Fix cloud init script

provisioning/cloud-init.yaml

@@ -4,17 +4,17 @@ package_upgrade: true
 package_reboot_if_required: true
 
 users:
-- name: ${username}
-  groups: [ sudo ]
-  shell: /usr/bin/zsh
-  hashed_passwd: ${user_hashed_password}
-  lock_passwd: false
-  ssh_authorized_keys:
-  %{ for key in user_ssh_public_keys ~}
-    - ${key}
-  %{ endfor ~}
-- name: git
-  lock_passwd: true
+  - name: ${username}
+    groups: [sudo]
+    shell: /usr/bin/zsh
+    hashed_passwd: ${user_hashed_password}
+    lock_passwd: false
+    ssh_authorized_keys:
+%{ for key in user_ssh_public_keys ~}
+      - ${key}
+%{ endfor ~}
+  - name: git
+    lock_passwd: true
 
 packages:
   - apt-transport-https
@@ -34,18 +34,18 @@ write_files:
   - content: |
       #!/bin/sh
       GITEA_POD=$(kubectl --kubeconfig /home/git/.kube/config get po -n gitea -l app=gitea -o name --no-headers=true | cut -d'/' -f2)
-      kubectl --kubeconfig /home/git/.kube/config exec -i -n gitea $GITEA_POD -c gitea -- env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" /bin/sh "$@"      
+      kubectl --kubeconfig /home/git/.kube/config exec -i -n gitea $GITEA_POD -c gitea -- env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" /bin/sh "$@"
     path: /usr/local/bin/gitea-shell
-    permissions: '0755'
+    permissions: "0755"
   - content: |
       #!/bin/sh
       GITEA_POD=$(kubectl --kubeconfig /home/git/.kube/config get po -n gitea -l app=gitea -o name --no-headers=true | cut -d'/' -f2)
-      kubectl --kubeconfig /home/git/.kube/config exec -i -n gitea $GITEA_POD -c gitea -- /usr/local/bin/gitea keys -e git -u $1 -t $2 -k $3      
-    permissions: '0755'
+      kubectl --kubeconfig /home/git/.kube/config exec -i -n gitea $GITEA_POD -c gitea -- /usr/local/bin/gitea keys -e git -u $1 -t $2 -k $3
+    permissions: "0755"
     path: /usr/local/bin/gitea-keys
 
 ssh:
-  emit_keys_to_console: false
+  emit_keys_to_console: true
 ssh_pwauth: false
 disable_root: true
 
@@ -77,7 +77,13 @@ runcmd:
   - chown -R ${username}:${username} /home/${username}/.kube
   - chmod 600 /home/${username}/.kube/config
   # Dotfiles
-  - su ${username} -c 'curl https://raw.githubusercontent.com/LordMathis/dotfiles/main/install.sh | /usr/bin/zsh -s -- server'
+  - |
+    su ${username} -c '
+    cd /home/${username}
+    curl -fsSL https://raw.githubusercontent.com/LordMathis/dotfiles/main/install.sh > /tmp/install_dotfiles.sh
+    chmod +x /tmp/install_dotfiles.sh
+    /tmp/install_dotfiles.sh server
+    '
   # Helm
   - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
   - chmod 700 get_helm.sh
@@ -87,10 +93,9 @@ runcmd:
   - mv kustomize /usr/local/bin/
   - chmod +x /usr/local/bin/kustomize
   # Sops
-  - curl -LO https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64
-  - mv sops-v3.9.0.linux.amd64 /usr/local/bin/sops
+  - curl -LO https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.2.linux.amd64
+  - mv sops-v3.9.2.linux.amd64 /usr/local/bin/sops
   - chmod +x /usr/local/bin/sops
-  # Install and bootstrap Flux
+  # Install and Flux
   - curl -s https://fluxcd.io/install.sh | bash
-  - su ${username} -c 'export GITHUB_TOKEN=${github_token} && flux bootstrap github --owner=${github_username} --repository=${github_repo} --path=clusters/prod --personal'
-final_message: "The system is finally up, after $UPTIME seconds"
+final_message: "The system is finally up, after $UPTIME seconds"

