forked from dan-v/dosxvpn
/
userdata.go
119 lines (106 loc) · 3.31 KB
/
userdata.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package dosxvpn
import (
"bytes"
"text/template"
)
const baseUserData = `#cloud-config
ssh_authorized_keys:
- {{.SSHAuthorizedKey}}
write_files:
- path: /etc/ssh/sshd_config
permissions: 0600
owner: root:root
content: |
# Use most defaults for sshd configuration.
UsePrivilegeSeparation sandbox
Subsystem sftp internal-sftp
PermitRootLogin no
AllowUsers core
PasswordAuthentication no
ChallengeResponseAuthentication no
coreos:
update:
reboot-strategy: reboot
locksmith:
window-start: 10:00
window-length: 1h
units:
- name: "etcd2.service"
command: "start"
- name: dosxvpn-update.service
content: |
[Unit]
Description=Handles updates for dosxvpn
[Service]
Type=oneshot
ExecStartPre=/usr/bin/docker pull dosxvpn/strongswan-updater
ExecStart=/usr/bin/docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock dosxvpn/strongswan-updater
- name: dosxvpn-update.timer
command: start
content: |
[Unit]
Description=Run dosxvpn-update on schedule
[Timer]
OnCalendar=*-*-* 0/12:00:00
- name: dummy-interface.service
command: start
content: |
[Unit]
Description=Creates a dummy local interface
[Service]
User=root
Type=oneshot
ExecStart=/bin/sh -c "modprobe dummy; ip link set dummy0 up; ifconfig dummy0 1.1.1.1/32; echo 1.1.1.1 pi.hole >> /etc/hosts"
- name: dosxvpn.service
command: start
content: |
[Unit]
Description=dosxvpn
After=docker.service,dummy-interface.service
[Service]
User=core
Restart=always
TimeoutStartSec=0
KillMode=none
EnvironmentFile=/etc/environment
ExecStartPre=-/usr/bin/docker kill dosxvpn
ExecStartPre=-/usr/bin/docker rm dosxvpn
ExecStartPre=/usr/bin/docker pull dosxvpn/strongswan
ExecStart=/usr/bin/docker run --name dosxvpn --privileged --net=host -v ipsec.d:/etc/ipsec.d -v strongswan.d:/etc/strongswan.d -v /lib/modules:/lib/modules -v /etc/localtime:/etc/localtime -e VPN_DNS=1.1.1.1 -e VPN_DOMAIN=$public_ipv4 dosxvpn/strongswan
ExecStop=/usr/bin/docker stop dosxvpn
- name: pihole.service
command: start
content: |
[Unit]
Description=pihole
After=docker.service,dummy-interface.service
[Service]
User=core
Restart=always
TimeoutStartSec=0
KillMode=none
EnvironmentFile=/etc/environment
ExecStartPre=-/usr/bin/docker kill pihole
ExecStartPre=-/usr/bin/docker rm pihole
ExecStartPre=/usr/bin/docker pull diginc/pi-hole:alpine
ExecStart=/usr/bin/docker run --name pihole --net=host -e ServerIP=1.1.1.1 -e WEBPASSWORD=dosxvpn diginc/pi-hole:alpine
ExecStop=/usr/bin/docker stop pihole
`
type userDataParams struct {
SSHAuthorizedKey string
}
func buildUserData(opt *options, keypair *sshKeyPair) (string, error) {
t, err := template.New("userdata").Parse(baseUserData)
if err != nil {
return "", err
}
params := userDataParams{
SSHAuthorizedKey: string(keypair.authorizedKey),
}
var buf bytes.Buffer
err = t.Execute(&buf, params)
if err != nil {
return "", err
}
return string(buf.Bytes()), nil
}