-
Notifications
You must be signed in to change notification settings - Fork 0
/
cloudinit-dev.yml
70 lines (70 loc) · 2.59 KB
/
cloudinit-dev.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#cloud-config
users:
- name: dev
groups: users, admin, docker
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA86OHFiDGeS7U2EMlk31Irfy0CDiZf2KrF58VplpbhUCHOw/+aRw1pCWquNzMK5SFJpcTdVEsMc7rW4PzN1KsZex4Zao1BtNRUGnZysSGwf1Wa4j146KkyvVVwjZBxMxKY6xjAED8KA/WhCp6bobE0nz6xJNXCpeOMKOmvo3nDuxuAn9NVSEANSaD1wVx6U8lkC7iaSEbJLKqm2GfBeEP1UqMBj9V27TbiD47nMijoINsmM4qQqEUHHyjCA3GlUm3whcbXyf4VBiDOiF+2CB99LMnoRmU1WtEdxH7MwGOHlQx+ZRhx4kXRlUD/OwqVen04BsXVdCEWQ5MTV/4zTJr4Q== rahoulb@monster.local
packages:
- fail2ban
- ufw
- wget
- mosh
- git
- zsh
- apt-transport-https
- ca-certificates
- curl
- gnupg
- lsb-release
- software-properties-common
- make
- build-essential
- zlib1g-dev
- autoconf
- bison
- libffi-dev
- libc-dev
- libyaml-dev
- libgdbm-dev
- libssl-dev
- libncurses-dev
- libffi-dev
- libsqlite3-dev
- libreadline-dev
- libbz2-dev
- ack
- tmux
- ruby
- vim
- universal-ctags
package_update: true
package_upgrade: true
runcmd:
# General server setup
- timedatectl set-timezone Europe/London
# Fail2Ban setup
- printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local
- systemctl enable fail2ban
# UFW and SSH setup
- ufw allow 22/tcp
- ufw allow 3000-3010/tcp
- ufw allow 60000-61000/tcp
- ufw enable
- sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
- sed -i '$a AllowUsers app' /etc/ssh/sshd_config
# Install Docker
- mkdir -m 0755 -p /etc/apt/keyrings
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
- echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
- apt-get update
- apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# Install rbenv
- reboot