provisioning/secrets.enc.yaml

@@ -1,10 +1,10 @@
-username: ENC[AES256_GCM,data:qJXed8c=,iv:dGFC8UnSfWCTFgyNmksaKVSBkSpimhbR5yRVXi2nQow=,tag:PB/5INPqD/PiOScixN1doQ==,type:str]
-user_hashed_password: ENC[AES256_GCM,data:hbxVZ8/YXLmz0p8umwX3IUy5IFfb3VPai3JjrLzE8Jj7QHWcYj8IhjzanCWRCSKWdoQi+9RgbrxMBTkXjs+4OYl/krBOhSNTTR8kZASSoaUQRBuY655aLoCAHRD+3v1/4Wu61JeNik9u6Q==,iv:vo7++SuaSCZo9jIgkZ9Tze57yeri0qtFfgdEsLDQxCU=,tag:R7hP2rfbhpR4VwbvnclMBA==,type:str]
-user_ssh_public_keys: ENC[AES256_GCM,data:6LZ/9n61otgYXyFJL6OIoiazYyltt4OHM8oO3yaFmuYI/P22JsayGXSM2TVK5RUXUZrhxVOnFt23AkhfbmD62PgF0PoIQPmNxkPAOnsrj/lTcNiwBOyl/N15xtSungdOtP21o2k8Fbdh+LOCj7VWcZx3kibDqiBtxAAeR8Dchx+dIoSsR6li0/JcTCbbbA5Da09zsNJQJMXGo1gCyzUDyT7HLre+DEmHZ5MAaeCHQ9wGvNLsHngP5AEDM/uBEDhJap4/pQ==,iv:vpq6a6BG8t+KI5bmwKm0uMtWhNnUmpMif2oon1+OpxE=,tag:Nx15fkrg0X5RNufaJ7golQ==,type:str]
-domain_name: ENC[AES256_GCM,data:nBo6h6tt3T2H,iv:+JKlfTBwapwJRVo3tp/LExRbNDj1qeURUXeFhR1fcE4=,tag:Pq4jpAMNeDUze8RA1NkoJg==,type:str]
-github_username: ENC[AES256_GCM,data:n0Ny1oQ9zj5vug==,iv:rLytoaTItOqKo55Da82lMyxPt20bPMly840Ks7R5Yh4=,tag:ws5xNltx331xTDeQKpKDHA==,type:str]
-github_repo: ENC[AES256_GCM,data:SpkdFGSgCwpRJOc=,iv:hbuqxj1aCdHC93l7TlB1vGJiZnww0/LD6eQ0qXq/4po=,tag:r6rJ/YKrFmDZGlPKmKXk6w==,type:str]
-github_token: ENC[AES256_GCM,data:X8BsxGukFwfOVdCQQvvWxbIIctwDrZvLGs3+qiUrS4lJkLwpAvYPlw==,iv:XrRGAGEh7YmCyxess/1Yqqc8jQGgSkp2js8+HzLakTc=,tag:ARwToRhx+iyJAQnajbWCfg==,type:str]
+username: ENC[AES256_GCM,data:xoigb84=,iv:rZMb7IAITp2PQkTzn91sjjEpy+NnGlT5R6qEGZ7XtLk=,tag:e/3I0w4PTTpu0xw37fQC/g==,type:str]
+user_hashed_password: ENC[AES256_GCM,data:59Kht3ENNeOV0WQRIoX426HNihhuuc1RDYM8WF6nWLBXBs0YhQPvBSEGYjJwpO+P5ZiCHbb6w+1NHgSI2h7FmI3k8w8epodUTY5CQyDibG/PKF3IhlkXeWXJ41JDP96IGNWhMMQiVNsIb4DpyFELiu7xC3ggkA==,iv:b/zA+T5ONGv8251ljBER9rIsvpw6eFQOlgWo315VoEI=,tag:u//kZEU/cS2d6K4dIajRuQ==,type:str]
+user_ssh_public_keys: ENC[AES256_GCM,data:uzw2NMc9CiNLyNJyjtlowPWTRRKGB1W2DVzHXxRraIa7zvN8h81bVr+kDuro+0wpzcVKFHB51yJ1ZfHiFmZrNLb4SwUavLPpNIuQIldgrmoyqMC5pWQCtKRTDnWTOn2370OIj6zpXZejUH/58XdXqBGVLaDz+8D7lk5u2eajDw98A6apOYWyC+R7LGO5nvTelEXndQ7mnz2+5k9Fq/AzbuzaE2l0o7fz5H3Ph+DhVSV4aVxkd0D/10lV8GBBEyMo,iv:8DyDxn+ocAi2rZHYEqGFI9U0Ftmp+4KZl84zvHjfpAU=,tag:vRpA2scqweJRnclXs9/3eg==,type:str]
