guiambros/cloud-init.sh

## cloud-init.sh
#!/bin/bash

function getpublickey()
{
     x=$(curl -fs http://169.254.169.254/latest/meta-data/public-keys/)
     if [ $? -eq 0 ]; then
             for i in $x; do
                     index=$(echo $i|cut -d = -f 1)
                     format=$(curl -s http://169.254.169.254/latest/meta-data/public-keys/$index/)
                     echo $(curl -s http://169.254.169.254/latest/meta-data/public-keys/$index/$format)
             done
     else
             echo "SSH Key not available"
     fi
}

#-----------------------------------------------------------------------------------------------------
#-- ADJUST THESE!
#
HOSTNAME=newhostname
DOMAIN=domain.com
NEW_USERNAME=johndoe

DDNS_ENABLED=YES                        # set to NO if you don't want to use Dynamic DNS update
DDNS_USERNAME=johndoe
DDNS_PASSWORD='secretpassword'
DDNS_SUFFIX=dyndns.info

SSHD_PORT=333

## SSH public keys:
#
SSH_KEYS=$(getpublickey)
# SSH_KEYS="ssh-rsa Iw8tVmqnawCGkFlvSyZB........Jnp== youremail@domain.com Comment: \"youemail@domain.com\""
#
# note: if you didn't add your public key to AWS Key Pair when creating the EC2 instance, you'll HAVE to
#       set the SSH_KEYS on the line above manually, otherwise you'll be locked out of your newly created
#       instances.


#-----------------------------------------------------------------------------------------------------
#-- YOU DON'T NEED TO EDIT ANYTHING BELOW THIS LINE, UNLESS YOU WANT TO DO SPECIFIC CUSTOMIZATIONS TO:
#--    - packages being installed
#--    - users to be added/deleted
#--    - ssh_keys to be added to ~/.ssh/authorized_keys
#--    - sshd default Port
#--    - hostname and FQDN updates
#--    - disable motd
#--    - customize DynDNS
#--    - customize pre-configured .profile and /etc/profile
#--


#-- packages to install
#
apt-get -y update
apt-get -y upgrade
if  [ $DDNS_ENABLED = YES ];
then
    apt-get -y install ddclient     # if you want to automatically update IP addresses
fi

#-- user customizations:
#     . add your customized user
#     . delete default 'ubuntu' user
#     . add SSH Key, with proper permissions
#     . add new user to sudoers
#
useradd -p '*' -m -s '/bin/bash' $NEW_USERNAME
adduser --quiet $NEW_USERNAME sudo
adduser --quiet $NEW_USERNAME adm
adduser --quiet $NEW_USERNAME admin
deluser --quiet ubuntu
mkdir /home/$NEW_USERNAME/.ssh
echo "$SSH_KEYS" > /home/$NEW_USERNAME/.ssh/authorized_keys
chmod 0700 /home/$NEW_USERNAME/.ssh
chmod 0600 /home/$NEW_USERNAME/.ssh/authorized_keys
chown $NEW_USERNAME.$NEW_USERNAME /home/$NEW_USERNAME/.ssh
chown $NEW_USERNAME.$NEW_USERNAME /home/$NEW_USERNAME/.ssh/authorized_keys

#-- sudoersr
sed -i "s/^ubuntu/$NEW_USERNAME/g" /etc/sudoers.d/*


#-- sshd daemon: move sshd to a non-standard port number. This reduces dramatically
#   the number of spam bots hitting your server
#
sed -i "s/^Port 22/Port $SSHD_PORT/" /etc/ssh/sshd_config


#-- hostname & FQDN: adjust server hostname and add FQDN to /etc/hosts
#
cat <<EOF > /etc/network/if-up.d/updhosts
#!/bin/bash
MY_DOMAIN=$DOMAIN
MY_HOSTNAME=$HOSTNAME
PUBLIC_IPV4=\`/usr/bin/curl -s http://169.254.169.254/latest/meta-data/public-ipv4\`

