-
Notifications
You must be signed in to change notification settings - Fork 0
/
cloud-init.sh
40 lines (33 loc) · 1.14 KB
/
cloud-init.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#!/usr/bin/env bash
# Update system
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get purge apt-listchanges -y
apt-get autoremove -y
apt-get dist-upgrade -yq
apt-get autoremove -y
apt-get clean
# Install packages
apt-get install git docker.io -y
apt-get update
# Set vars
# If you change the ssh port here, you'll
# also have to change it in variables.tf
SUDO_USER=yoloadmin
SSH_PORT=55022
# Create sudo user
useradd -m $SUDO_USER -s /bin/bash
echo "${SUDO_USER} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/$SUDO_USER
chmod 440 /etc/sudoers.d/$SUDO_USER
# Setup ssh key access for sudo user
mkdir -p /home/$SUDO_USER/.ssh
mv /root/.ssh/authorized_keys /home/$SUDO_USER/.ssh/
chown -R $SUDO_USER:$SUDO_USER /home/$SUDO_USER/.ssh
# add user to docker group
usermod -aG docker $SUDO_USER
# Secure sshd config and restart sshd
sed -i "s/#Port 22/Port ${SSH_PORT}/g" /etc/ssh/sshd_config
sed -i "s/PermitRootLogin prohibit-password/PermitRootLogin no/g" /etc/ssh/sshd_config
sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
sed -i "s/X11Forwarding yes/X11Forwarding no/g" /etc/ssh/sshd_config
systemctl restart sshd