-
Notifications
You must be signed in to change notification settings - Fork 0
/
hetzner_cloudinit_example.yml
49 lines (45 loc) · 2 KB
/
hetzner_cloudinit_example.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#cloud-config
users:
# REMOVE FOR PROD
- name: admin
groups: users, sudo
shell: /bin/bash
lock_passwd: false
#hash for "password"
passwd: $6$rounds=4096$E4QOuJYzriV7lq$3AddYRUViZCIheTCYXyQs5TO65T5mtiYAChV7ijAY1xImirCYfY3/gP.ZG6B.spjJQmtSlyqzIkNZaOJmLh2r/
- name: ci
groups: users, docker
shell: /bin/bash
ssh_authorized_keys:
# Checking in public SSH keys into a GitHub repository is generally safe, as the public key is designed to be shared
# If you're using the public key for a service (like allowing access to a server), someone could potentially use that knowledge to attempt to spam or
# perform denial-of-service attacks, knowing that the server will spend resources trying to authenticate the bogus attempts.
# Furthermore Having public keys checked in might provide information on which entities or persons you're interacting with, which could be a privacy concern in some contexts.
# MODIFIY THIS Pub-Key
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHn6w4FpufWM7kjAI3zDTAv//an/ybjhBi/Ia8V8TSVO
packages:
- apt-transport-https
- fail2ban
- ca-certificates
- curl
- gnupg-agent
- software-properties-common
package_update: true
package_upgrade: true
runcmd:
#docker install
- curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
- add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
- apt-get update -y
- apt-get install -y docker-ce docker-ce-cli containerd.io
- systemctl start docker
- systemctl enable docker
#
- mkdir /home/ci/backup
- systemctl enable fail2ban
# ssh config
- sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
- sed -i '$a AllowUsers ci' /etc/ssh/sshd_config
- reboot