#-- add HOSTNAME
echo "\$MY_HOSTNAME" >/etc/hostname

#-- add FQDN to hosts file (or replace the line, if it already exists)
if grep -qs "\$MY_HOSTNAME.\$MY_DOMAIN" /etc/hosts
then
        sed -i "s/.*\$MY_HOSTNAME.\$MY_DOMAIN.*/\$PUBLIC_IPV4 \$MY_HOSTNAME.\$MY_DOMAIN \$MY_HOSTNAME/g" /etc/hosts
else
        echo "\$PUBLIC_IPV4 \$MY_HOSTNAME.\$MY_DOMAIN \$MY_HOSTNAME" >> /etc/hosts
fi
service hostname restart > /dev/null 2>&1
echo "updhosts last updated: \`date\`" > /tmp/updhosts.pid
EOF

#-- adjust ownership & permissions
chown root.root /etc/network/if-up.d/updhosts
chmod 0755 /etc/network/if-up.d/updhosts


#-- motd: disable all useless info that Canonical folks added by default to login.
#
touch /home/$NEW_USERNAME/.hushlogin
chown $NEW_USERNAME.$NEW_USERNAME /home/$NEW_USERNAME/.hushlogin


#-- DDNS - Add this EC2 instance to your DynamicDNS service
#
#   Please note that the host MUST ALREADY EXIST before you try to update. That's pitty, but DynDNS does not support
#   automatic creation of hosts via REST/API (in fact they do, but only with the DynDNS Managed Servers,
#   which cost $30/month)
#
#   I'm using the following convention: ROOTDOMAIN-HOSTNAME.$DDNS_SUFFIX. For example:
#       domain-host1.dyndns.info        (hostname = host1)
#       domain-host2.dyndns.info        (hostname = host2)
#       domain-host3.dyndns.info        (hostname = host3)
#       ...
#
if  [ $DDNS_ENABLED = YES ];
then

    ROOT_DOMAIN=`echo $DOMAIN | cut -f1 -d'.'`
    cat <<EOF > /etc/ddclient.conf
#
# /etc/ddclient.conf

#-- daemon config
#
daemon=300
syslog=yes
ssl=yes
mail-failure=root
pid=/var/run/ddclient.pid
cache=/tmp/ddclient.cache

#-- service being used - DynDNS2
#
protocol=dyndns2
server=members.dyndns.org
use=web, web=checkip.dyndns.com, web-skip='IP Address'
## this will determine IP via DynDNS' CheckIP server (will get ext IP from EC2)

#-- DynDNS credentials
#
login=$DDNS_USERNAME
password='$DDNS_PASSWORD'

#-- add wildcard CNAME?
wildcard=YES

#-- Dynamic DNS hostname(s) go here
#
$ROOT_DOMAIN-$HOSTNAME.$DDNS_SUFFIX
EOF

    # start ddclient daemon, and add to runlevel 2
    service ddclient start > /dev/null 2>&1
    ln -s /etc/init.d/ddclient /etc/rc2.d/S50ddclient

fi


#-- Shell customizations: .profile, /etc/profile
#
#   This is highly personal. Change as you see fit. I like to auto-start a GNU Screen (if one isn't running already).
#   I'm also picky with aliases, usage of UP/DOWN arrow keys to backtrack previous shell history and so on.
#
#
cat <<EOF >> /home/$NEW_USERNAME/.profile

# automatically starts GNU/Screen:
#
if [ -z "\$STY" ]; then
        # we're not running yet (on this shell). Let's re-attach (or create)...
        screen -xR mySession

else
        # we're within screen already, so just adjust the prompt (so the hardstatusline can
        # show the running command properly)
        export PS1=\'\[\033k\033\\\]\u@\h:\w\$ \' # set command prompt for screen

fi
EOF

cat <<EOF >> /etc/profile

# Personal customizations
umask 022
alias dir='ls -la'
alias bin='cd /usr/local/bin'
alias www='cd /www'
alias log='cd /var/log'

bind '"\e[A": history-search-backward'
bind '"\e[B": history-search-forward'

export EDITOR=pico
export PATH="\$PATH:.:"
EOF


#-- All done. Time to restart sshd (so the new port can be used), ddclient
#
service ssh restart > /dev/null 2>&1
/etc/network/if-up.d/updhosts           # set hostname

echo "cloud-init script finished at: `date`" >> /tmp/cloudinit.pid
	#!/bin/bash

	function getpublickey()
	{
	x=$(curl -fs http://169.254.169.254/latest/meta-data/public-keys/)
	if [ $? -eq 0 ]; then
	for i in $x; do
	index=$(echo $i\|cut -d = -f 1)
	format=$(curl -s http://169.254.169.254/latest/meta-data/public-keys/$index/)
	echo $(curl -s http://169.254.169.254/latest/meta-data/public-keys/$index/$format)
	done
	else
	echo "SSH Key not available"
	fi
	}

