#cloud-config
users:
  - name: hjalmarlucius
    groups: users, admin
    sudo: ALL=(ALL) NOPASSWD:ALL
    shell: /bin/bash
    ssh_authorized_keys:
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMt+rmsUGSao+9nS00dX58jopjRGF8Y/5C+WmIFhxwGd bakken.henrik@gmail.com
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILiHxlR5soqCOB9DTB71zttN08nHI6oTPUfQl/VleBNu bakken.henrik@gmail.com
packages:
  - fail2ban
  - ufw
  - ranger
  - neovim
  - wireguard
  - rpcbind
  - sshfs
  - containernetworking-plugins
  # runc requirements
  - make
  - gcc
  - linux-libc-dev
  - libseccomp-dev
  - pkg-config
  - git
  # runc requirements end
package_update: true
package_upgrade: true
runcmd:
  - printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local
  - systemctl enable fail2ban
  - ufw allow 7097
  - ufw allow 2222
  - ufw allow 51820/udp
  - ufw allow in on hjarl
  - ufw enable
  - sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
  - sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
  - sed -i -e '/^\(#\|\)Port/s/^.*$/Port 7097/' /etc/ssh/sshd_config
  - sed -i '$a AllowUsers hjalmarlucius' /etc/ssh/sshd_config
  - sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
  - echo "HISTFILE=~/.histfile\nHISTSIZE=100000\nSAVEHIST=100000\nbindkey -v\n\n# compinstall\nzstyle ':completion:*' menu select\nzstyle :compinstall filename '/home/hjalmarlucius/.zshrc'\nautoload -Uz compinit\ncompinit\n\n# oh-my-zsh\nexport ZSH='$HOME/.oh-my-zsh'\nZSH_THEME='robbyrussell'\nplugins=(git)\nsource $ZSH/oh-my-zsh.sh" > /home/hjalmarlucius/.zshrc
  # required for flannel
  - sudo sh -c 'echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf'
  # allow sshfs
  - sudo sed -i -e 's/#user_allow_other/user_allow_other/' /etc/fuse.conf
  - mkdir /home/hjalmarlucius/state
  - mkdir -p /home/hjalmarlucius/.local/bin
  - reboot
# k8s install instruction
# sshfs -p 7097 mothership.hjarl.com:/home/hjalmarlucius/src/hjarl/state ~/state -o allow_root
# cd state
# add peers to /etc/hosts
# sudo python3 k8s.py install_reqs arm64 False
# sudo python3 k8s.py make_controller . helsinki-1 False arm64
# sudo python3 k8s.py make_controlplane . helsinki-1 arm64
# sudo python3 k8s.py make_worker . helsinki-1 arm64