compose-website/user_data

#cloud-config

ssh_authorized_keys:
  - "PUT YOUR SSH KEY PUBLIC HERE"

write_files:
  - path: /etc/ssh/sshd_config
    permissions: 0600
    owner: root:root
    content: |
      # Use most defaults for sshd configuration.
      UsePrivilegeSeparation sandbox
      Subsystem sftp internal-sftp
      PermitRootLogin no
      AllowUsers core
      PasswordAuthentication no
      ChallengeResponseAuthentication no
  - path: /etc/sysctl.d/libresh.conf
    permissions: 0644
    owner: root
    content: |
      fs.aio-max-nr=1048576
      vm.max_map_count=262144
      vm.overcommit_memory=1
      vm.nr_hugepages=0
  - path: /etc/hosts
    permissions: 0644
    owner: root
    content: |
      127.0.0.1 localhost
      255.255.255.255 broadcasthost
      ::1 localhost
  - path: /etc/environment
    permissions: 0644
    owner: root
    content: |
      NAMECHEAP_URL="namecheap.com"
      NAMECHEAP_API_USER="pierreo"
      NAMECHEAP_API_KEY=
      IP=`curl -s http://icanhazip.com/`
      FirstName="Pierre"
      LastName="Ozoux"
      Address=""
      PostalCode=""
      Country="Portugal"
      Phone="+351.967184553"
      EmailAddress="pierre@ozoux.net"
      City="Lisbon"
      CountryCode="PT"
      BACKUP_DESTINATION=root@xxxxx:port
      MAIL_USER=
      MAIL_PASS=
      MAIL_HOST=mail.indie.host
      MAIL_PORT=587
coreos:
  update:
    reboot-strategy: off
  units:
    - name: systemd-sysctl.service
      command: restart
    - name: swap.service
      enable: true
      command: start
      content: |
        [Unit]
        Description=Turn on swap
        [Service]
        Type=oneshot
        RemainAfterExit=true
        ExecStartPre=-/bin/bash -euxc ' \
          fallocate -l 8192m /swap &&\
          chmod 600 /swap &&\
          mkswap /swap'
        ExecStart=/sbin/swapon /swap
        ExecStop=/sbin/swapoff /swap
        [Install]
        WantedBy=local.target
    - name: install-compose.service
      command: start
      content: |
        [Unit]
        Description=Install Docker Compose
        [Service]
        Type=oneshot
        RemainAfterExit=true
        ExecStart=-/bin/bash -euxc ' \
          mkdir -p /opt/bin &&\
          url=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | jq -r \'.assets[].browser_download_url | select(contains("Linux") and contains("x86_64"))\') &&\
          curl -L $url > /opt/bin/docker-compose &&\
          chmod +x /opt/bin/docker-compose'
    - name: install-libresh.service
      command: start
      content: |
        [Unit]
        Description=Install libre.sh
        [Service]
        Type=oneshot
        RemainAfterExit=true
        ExecStart=-/bin/bash -euxc ' \
          git clone https://github.com/indiehosters/libre.sh.git /libre.sh &&\
          mkdir /{data,system} &&\
          mkdir /data/trash &&\
          cp /libre.sh/unit-files/* /etc/systemd/system && systemctl daemon-reload &&\
          systemctl enable web-net.service &&\
          systemctl start web-net.service &&\
          cp /libre.sh/utils/* /opt/bin/'
better installation steps 2016-11-26 16:31:06 +00:00			`#cloud-config`

Fix typo + sshkey (#151) forget the s a permission + add sskey 2017-08-14 09:30:21 +00:00			`ssh_authorized_keys:`
			`- "PUT YOUR SSH KEY PUBLIC HERE"`

