davidpeach/cloud_config.yaml

## cloud_config.yaml
#cloud-config

users:
    - name: demo_user
      shell: /bin/bash
      ssh-authorized-keys:
       - ssh-rsa [your -key]

packages:
    - git
    - postgresql
    - libpq-dev
    - python3-dev
    - python-pip
    - python3-pip
    - vnstat

runcmd:
    # SETUP VIRTUALENV
    - sudo pip install virtualenv
    - sudo pip install virtualenvwrapper
    - |
        sudo -H -u demo_user echo "export WORKON_HOME=/home/demo_user/.virtualenvs
        source /usr/local/bin/virtualenvwrapper.sh" >> /home/demo_user/.bashrc
    # SETUP POSTGRESQL
    - echo "listen_addresses = '*'" >> /etc/postgresql/9.3/main/postgresql.conf
    - |
        sudo -u postgres psql -U postgres postgres <<SQL
            CREATE ROLE read_only LOGIN
            ENCRYPTED PASSWORD 'md5hash(password~user)'
            NOSUPERUSER NOINHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;
        SQL
    - |
        sudo -u postgres psql -U postgres postgres <<SQL
            CREATE ROLE demo_user LOGIN
            ENCRYPTED PASSWORD 'md5hash(password~user)'
            NOSUPERUSER NOINHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;
        SQL
    - sudo -u postgres createdb -E utf8 -O demo_user db_name
    - |
        sudo -u postgres psql -U postgres postgres <<SQL
            REVOKE ALL ON DATABASE db_name FROM read_only;
            GRANT CONNECT ON DATABASE db_name TO read_only;
            REVOKE ALL ON SCHEMA public FROM read_only;
            GRANT USAGE ON SCHEMA public TO read_only;
            ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON TABLES FROM read_only;
            ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO read_only;
        SQL
    - echo "local   db_name    demo_user                 peer" >> /etc/postgresql/9.3/main/pg_hba.conf
    - echo "host    db_name    read_only       0.0.0.0/0   md5" >> /etc/postgresql/9.3/main/pg_hba.conf
    - echo "track_counts = on" >> /etc/postgresql/9.3/main/postgresql.conf
    - echo "autovacuum = on" >> /etc/postgresql/9.3/main/postgresql.conf
    - service postgresql restart
    # SETUP VNSTAT
    - sudo chmod o+x /usr/bin/vnstat
    - sudo chmod o+wx /var/lib/vnstat/
    - vnstat -u -i eth0
    - service vnstat start
    # setup keys so that the server can pull from github repo
    - |
        cat - >/home/demo_user/.ssh/key_name <<EOF
        -----BEGIN RSA PRIVATE KEY-----
        [your-key]
        -----END RSA PRIVATE KEY-----
        EOF
    - echo "ssh-rsa [your-key]" > /home/demo_user/.ssh/key_name.pub
    - chown demo_user:demo_user /home/demo_user/.ssh/key_name*
    - chmod 600 /home/demo_user/.ssh/key_name*
    - echo "IdentityFile ~/.ssh/key_name" >> /home/demo_user/.ssh/config
    - chown demo_user:demo_user /home/demo_user/.ssh/config
    - ssh-keyscan -t rsa github.com >> /home/demo_user/.ssh/known_hosts
    - chown demo_user:demo_user /home/demo_user/.ssh/known_hosts
    # SETUP APP
    - mkdir /app
    - mkdir /app/instance
    - chown demo_user:demo_user -R /app
    - sudo -i -u demo_user git clone git@github.com/yoour-app /app/code
    - chmod 600 -R /app
    - sudo -u demo_user run-your-app-command
	#cloud-config

	users:
	- name: demo_user
	shell: /bin/bash
	ssh-authorized-keys:
	- ssh-rsa [your -key]

	packages:
	- git
	- postgresql
	- libpq-dev
	- python3-dev
	- python-pip
	- python3-pip
	- vnstat

	runcmd:
	# SETUP VIRTUALENV
	- sudo pip install virtualenv
	- sudo pip install virtualenvwrapper
	- \|
	sudo -H -u demo_user echo "export WORKON_HOME=/home/demo_user/.virtualenvs
	source /usr/local/bin/virtualenvwrapper.sh" >> /home/demo_user/.bashrc
	# SETUP POSTGRESQL
	- echo "listen_addresses = '*'" >> /etc/postgresql/9.3/main/postgresql.conf
	- \|
	sudo -u postgres psql -U postgres postgres <<SQL
	CREATE ROLE read_only LOGIN
	ENCRYPTED PASSWORD 'md5hash(password~user)'
	NOSUPERUSER NOINHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;
	SQL
	- \|
	sudo -u postgres psql -U postgres postgres <<SQL
	CREATE ROLE demo_user LOGIN
	ENCRYPTED PASSWORD 'md5hash(password~user)'
	NOSUPERUSER NOINHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;
	SQL
	- sudo -u postgres createdb -E utf8 -O demo_user db_name
	- \|
	sudo -u postgres psql -U postgres postgres <<SQL
	REVOKE ALL ON DATABASE db_name FROM read_only;
	GRANT CONNECT ON DATABASE db_name TO read_only;
	REVOKE ALL ON SCHEMA public FROM read_only;
	GRANT USAGE ON SCHEMA public TO read_only;
	ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON TABLES FROM read_only;
	ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO read_only;
	SQL
	- echo "local db_name demo_user peer" >> /etc/postgresql/9.3/main/pg_hba.conf
	- echo "host db_name read_only 0.0.0.0/0 md5" >> /etc/postgresql/9.3/main/pg_hba.conf
	- echo "track_counts = on" >> /etc/postgresql/9.3/main/postgresql.conf
	- echo "autovacuum = on" >> /etc/postgresql/9.3/main/postgresql.conf
	- service postgresql restart
	# SETUP VNSTAT
	- sudo chmod o+x /usr/bin/vnstat
	- sudo chmod o+wx /var/lib/vnstat/
	- vnstat -u -i eth0
	- service vnstat start
	# setup keys so that the server can pull from github repo
	- \|
	cat - >/home/demo_user/.ssh/key_name <<EOF
	-----BEGIN RSA PRIVATE KEY-----
	[your-key]
	-----END RSA PRIVATE KEY-----
	EOF
	- echo "ssh-rsa [your-key]" > /home/demo_user/.ssh/key_name.pub
	- chown demo_user:demo_user /home/demo_user/.ssh/key_name*
	- chmod 600 /home/demo_user/.ssh/key_name*
	- echo "IdentityFile ~/.ssh/key_name" >> /home/demo_user/.ssh/config
	- chown demo_user:demo_user /home/demo_user/.ssh/config
	- ssh-keyscan -t rsa github.com >> /home/demo_user/.ssh/known_hosts
	- chown demo_user:demo_user /home/demo_user/.ssh/known_hosts
	# SETUP APP
	- mkdir /app
	- mkdir /app/instance
	- chown demo_user:demo_user -R /app
	- sudo -i -u demo_user git clone git@github.com/yoour-app /app/code
	- chmod 600 -R /app
	- sudo -u demo_user run-your-app-command