random-stuff/basic_configs/debian-hetzner-init.yaml

66 lines
1.4 KiB
YAML
Raw Normal View History

#cloud-config
# vim: syntax=yaml
2023-09-05 12:44:05 +05:00
users:
2023-09-05 14:17:53 +05:00
- default
2023-09-05 12:44:05 +05:00
- name: ${TARGET_USERNAME}
2023-09-05 14:17:53 +05:00
sudo: ALL=ALL
lock_passwd: true
ssh_authorized_keys:
2023-09-05 12:44:05 +05:00
- ${SSH_PUB_KEY}
disable_root: true
packages:
- ufw
- nginx
- lego
- wireguard
- python-requests
package_update: true
package_upgrade: true
write-files:
- encoding: b64
content: ${WRAPPER_SCRIPT}
owner: root:root
path: /usr/local/bin/ddns-acme-porkbun
permissions: '0744'
- encoding: b64
content: ${DDNS_SCRIPT}
owner: root:root
path: /usr/local/bin/ddns-porkbun
permissions: '0744'
- content: |
[Unit]
Description=Renew acme certs and DDNS update
[Service]
Type=oneshot
ExecStart=/usr/local/bin/ddns-acme-porkbun renew
owner: root:root
path: /etc/systemd/system/ddns-acme-porkbun.service
permissions: '0644'
- content: |
[Unit]
Description=Renew certs and dns records periodically
[Timer]
OnCalendar=*-01,03,05,07,09,11-01 02:00:00
RandomizedDelaySec=12h
Persistent=true
[Install]
WantedBy=timers.target
owner: root:root
path: /usr/local/bin/ddns-acme-porkbun.timer
permissions: '0644'
- encoding: b64
content: ${WG_CONF_BASE}
owner: root:root
path: /etc/wireguard/wg0.conf
permissions: '0600'
- encoding: b64
content: ${NGINX_CONF}
owner: root:root
path: /etc/nginx/nginx.conf
permissions: '0644'