better installation steps 2016-11-26 16:31:06 +00:00			`write_files:`
Stricter sshd config 2017-04-11 14:09:30 +00:00			`- path: /etc/ssh/sshd_config`
			`permissions: 0600`
			`owner: root:root`
			`content: \|`
			`# Use most defaults for sshd configuration.`
			`UsePrivilegeSeparation sandbox`
			`Subsystem sftp internal-sftp`
			`PermitRootLogin no`
			`AllowUsers core`
			`PasswordAuthentication no`
			`ChallengeResponseAuthentication no`
fix elastic complainging 2016-11-26 17:49:21 +00:00			`- path: /etc/sysctl.d/libresh.conf`
better installation steps 2016-11-26 16:31:06 +00:00			`permissions: 0644`
			`owner: root`
fix elastic complainging 2016-11-26 17:49:21 +00:00			`content: \|`
			`fs.aio-max-nr=1048576`
			`vm.max_map_count=262144`
add vm.overcommit_memory=1 (#152) as is recommanded by REDIS # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. 2017-08-21 15:36:40 +00:00			`vm.overcommit_memory=1`
unable to write transparent_hugepage (#157) so the script stop at this line and libre.sh isn't install 2017-09-18 18:48:10 +00:00			`vm.nr_hugepages=0`
better installation steps 2016-11-26 16:31:06 +00:00			`- path: /etc/hosts`
			`permissions: 0644`
			`owner: root`
			`content: \|`
			`127.0.0.1 localhost`
			`255.255.255.255 broadcasthost`
			`::1 localhost`
			`- path: /etc/environment`
Fix typo + sshkey (#151) forget the s a permission + add sskey 2017-08-14 09:30:21 +00:00			`permissions: 0644`
better installation steps 2016-11-26 16:31:06 +00:00			`owner: root`
			`content: \|`
			`NAMECHEAP_URL="namecheap.com"`
			`NAMECHEAP_API_USER="pierreo"`
			`NAMECHEAP_API_KEY=`
			IP=`curl -s http://icanhazip.com/`
			`FirstName="Pierre"`
			`LastName="Ozoux"`
			`Address=""`
			`PostalCode=""`
			`Country="Portugal"`
			`Phone="+351.967184553"`
			`EmailAddress="pierre@ozoux.net"`
			`City="Lisbon"`
			`CountryCode="PT"`
			`BACKUP_DESTINATION=root@xxxxx:port`
			`MAIL_USER=`
			`MAIL_PASS=`
			`MAIL_HOST=mail.indie.host`
			`MAIL_PORT=587`
			`coreos:`
			`update:`
			`reboot-strategy: off`
			`units:`
			`- name: systemd-sysctl.service`
			`command: restart`
			`- name: swap.service`
			`enable: true`
			`command: start`
			`content: \|`
			`[Unit]`
			`Description=Turn on swap`
			`[Service]`
			`Type=oneshot`
			`RemainAfterExit=true`
			`ExecStartPre=-/bin/bash -euxc ' \`
			`fallocate -l 8192m /swap &&\`
			`chmod 600 /swap &&\`
			`mkswap /swap'`
			`ExecStart=/sbin/swapon /swap`
			`ExecStop=/sbin/swapoff /swap`
			`[Install]`
			`WantedBy=local.target`
			`- name: install-compose.service`
			`command: start`
			`content: \|`
			`[Unit]`
			`Description=Install Docker Compose`
			`[Service]`
			`Type=oneshot`
			`RemainAfterExit=true`
			`ExecStart=-/bin/bash -euxc ' \`
			`mkdir -p /opt/bin &&\`
			`url=$(curl -s https://api.github.com/repos/docker/compose/releases/latest \| jq -r \'.assets[].browser_download_url \| select(contains("Linux") and contains("x86_64"))\') &&\`
			`curl -L $url > /opt/bin/docker-compose &&\`
			`chmod +x /opt/bin/docker-compose'`
Move web-net to its own unit file 2016-12-23 07:38:20 +00:00			`- name: install-libresh.service`
better installation steps 2016-11-26 16:31:06 +00:00			`command: start`
			`content: \|`
			`[Unit]`
Move web-net to its own unit file 2016-12-23 07:38:20 +00:00			`Description=Install libre.sh`
better installation steps 2016-11-26 16:31:06 +00:00			`[Service]`
			`Type=oneshot`
			`RemainAfterExit=true`
			`ExecStart=-/bin/bash -euxc ' \`
			`git clone https://github.com/indiehosters/libre.sh.git /libre.sh &&\`
			`mkdir /{data,system} &&\`
			`mkdir /data/trash &&\`
			`cp /libre.sh/unit-files/* /etc/systemd/system && systemctl daemon-reload &&\`
Move web-net to its own unit file 2016-12-23 07:38:20 +00:00			`systemctl enable web-net.service &&\`
			`systemctl start web-net.service &&\`
better installation steps 2016-11-26 16:31:06 +00:00			`cp /libre.sh/utils/* /opt/bin/'`