-
Notifications
You must be signed in to change notification settings - Fork 0
/
user-data.yaml
77 lines (77 loc) · 2.93 KB
/
user-data.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#cloud-config
hostname: ${HOSTNAME}
disable_root: false
network:
config: disabled
users:
- name: ${USERNAME}
groups: users, admin, docker, sudo, kvm
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
lock_passwd: true
package_update: true
package_upgrade: true
packages:
- wireguard
- openresolv
- ssh-import-id
- sudo
- curl
- tmux
- netplan.io
- apt-transport-https
- ca-certificates
- software-properties-common
- htop
- iotop
- git-extras
- rsyslog
- fail2ban
- gpg
- open-iscsi
- nfs-common
- ncdu
runcmd:
#####################
# Import SSH keys
- sudo -u ${USERNAME} ssh-import-id-gh ${GITHUB_USERNAME}
######################
# Install YQ
- wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq &&\
- chmod +x /usr/bin/yq
######################
# Install Docker
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
- echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
- sudo apt-get update
- sudo apt-get install -y docker-ce
########################
# Install Docker Compose
- sudo -u friend -i mkdir -p /home/friend/.docker/cli-plugins/
- sudo -u friend -i curl -SL https://github.com/docker/compose/releases/download/v2.17.3/docker-compose-linux-x86_64 -o /home/${USERNAME}/.docker/cli-plugins/docker-compose
- sudo chmod +x /home/${USERNAME}/.docker/cli-plugins/docker-compose
########################
# Brew and Python3
- wget https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh
- chmod +x /install.sh
- chmod 777 /install.sh
- sudo -u friend NONINTERACTIVE=1 /bin/bash /install.sh
- sudo -u friend /home/linuxbrew/.linuxbrew/bin/brew shellenv >> /home/${USERNAME}/.profile
- sudo -u friend /home/linuxbrew/.linuxbrew/opt/python@3.11/libexec/bin >> /home/${USERNAME}/.profile
- sudo chown -R ${USERNAME}:${USERNAME} /home/linuxbrew
- sudo chown -R ${USERNAME}:${USERNAME} /home/${USERNAME}
#######################
# Prometheus Node Exporter
- wget -O /opt/node_exporter-1.6.1.linux-amd64.tar.gz https://github.com/prometheus/node_exporter/releases/download/v1.6.1/node_exporter-1.6.1.linux-amd64.tar.gz
- tar -xvf /opt/node_exporter-1.6.1.linux-amd64.tar.gz -C /opt
- rm /opt/node_exporter-1.6.1.linux-amd64.tar.gz
- ln -s node_exporter-1.6.1.linux-amd64 /opt/node_exporter
- wget https://raw.githubusercontent.com/small-hack/smol-metal/main/node-exporter.service
- sudo mv node-exporter.service /etc/systemd/system/node-exporter.service
########################
# Start system services
- systemctl daemon-reload
- systemctl enable node-exporter
- systemctl restart node-exporter
- sudo systemctl enable fail2ban
- sudo systemctl start fail2ban