Last active
March 11, 2019 20:14
-
-
Save benyanke/820a95798cdf39f0379d1e8fec508981 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
##################################### | |
# Nginx App Server Bootstrap script | |
# | |
# Includes network mount storage config | |
# Designed to be used in a cluster | |
# | |
# Created by Ben Yanke | |
# | |
##################################### | |
# Create users and add keys | |
users: | |
- name: ubuntu | |
groups: sudo | |
shell: /bin/bash | |
sudo: ['ALL=(ALL) NOPASSWD:ALL'] | |
ssh-authorized-keys: | |
- ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAu1kW8KsjsKetkEteNGD30bzGrsWXsgQTxQe74Gq7lkMoUV0nmX+/tmn2zzzqL8RjFSfcbV2K05IknLHi/TzHd+YcKOWQiN4MwRwF9qnclupuDP/GCxI8/RCjGe+jdltBTsWO1SSX+WHAERKAES4QQJ8iWCa5JDN3+GGZOGbuHdXKsHRMXQlIErosKfnhBaKTp8fRpg2KO03UDsVhoUf8y3BryVv9uTmQBOylkUCr/QHOcIIIRs1mCgeA9PCXGYaN8nbdavPfc9KE6OkVt41zkbH+5XdZ3sBzCLamXHHPEQgzIIvNI8uNlx4fMVnuiG8yxn7SLFGfVvBYlDU7a+Pyow== ben@benyanke.com main key | |
- ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAteFNkftBDhXZIiNoEVIhEKUvfkSO4rNHbLiWj6J+E+RDr32yMyl0Bv5pLBntqxQPlQV0an86BimKpKAQj+ddEiCejXG/AWOcVrqfzcQ9ODjka8RQQwY4wP0TtnH/p5d5fyMZTZvUBr0X+ZYj69sGp9+SdzXamF8cz42g0N4uUXB0bf7VCTTeh7+vf3hb4dqI1dUhvbgy7moKjqJfxIaYfDtqzzNUT6hB7NiHvYJaf59oQOUDXikD30SS7+jck6gqad94UOQkYPKaj4JVIzsIaahl4ZkeAR0lxqgwPMi4w27Ay+CBw78uAxQMg+xKG13q3UhwlEv+otAAOuy7nh1amQ== ben@benyanke.com mobile key | |
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCXHLCk0jqd45BjM3e2oQ4y3yHWxF1KWFscxdU8F/rQsYGQU0zYNG5OOy1JeJ8YKJXBZpWskJee/QF2IQAE1jj3Zj2aav+31FNMp3+jLL6OvMjL7e8d0AInsKZGXg7ABC5fs+7h42WBBfFcK+nWNhXZm6d4wKPBmngMkizeGNjaKO0aGdUIfY/RpjNHy0MKxD/vZWk8ure5p6MRe31galTY1Cf4u5ll9nX9n39eYpqHxdJoU1pH6iJ2ARuEZ8qNM/MSTz1xDsZWeFn+r9v3URIMfhWEHuKHJ/bgj0IXgcmn0t318+kqpL5B/nHAF6HARmecjxzXQEKlQUSkB8psYXO2uEc5w/9w4y+xuYHN9peIf5Sat/vrOAl3k8uQVUFfedHw0uH5vsO+ZRLCRjGbdRJtRcyL63ySbx2ejIEAAqlIYDOskJXVgEIsu92NCjDep4ad2KNTUHLvbNukInla/HxZbdcHo/aYx3t6potooSMCO1O59G7h+exAdTCYGOA+5dg53TEZMOeiHeOnWKLo+CQtS0vWwrQQomjfC/GcEddkXw6Fech9vCRerstWrMNnh2OThWPAzQRE7jBHVNPL5A89XVv0hK3tuMoTXS08WBbkZkI1RjgOBNFVrKNPRMKKsRn6lq6KuUrAil8ua11vEdAmYgd0OABJbyfLpuU54VYCew== frh-vps-key.pub | |
- name: benyanke | |
groups: sudo | |
shell: /bin/bash | |
sudo: ['ALL=(ALL) NOPASSWD:ALL'] | |
ssh-authorized-keys: | |
- ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAu1kW8KsjsKetkEteNGD30bzGrsWXsgQTxQe74Gq7lkMoUV0nmX+/tmn2zzzqL8RjFSfcbV2K05IknLHi/TzHd+YcKOWQiN4MwRwF9qnclupuDP/GCxI8/RCjGe+jdltBTsWO1SSX+WHAERKAES4QQJ8iWCa5JDN3+GGZOGbuHdXKsHRMXQlIErosKfnhBaKTp8fRpg2KO03UDsVhoUf8y3BryVv9uTmQBOylkUCr/QHOcIIIRs1mCgeA9PCXGYaN8nbdavPfc9KE6OkVt41zkbH+5XdZ3sBzCLamXHHPEQgzIIvNI8uNlx4fMVnuiG8yxn7SLFGfVvBYlDU7a+Pyow== ben@benyanke.com main key | |
- ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAteFNkftBDhXZIiNoEVIhEKUvfkSO4rNHbLiWj6J+E+RDr32yMyl0Bv5pLBntqxQPlQV0an86BimKpKAQj+ddEiCejXG/AWOcVrqfzcQ9ODjka8RQQwY4wP0TtnH/p5d5fyMZTZvUBr0X+ZYj69sGp9+SdzXamF8cz42g0N4uUXB0bf7VCTTeh7+vf3hb4dqI1dUhvbgy7moKjqJfxIaYfDtqzzNUT6hB7NiHvYJaf59oQOUDXikD30SS7+jck6gqad94UOQkYPKaj4JVIzsIaahl4ZkeAR0lxqgwPMi4w27Ay+CBw78uAxQMg+xKG13q3UhwlEv+otAAOuy7nh1amQ== ben@benyanke.com mobile key | |
# Modify the /etc/profile for all shell sessions | |
write_files: | |