+domain_name: ENC[AES256_GCM,data:TSNuG6PTDWwY,iv:hphsK1t/Ma8ZqHxkU29FXpXCp+vcLmZVb9DUhe+W4hM=,tag:bRfGvtqdYhY2txLzyMYZtw==,type:str]
+github_username: ENC[AES256_GCM,data:Wym1wOWdzS89kQ==,iv:LSCMO+D+yYoqJV3CAkYd5oYkFYYyBRT4MVs0kFAAB6s=,tag:T34UFbd1n6x8dil+8UvvRw==,type:str]
+github_repo: ENC[AES256_GCM,data:AiHlbMJB8QVJie8=,iv:+IbbDHNSA9liSmve5gDZgA5PhKs9MUPl2Brk/aQbSaw=,tag:r+loYZAfjJhZvo7DEGJ+yQ==,type:str]
+github_token: ENC[AES256_GCM,data:YT+No478cc2gt/b6PXoL6HDCfruzo5PtZWQoLr2RLogwYpkAhIHwWQ==,iv:BeKPob0gXdFp9iPrO1hIikL296gMqOMBgPhMLfbIIp0=,tag:cvyTy+6o8ZzMbHKHR8i1BA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,14 +14,14 @@ sops:
         - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBReloyQkVsZDhVclh2N2lj
-            SDRlaHNqdkYxcytBWFNScUdVdTd4ZFZBdHljCkVJMXB2azBqcUFmVWdKR3d6dnR5
-            TEFhZ2lVN3VXM3dmdk9YTGp6djhXem8KLS0tIFBEOExUdFp6NWhvYzVQN1hBcDZz
-            eU1ISWMvdTVMWnYwL2Y0cnRhUjdlbWcKnZJLl5K+SyjQl84rLKaHUWq6N/XbY+yZ
-            Bluc2JTQYZecCZSi+Y6Bt/7TjI8298pmP6MlqhH5lJPUF3vruxXiqw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvSk9xeGtHd25EL0IyTzVn
+            RWhENmhsWHpYZ3NITmpadHBQTmVLVFU4bUVvCk1DTVdoajN1QmVCSUNKbnVoMDhh
+            dnViMWRSdEZOWkhONENaTXVKSTNDTlkKLS0tIHZCNU1MM2ZRRnRwZXA3VWRtUEVi
+            Q2ZBRjRDRG9Ob2RZMk9xN2lpcVpPMGMKKCRXGXxg35M8lLecffyLx5YBFpzdA6ZC
+            G0z5YKT/mkjjG8oL4BktaNGF9xYMeuoDPCfjl7AVfMD0VvrnbVC8bQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-22T17:26:55Z"
-    mac: ENC[AES256_GCM,data:N8hqHkpgV5h3WNbbAlM6wPEQYlvzZx83JPeb+OB1KQkmY/7fMaWH9KgFt0CdrGMyN9LE55lMYkmmmn4clhIR/3h5c3sUMbl2OWBc9ggTTGnWmu3rohrJR5WF+3OXnhD04/e/azjNsBTILRT08Beg+QzgKFAApWgN8kCOk2iTaHU=,iv:dhm/OADE0aAVq8kIU/gc6XOaC6nLpeJSaEiRk+87zrc=,tag:Zqz86ugFIvFPQxzPooFPCA==,type:str]
+    lastmodified: "2024-12-22T21:26:25Z"
+    mac: ENC[AES256_GCM,data:y2Q1Og/kP7bvpgf/rYBjsaPDixdlThcgYkx4WgCuRzrFoVukhk3IePQUXX67ahM9awIHHW8uL+c+DWibRF8gUnYphuZ/l9BlJqNh+wO6Q5HEYNHUUe0Wc12pAo482zJBlIcgKCEUp5qLkoohfNkLN/ki620BHQSutnJaIpJq9cg=,iv:dMPQkb4y8hKFw2OHaeTLaiF014ZXYm/d6k6veug/hvU=,tag:DFQ4o1u2qtE58yKllj2brQ==,type:str]
     pgp: []
     unencrypted_regex: ^(apiVersion|metadata|kind|type)$
     version: 3.9.0