Last active
July 17, 2022 05:17
-
-
Save Zyclotrop-j/dbcc3a881cb0209329e1c40d68de4424 to your computer and use it in GitHub Desktop.
Cloud init config - adds basic security defaults to the instance (ssh-key, no-root login, ufw) and adds some basic package. Replace <USERNAME> (twice!) and <PUBLIC SSH KEY>
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
users: | |
- name: <USERNAME> | |
ssh-authorized-keys: | |
- ssh-rsa <PUBLIC SSH KEY> | |
sudo: ['ALL=(ALL) NOPASSWD:ALL'] | |
groups: sudo | |
shell: /bin/bash | |
package_update: true | |
package_upgrade: true | |
packages: | |
- htop | |
- nano | |
- ufw | |
- git | |
- build-essential | |
- curl | |
runcmd: | |
- sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config | |
- sed -i -e '$aAllowUsers <USERNAME>' /etc/ssh/sshd_config | |
- systemctl restart sshd | |
- [ timedatectl, set-timezone, UTC ] | |
- [ timedatectl, set-ntp, true ] | |
- ufw default deny incoming | |
- ufw default allow outgoing | |
- ufw limit 22 | |
- ufw allow http | |
- ufw allow https | |
- echo "y" | ufw enable | |
- curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment