -i -E '/^#?AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
- sed -i -E '/^#?AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
- systemctl restart ssh.service
- |
curl -sSL -o /tmp/setup-servidor.sh \
https://github.com/dshoreman/servidor/releases/download/v0.16.0/setup.sh
- |
bash /tmp/setup-servidor.sh -v --branch master \
--pusher 1234567:123abc45d67890e12f34:12345a6b7890c1defa2b