	#-----------------------------------------------------------------------------------------------------
	#-- ADJUST THESE!
	#
	HOSTNAME=newhostname
	DOMAIN=domain.com
	NEW_USERNAME=johndoe

	DDNS_ENABLED=YES # set to NO if you don't want to use Dynamic DNS update
	DDNS_USERNAME=johndoe
	DDNS_PASSWORD='secretpassword'
	DDNS_SUFFIX=dyndns.info

	SSHD_PORT=333

	## SSH public keys:
	#
	SSH_KEYS=$(getpublickey)
	# SSH_KEYS="ssh-rsa Iw8tVmqnawCGkFlvSyZB........Jnp== youremail@domain.com Comment: \"youemail@domain.com\""
	#
	# note: if you didn't add your public key to AWS Key Pair when creating the EC2 instance, you'll HAVE to
	# set the SSH_KEYS on the line above manually, otherwise you'll be locked out of your newly created
	# instances.


	#-----------------------------------------------------------------------------------------------------
	#-- YOU DON'T NEED TO EDIT ANYTHING BELOW THIS LINE, UNLESS YOU WANT TO DO SPECIFIC CUSTOMIZATIONS TO:
	#-- - packages being installed
	#-- - users to be added/deleted
	#-- - ssh_keys to be added to ~/.ssh/authorized_keys
	#-- - sshd default Port
	#-- - hostname and FQDN updates
	#-- - disable motd
	#-- - customize DynDNS
	#-- - customize pre-configured .profile and /etc/profile
	#--


	#-- packages to install
	#
	apt-get -y update
	apt-get -y upgrade
	if [ $DDNS_ENABLED = YES ];
	then
	apt-get -y install ddclient # if you want to automatically update IP addresses
	fi

	#-- user customizations:
	# . add your customized user
	# . delete default 'ubuntu' user
	# . add SSH Key, with proper permissions
	# . add new user to sudoers
	#
	useradd -p '*' -m -s '/bin/bash' $NEW_USERNAME
	adduser --quiet $NEW_USERNAME sudo
	adduser --quiet $NEW_USERNAME adm
	adduser --quiet $NEW_USERNAME admin
	deluser --quiet ubuntu
	mkdir /home/$NEW_USERNAME/.ssh
	echo "$SSH_KEYS" > /home/$NEW_USERNAME/.ssh/authorized_keys
	chmod 0700 /home/$NEW_USERNAME/.ssh
	chmod 0600 /home/$NEW_USERNAME/.ssh/authorized_keys
	chown $NEW_USERNAME.$NEW_USERNAME /home/$NEW_USERNAME/.ssh
	chown $NEW_USERNAME.$NEW_USERNAME /home/$NEW_USERNAME/.ssh/authorized_keys

	#-- sudoersr
	sed -i "s/^ubuntu/$NEW_USERNAME/g" /etc/sudoers.d/*


	#-- sshd daemon: move sshd to a non-standard port number. This reduces dramatically
	# the number of spam bots hitting your server
	#
	sed -i "s/^Port 22/Port $SSHD_PORT/" /etc/ssh/sshd_config


	#-- hostname & FQDN: adjust server hostname and add FQDN to /etc/hosts
	#
	cat <<EOF > /etc/network/if-up.d/updhosts
	#!/bin/bash
	MY_DOMAIN=$DOMAIN
	MY_HOSTNAME=$HOSTNAME
	PUBLIC_IPV4=\`/usr/bin/curl -s http://169.254.169.254/latest/meta-data/public-ipv4\`