- content: | | |
----------------------------------------------------------------- | |
Webserver cluster instance | |
----------------------------------------------------------------- | |
BANNER INFO HERE | |
----------------------------------------------------------------- | |
BANNER INFO HERE | |
----------------------------------------------------------------- | |
path: /etc/motd.tail | |
owner: root:root | |
permissions: '0644' | |
# Install packages | |
packages: | |
- apg | |
- nano | |
- htop | |
- curl | |
- wget | |
- git | |
- mariadb-client | |
- mariadb-server | |
- composer | |
- phpunit | |
- mcrypt | |
- tree | |
- php7.0 | |
- vim | |
- screen | |
- iotop | |
- httpie | |
- sqlite | |
- sqlite3 | |
- swapspace | |
- autofs | |
- cifs-utils | |
- nginx | |
- php7.0-fpm | |
- php7.0-cli | |
- php7.0-curl | |
- php7.0-json | |
- php7.0-mysql | |
- php7.0-ldap | |
- php7.0-zip | |
- php7.0-mbstring | |
- php7.0-xml | |
- php7.0-tidy | |
- php7.0-soap | |
- php7.0-dev | |
package_upgrade: true | |
# AutoFS Setup | |
# Based on: | |
# http://www.unixmen.com/how-to-mount-a-smbcifs-share-as-an-automount-on-centosfedorarhel/ | |
runcmd: | |
- rm -rf /mnt/remote; | |
- mkdir -p /mnt/remote/appcluster; | |
- echo "/mnt/remote /etc/auto.cifs --timeout=300 --ghost" > /etc/auto.master | |
- echo "appcluster -fstype=cifs,rw,noperm,credentials=/etc/auto.credentials.appcluster //MOUNTSERVER/MOUNTPOINT" > /etc/auto.cifs | |
- echo "username=USERNAMEHERE" > /etc/auto.credentials.appcluster | |
- echo "password=PASSWORDHERE" >> /etc/auto.credentials.appcluster | |
# - echo "domain=DOMAINHERE" >> /etc/auto.credentials.appcluster | |
- chown root:root /etc/auto.credentials.* | |
- chmod 600 /etc/auto.credentials.* | |
- service autofs restart | |
# Setting up Nginx Virtualhost config from network share | |
runcmd: | |
- rm -rf /etc/nginx/sites-enabled | |
- ln -s $basedir/config/nginx/sites-enabled /etc/nginx/sites-enabled | |
# Setting up nginx snippets | |
runcmd: | |
- rm -rf /etc/nginx/snippets | |
- ln -s $basedir/config/nginx/snippets /etc/nginx/snippets | |
# Modifying nginx config | |
runcmd: | |
- cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.original | |
- sed -i 's/include \/etc\/nginx\/sites-enabled\/\*;/include \/etc\/nginx\/sites-enabled\/\*.conf;/g' /etc/nginx/nginx.conf | |
# Linking to the network share | |
runcmd: | |
- rm -rf /var/www | |
- ln -s $basedir/www /var/www | |
# Restart nginx | |
- sudo service nginx restart | |
# Configure PHP-FPM | |
runcmd: | |
- cp /etc/php/7.0/fpm/php.ini /etc/php/7.0/fpm/php.ini.original | |
- sed -i 's/;cgi\.fix_pathinfo=1/cgi\.fix_pathinfo=1/g' /etc/php/7.0/fpm/php.ini | |
- service php7.0-fpm restart | |
# Setup UFW firewall | |
runcmd: | |
- ufw default deny incoming | |
- ufw default allow outgoing | |
- ufw allow 22 # IN ETH1 (private) | |
- ufw allow 80 | |
- ufw allow 443 | |
- ufw --force enable | |
# Remote apt packages | |
runcmd: | |
- apt autoremove -y | |
- apt autoremove -y | |
- apt autoremove -y | |
power_state: | |
timeout: 5 | |
message: Rebooting after provisioning server. | |
mode: reboot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment