finxol.io / config
Config and setup files
fork atom

add cloud-init file

finxol.io adffa436 b6512d32

verified
options
unified split
Changed files
+56
cloud-init.yaml
+56
cloud-init.yaml
··· 1 + #cloud-config 2 + 3 + users: 4 + - name: finxol 5 + groups: users, admin, docker 6 + sudo: ALL=(ALL) NOPASSWD:ALL 7 + shell: /bin/bash 8 + ssh_authorized_keys: 9 + # id_rsa.pub 10 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC10FwjHert2ks+hzt6MIRS/5HAasryp5jhBv7y7Ig531epIpwKrVIEX5/o0c8aPzfsVtMRSLSBJxPHxKMPJwZmjMJz5uCO09aalsFLC5hmA9M6HWt7Tm+4U3GxO73yfQKfzy9NEvFVR9McMeNLuk7aQP+hnaf9E/FYjW0obk9LOgjk/zG1rB5zs70+WCP5B1YXpkiPzubyw1CPeMx5UFrLd3cJUhgiKF+VdP52xis9EDZ+S7G3fknHmSUIRy9/xWSuOr9VB7nGATRGFhZKa4xzd9d/FGLhempkPdD9WTnsPMRD4Fneq5wXd7Qr2J8fIX8G6v71G1Xj56Y7D70OIYtwfa1uwtIUO4HdNnIoLGBj9QkW5LCx+wB4i/FwQ0IKCJzDx6HdnT2dSOoGVCoW8AnUpBZSDNKmEa5hlhriJse46ThjLvYpRcS2nIEO705qeb9kxW67jAFmedU8xwcdb9UJ5AOzQanCYIBKa9Cgm+hi0UoCQfktlfJQ8ASicMie/XE= finxol@Colins-MacBook-Pro.local 11 + 12 + package_update: true 13 + package_upgrade: true 14 + 15 + write_files: 16 + - path: /etc/ssh/sshd_config.d/ssh-hardening.conf 17 + content: | 18 + UsePAM yes 19 + PasswordAuthentication no 20 + KbdInteractiveAuthentication no 21 + PermitRootLogin no 22 + PermitEmptyPasswords no 23 + X11Forwarding no 24 + AllowAgentForwarding no 25 + ClientAliveInterval 300 26 + ClientAliveCountMax 2 27 + LoginGraceTime 60 28 + MaxAuthTries 3 29 + MaxSessions 4 30 + AuthorizedKeysFile .ssh/authorized_keys 31 + AllowUsers finxol 32 + 33 + runcmd: 34 + - apt-get install -y git gpg ca-certificates curl apt-transport-https debian-keyring debian-archive-keyring 35 + - apt-get install -y bat 36 + - "[[ -f /usr/bin/batcat ]] && [[ ! -f /usr/bin/bat ]] && ln -s /usr/bin/batcat /usr/bin/bat || true" 37 + - mkdir -p /etc/apt/keyrings 38 + - wget -qO- https://raw.githubusercontent.com/eza-community/eza/main/deb.asc | gpg --dearmor -o /etc/apt/keyrings/gierens.gpg 39 + - echo "deb [signed-by=/etc/apt/keyrings/gierens.gpg] http://deb.gierens.de stable main" | tee /etc/apt/sources.list.d/gierens.list 40 + - chmod 644 /etc/apt/keyrings/gierens.gpg /etc/apt/sources.list.d/gierens.list 41 + - curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc 42 + - chmod a+r /etc/apt/keyrings/docker.asc 43 + - sh -c 'echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null' 44 + - curl -1sLf https://dl.cloudsmith.io/public/caddy/stable/gpg.key | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg 45 + - echo "deb [signed-by=/usr/share/keyrings/caddy-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/caddy/stable/debian/ any main" | tee /etc/apt/sources.list.d/caddy-stable.list 46 + - chmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpg /etc/apt/sources.list.d/caddy-stable.list 47 + - apt-get update 48 + - apt-get install -y eza 49 + - apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin 50 + - apt-get install -y caddy 51 + - apt-get install -y chrony 52 + - groupadd docker || true 53 + - usermod -aG docker finxol 54 + - systemctl enable --now chrony 55 + - systemctl restart sshd 56 + - reboot