	#-- add HOSTNAME
	echo "\$MY_HOSTNAME" >/etc/hostname

	#-- add FQDN to hosts file (or replace the line, if it already exists)
	if grep -qs "\$MY_HOSTNAME.\$MY_DOMAIN" /etc/hosts
	then
	sed -i "s/.\$MY_HOSTNAME.\$MY_DOMAIN./\$PUBLIC_IPV4 \$MY_HOSTNAME.\$MY_DOMAIN \$MY_HOSTNAME/g" /etc/hosts
	else
	echo "\$PUBLIC_IPV4 \$MY_HOSTNAME.\$MY_DOMAIN \$MY_HOSTNAME" >> /etc/hosts
	fi
	service hostname restart > /dev/null 2>&1
	echo "updhosts last updated: \`date\`" > /tmp/updhosts.pid
	EOF

	#-- adjust ownership & permissions
	chown root.root /etc/network/if-up.d/updhosts
	chmod 0755 /etc/network/if-up.d/updhosts


	#-- motd: disable all useless info that Canonical folks added by default to login.
	#
	touch /home/$NEW_USERNAME/.hushlogin
	chown $NEW_USERNAME.$NEW_USERNAME /home/$NEW_USERNAME/.hushlogin


	#-- DDNS - Add this EC2 instance to your DynamicDNS service
	#
	# Please note that the host MUST ALREADY EXIST before you try to update. That's pitty, but DynDNS does not support
	# automatic creation of hosts via REST/API (in fact they do, but only with the DynDNS Managed Servers,
	# which cost $30/month)
	#
	# I'm using the following convention: ROOTDOMAIN-HOSTNAME.$DDNS_SUFFIX. For example:
	# domain-host1.dyndns.info (hostname = host1)
	# domain-host2.dyndns.info (hostname = host2)
	# domain-host3.dyndns.info (hostname = host3)
	# ...
	#
	if [ $DDNS_ENABLED = YES ];
	then

	ROOT_DOMAIN=`echo $DOMAIN \| cut -f1 -d'.'`
	cat <<EOF > /etc/ddclient.conf
	#
	# /etc/ddclient.conf

	#-- daemon config
	#
	daemon=300
	syslog=yes
	ssl=yes
	mail-failure=root
	pid=/var/run/ddclient.pid
	cache=/tmp/ddclient.cache

	#-- service being used - DynDNS2
	#
	protocol=dyndns2
	server=members.dyndns.org
	use=web, web=checkip.dyndns.com, web-skip='IP Address'
	## this will determine IP via DynDNS' CheckIP server (will get ext IP from EC2)

	#-- DynDNS credentials
	#
	login=$DDNS_USERNAME
	password='$DDNS_PASSWORD'

	#-- add wildcard CNAME?
	wildcard=YES

	#-- Dynamic DNS hostname(s) go here
	#
	$ROOT_DOMAIN-$HOSTNAME.$DDNS_SUFFIX
	EOF

	# start ddclient daemon, and add to runlevel 2
	service ddclient start > /dev/null 2>&1
	ln -s /etc/init.d/ddclient /etc/rc2.d/S50ddclient

	fi


	#-- Shell customizations: .profile, /etc/profile
	#
	# This is highly personal. Change as you see fit. I like to auto-start a GNU Screen (if one isn't running already).
	# I'm also picky with aliases, usage of UP/DOWN arrow keys to backtrack previous shell history and so on.
	#
	#
	cat <<EOF >> /home/$NEW_USERNAME/.profile

	# automatically starts GNU/Screen:
	#
	if [ -z "\$STY" ]; then
	# we're not running yet (on this shell). Let's re-attach (or create)...
	screen -xR mySession

	else
	# we're within screen already, so just adjust the prompt (so the hardstatusline can
	# show the running command properly)
	export PS1=\'\[\033k\033\\\]\u@\h:\w\$ \' # set command prompt for screen

	fi
	EOF

	cat <<EOF >> /etc/profile

	# Personal customizations
	umask 022
	alias dir='ls -la'
	alias bin='cd /usr/local/bin'
	alias www='cd /www'
	alias log='cd /var/log'

	bind '"\e[A": history-search-backward'
	bind '"\e[B": history-search-forward'

	export EDITOR=pico
	export PATH="\$PATH:.:"
	EOF


	#-- All done. Time to restart sshd (so the new port can be used), ddclient
	#
	service ssh restart > /dev/null 2>&1
	/etc/network/if-up.d/updhosts # set hostname

	echo "cloud-init script finished at: `date`" >> /tmp/cloudinit.pid