Last active
March 18, 2018 13:55
-
-
Save zygiss/d598a407122b9be9703caa9135257cf3 to your computer and use it in GitHub Desktop.
FreeBSD post-install script for DigitalOcean droplets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# | |
# Put the URL to this script in your droplet's user-data, fetch & execute. | |
# Or fetch & execute it with `remote-exec` provisioner in Terraform. | |
PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" | |
METADATA_URI="http://169.254.169.254/metadata/v1" | |
logger -t post_install "Starting post-install provisioning" | |
# Correct hostname - cloud-init only sets the short hostname, not FQDN. | |
# There's likely a better way to address this, but it'll do for now. | |
hostname="$(curl -s $METADATA_URI/hostname)" | |
sed -i -e "s/hostname=.*$/hostname=\"$hostname\"/" /etc/rc.conf | |
# FreeBSD images on DigitalOcean provision with SSH enabled for `root` & | |
# `freebsd` users. Lets lock the `root` account, so that logins to it | |
# are impossible. Later our Salt code will disable SSH login for `root` | |
# all together and provision proper users. | |
pw lock root | |
# Use latest packages (default is quarterly) | |
sed -i -e 's/quarterly/latest/' /etc/pkg/FreeBSD.conf | |
# Install zx23 package repo | |
mkdir -p /usr/local/etc/pkg/repos | |
cat <<EOF > /usr/local/etc/pkg/repos/zx23.conf | |
zx23: { | |
url : "http://pkg.zx23.net/\$\{ABI\}/latest", | |
enabled : yes, | |
mirror_type : "http", | |
priority : 10, | |
signature_type: "pubkey", | |
pubkey: "/usr/local/etc/ssl/certs/zx23.cer", | |
} | |
EOF | |
# Install zx23 package signing public key | |
mkdir -p /usr/local/etc/ssl/certs | |
curl -s -o /usr/local/etc/ssl/certs/zx23.cer http://zx23.net/zx23_pkg.cer | |
# Update packages | |
pkg update | |
pkg upgrade -y | |
# Install some packages | |
pkg install -y openvpn py27-salt | |
# Configure Salt minion | |
mkdir -p /usr/local/etc/salt | |
echo $hostname > /usr/local/etc/salt/minion_id | |
cat <<EOF > /usr/local/etc/salt/minion | |
master: salt.zx23.net | |
transport: tcp | |
state_verbose: False | |
state_output: changes | |
log_level: warning | |
grains: | |
zx_env: prod | |
zx_location: do-$(curl -s $METADATA_URI/region) | |
zx_owner: zx23 | |
zx_salt_mode: mastered | |
thin: False | |
EOF | |
# Upgrade to latest patchset | |
env PAGER=cat freebsd-update --not-running-from-cron fetch install | |
logger -t post_install "Completed post-install provisioning" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment