franzwong · September 16, 2024 08:26
diff --git a/user-data.tmpl.yml b/user-data.tmpl.yml
 #cloud-config
 users:
  - name: root
    shell: /bin/bash
    sudo: "ALL=(ALL) NOPASSWD:ALL"
    primary_group: root
    groups: sudo
    lock_passwd: true
  - name: foo
    shell: /bin/bash
    sudo: "ALL=(ALL) NOPASSWD:ALL"
    primary_group: bar
    groups: sudo
    lock_passwd: true
    ssh_authorized_keys:
      - "SSH_AUTHORIZED_KEYS"

 groups:
  - root
  - bar

 output:
  all: ">> /var/log/cloud-init-output.log"

 write_files:
  - path: /root/.inputrc
    owner: 'root:root'
    permissions: '0644'
    content: |
      "\e[A": history-search-backward
      "\e[B": history-search-forward
  # Cannot use .mount because the mount point name is duplicated with 'mnt-shared.mount'
  - path: /etc/systemd/system/bindfs_mnt_shared.service
    owner: 'root:root'
    permissions: '0644'
    content: |
      [Unit]
      Description=Map uid and gid of /mnt/shared with bindfs
      Requires=mnt-shared.mount

      [Service]
      Type=forking
      ExecStart=bindfs --map=501/1000:@20/@1000 /mnt/shared /mnt/shared

      [Install]
      WantedBy=multi-user.target

 yum_repos:
  epel:
    name: Extra Packages for Enterprise Linux 9 - aarch64
    baseurl: http://download.fedoraproject.org/pub/epel/9/Everything/aarch64/
    enabled: true
    failovermethod: priority
    gpgcheck: true
    gpgkey: http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9
  docker-ce:
    name: Docker CE Stable - aarch64
    baseurl: https://download.docker.com/linux/rhel/9/aarch64/stable
    enabled: true
    gpgcheck: true
    gpgkey: https://download.docker.com/linux/rhel/gpg

 package_update: true

 packages:
  - ufw
  - bindfs
  - docker-ce
  - docker-ce-cli
  - containerd.io
  - docker-compose-plugin
  - python3.12
  - sysstat
  - net-tools
  - bcc-tools
  - ca-certificates
  - fuse
  - curl
  - jq
  - bc
  - kernel
  - kernel-devel

 runcmd:
  - groupmod -g 1000 bar
  # # Set up firewall
  - ufw default deny incoming
  - ufw default allow outgoing
  - ufw allow 22/tcp
  - ufw enable
  # Set up ssh
  - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
  - sed -i -e '$aAllowUsers foo' /etc/ssh/sshd_config
  - systemctl restart sshd
  # # Set up docker
  - systemctl --now enable docker
  - usermod -aG docker foo
  # Set up command history
  - cp /root/.inputrc /home/foo/.inputrc
  - chown foo:bar /home/foo/.inputrc
	#cloud-config
	users:
	- name: root
	shell: /bin/bash
	sudo: "ALL=(ALL) NOPASSWD:ALL"
	primary_group: root
	groups: sudo
	lock_passwd: true
	- name: foo
	shell: /bin/bash
	sudo: "ALL=(ALL) NOPASSWD:ALL"
	primary_group: bar
	groups: sudo
	lock_passwd: true
	ssh_authorized_keys:
	- "SSH_AUTHORIZED_KEYS"

	groups:
	- root
	- bar

	output:
	all: ">> /var/log/cloud-init-output.log"

	write_files:
	- path: /root/.inputrc
	owner: 'root:root'
	permissions: '0644'
	content: \|
	"\e[A": history-search-backward
	"\e[B": history-search-forward
	# Cannot use .mount because the mount point name is duplicated with 'mnt-shared.mount'
	- path: /etc/systemd/system/bindfs_mnt_shared.service
	owner: 'root:root'
	permissions: '0644'
	content: \|
	[Unit]
	Description=Map uid and gid of /mnt/shared with bindfs
	Requires=mnt-shared.mount

	[Service]
	Type=forking
	ExecStart=bindfs --map=501/1000:@20/@1000 /mnt/shared /mnt/shared

	[Install]
	WantedBy=multi-user.target

	yum_repos:
	epel:
	name: Extra Packages for Enterprise Linux 9 - aarch64
	baseurl: http://download.fedoraproject.org/pub/epel/9/Everything/aarch64/
	enabled: true
	failovermethod: priority
	gpgcheck: true
	gpgkey: http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9
	docker-ce:
	name: Docker CE Stable - aarch64
	baseurl: https://download.docker.com/linux/rhel/9/aarch64/stable
	enabled: true
	gpgcheck: true
	gpgkey: https://download.docker.com/linux/rhel/gpg

	package_update: true

	packages:
	- ufw
	- bindfs
	- docker-ce
	- docker-ce-cli
	- containerd.io
	- docker-compose-plugin
	- python3.12
	- sysstat
	- net-tools
	- bcc-tools
	- ca-certificates
	- fuse
	- curl
	- jq
	- bc
	- kernel
	- kernel-devel

	runcmd:
	- groupmod -g 1000 bar
	# # Set up firewall
	- ufw default deny incoming
	- ufw default allow outgoing
	- ufw allow 22/tcp
	- ufw enable
	# Set up ssh
	- sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
	- sed -i -e '$aAllowUsers foo' /etc/ssh/sshd_config
	- systemctl restart sshd
	# # Set up docker
	- systemctl --now enable docker
	- usermod -aG docker foo
	# Set up command history
	- cp /root/.inputrc /home/foo/.inputrc
	- chown foo:bar /home/foo/.inputrc