Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Multi-format Cloud Config File
Content-Type: multipart/mixed; boundary="===============0035287898381899620=="
MIME-Version: 1.0
--===============0035287898381899620==
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
#cloud-config
#groups:
# - mygroup
users:
- name: myid
gecos: "My Name"
shell: /bin/bash
ssh-import-id: [mylaunchpad.netid]
sudo:
- "ALL=(ALL) NOPASSWD:ALL"
apt_update: true
apt_upgrade: true
hostname: MYSERVER
fqdn: MYSERVER.mydomain.net
manage_etc_hosts: true
packages:
- unattended-upgrades
- apticron
- ntp
- landscape-common
- vim
- rsync
- ssmtp
runcmd:
- "locale-gen en_CA.UTF-8"
# final_message written to log when cloud-init processes are finished
final_message: "System boot (via cloud-init) is COMPLETE, after $UPTIME seconds. Finished at $TIMESTAMP"
--===============0035287898381899620==
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="user-script.txt"
#!/bin/bash
# Set variables for replacement
ROOTEMAIL="root@mydomain.com"
UPDATEEMAIL="updateemail@mydomain.com"
MAILHUB="mail.myisp.com"
FQDN=$(hostname --fqdn)
# install additional items here if you have problems with cloud-config
# apt-get install
# Set up outgoing email for SSMTP
echo -e "# Set email address to send root alerts to\nroot=$ROOTEMAIL\n\n# Set mail server to use to send emails\nmailhub=$MAILHUB\n\n# The full hostname\nhostname=$FQDN" > /etc/ssmtp/ssmtp.conf
# Set up Apticron and automatic security updates
echo -e 'APT::Periodic::Update-Package-Lists "1";\nAPT::Periodic::Unattended-Upgrade "1";' >> /etc/apt/apt.conf.d/20auto-upgrades
sed -i 's/\/\/Unattended-Upgrade\:\:Mail \"root\";/Unattended-Upgrade\:\:Mail \"$UPDATEEMAIL\";/g' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's/\/\/Unattended-Upgrade\:\:MailOnlyOnError \"true\";/Unattended-Upgrade::MailOnlyOnError \"true\";/g' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i "s/# CUSTOM_FROM=\"\"/CUSTOM_FROM=\"$FQDN\"/g" /etc/apticron/apticron.conf
# Create new sudoers.d file
#echo "%mygroup ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/mydomain
# Secure SSHD
sed -i "s/#PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config
sed -i '$a \\n# Disable Password Authentication\nPasswordAuthentication no' /etc/ssh/sshd_config
sed -i "s/ServerKeyBits 1024/ServerKeyBits 2048/g" /etc/ssh/sshd_config
sed -i "s/LoginGraceTime 120/LoginGraceTime 60/g" /etc/ssh/sshd_config
sed -i "s/HostKey /etc/ssh/ssh_host_dsa_key/#HostKey /etc/ssh/ssh_host_dsa_key/g" /etc/ssh/sshd_config
sed -i "s/HostKey /etc/ssh/ssh_host_ecdsa_key/#HostKey /etc/ssh/ssh_host_ecdsa_key/g" /etc/ssh/sshd_config
sed -i "s/HostKey /etc/ssh/ssh_host_ed25519_key/#HostKey /etc/ssh/ssh_host_ed25519_key/g" /etc/ssh/sshd_config
service ssh restart
--===============0035287898381899620==--
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.