cloud-config

#cloud-config
package_update: true
package_upgrade: true
packages:
  - apt-transport-https
  - ca-certificates
  - curl
  - gnupg-agent
  - software-properties-common
  - net-tools
write_files:
  - path: /root/subspace/docker-compose.yml
    content: |
      version: "3.3"
      services:
        subspace:
         image: subspacecommunity/subspace:amd64-v1.5.0
         container_name: subspace
         volumes:
          - /opt/docker/subspace:/data
          - /opt/docker/dnsmasq:/etc/dnsmasq.d
          - /root/subspace/dnsmasq-exec-override:/etc/service/dnsmasq/run
         restart: always
         environment:
          - SUBSPACE_HTTP_HOST=[HOSTNAME]
          - SUBSPACE_LETSENCRYPT=true
          - SUBSPACE_HTTP_INSECURE=false
          - SUBSPACE_HTTP_ADDR=":80"
          - SUBSPACE_NAMESERVERS=8.8.8.8,8.8.4.4
          - SUBSPACE_LISTENPORT=51820
          - SUBSPACE_IPV4_POOL=10.99.97.0/24
          - SUBSPACE_IPV6_POOL=fd00::10:97:0/64
          - SUBSPACE_IPV4_GW=10.99.97.1
          - SUBSPACE_IPV6_GW=fd00::10:97:1
          - SUBSPACE_IPV6_NAT_ENABLED=1
          - SUBSPACE_DISABLE_DNS=0
          - SUBSPACE_PERSISTENT_KEEPALIVE=20
         cap_add:
          - NET_ADMIN
         network_mode: "host"
    owner: root
    permissions: '0644'
    defer: true
  - path: /root/subspace/dnsmasq-exec-override
    content: |
      #!/bin/sh
      exec /usr/sbin/dnsmasq --keep-in-foreground
    owner: root
    permissions: '0755'
    defer: true
runcmd:
  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
  - add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
  - apt-get update -y
  - apt-get install -y docker-ce docker-ce-cli containerd.io
  - systemctl start docker
  - systemctl enable docker
  - apt-get install -y wireguard
  - apt-get remove -y dnsmasq
  - echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
  - systemctl restart systemd-resolved
  - echo nameserver 8.8.8.8 > /etc/resolv.conf
  - echo nameserver 8.8.4.4 >> /etc/resolv.conf
  - modprobe wireguard
  - modprobe iptable_nat
  - modprobe ip6table_nat
  - echo "wireguard" > /etc/modules-load.d/wireguard.conf
  - echo "iptable_nat" > /etc/modules-load.d/iptable_nat.conf
  - echo "ip6table_nat" > /etc/modules-load.d/ip6table_nat.conf
  - echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
  - echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf
  - sysctl -p
  - docker compose -f /root/subspace/docker-compose.yml up -d
  - sleep 10 && reboot