henrik/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f9a270ac3e6c55dccd6085f73092b1ec62be1c3a
dotfiles/hetzner.cfg
T
Henrik Bakken cd15a97f00 hetzner polish
2025-09-03 14:23:55 +02:00

61 lines
2.5 KiB
INI
Raw Blame History

#cloud-config
users:
- name: hjalmarlucius
groups: users, admin
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMt+rmsUGSao+9nS00dX58jopjRGF8Y/5C+WmIFhxwGd bakken.henrik@gmail.com
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILiHxlR5soqCOB9DTB71zttN08nHI6oTPUfQl/VleBNu bakken.henrik@gmail.com
packages:
- fail2ban
- ufw
- ranger
- neovim
- wireguard
- rpcbind
- sshfs
- containernetworking-plugins
# runc requirements
- make
- gcc
- linux-libc-dev
- libseccomp-dev
- pkg-config
- git
# runc requirements end
package_update: true
package_upgrade: true
runcmd:
- printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local
- systemctl enable fail2ban
- ufw allow 7097
- ufw allow 2222
- ufw allow 51820/udp
- ufw allow in on hjarl
- ufw enable
- sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)Port/s/^.*$/Port 7097/' /etc/ssh/sshd_config
- sed -i '$a AllowUsers hjalmarlucius' /etc/ssh/sshd_config
- sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
- echo "HISTFILE=~/.histfile\nHISTSIZE=100000\nSAVEHIST=100000\nbindkey -v\n\n# compinstall\nzstyle ':completion:*' menu select\nzstyle :compinstall filename '/home/hjalmarlucius/.zshrc'\nautoload -Uz compinit\ncompinit\n\n# oh-my-zsh\nexport ZSH='$HOME/.oh-my-zsh'\nZSH_THEME='robbyrussell'\nplugins=(git)\nsource $ZSH/oh-my-zsh.sh" > /home/hjalmarlucius/.zshrc
# required for flannel
- sudo sh -c 'echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf'
# allow sshfs
- sudo sed -i -e 's/#user_allow_other/user_allow_other/' /etc/fuse.conf
# make dirs
- mkdir /home/hjalmarlucius/state
- sudo chown -R hjalmarlucius:hjalmarlucius /home/hjalmarlucius/state
- mkdir -p /home/hjalmarlucius/.local/bin
sudo chown -R hjalmarlucius:hjalmarlucius /home/hjalmarlucius/.local
- reboot
# k8s install instruction
# sshfs -p 7097 mothership.hjarl.com:/home/hjalmarlucius/src/hjarl/system ~/state -o allow_root
# cd state
# add peers to /etc/hosts
# sudo python3 k8s.py install_reqs arm64 False
# sudo python3 k8s.py make_controller ./state $(hostname) False arm64
# sudo python3 k8s.py make_controlplane ./state $(hostname) arm64
# sudo python3 k8s.py make_worker ./state $(hostname) arm64
Reference in New Issue View Git Blame Copy Permalink