Mathis/dev-cluster
1
0
Fork 0
mirror of https://github.com/lordmathis/dev-cluster.git synced 2025-12-22 16:44:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
371cce10ba33792a5f46e8e477d56f5647475c2f
dev-cluster/provisioning/cloud-init.yaml
LordMathis 371cce10ba Add velero cli install
2025-01-09 22:07:32 +01:00

113 lines
3.6 KiB
YAML
Raw Blame History

#cloud-config
package_update: true
package_upgrade: true
package_reboot_if_required: true
users:
- name: ${username}
groups: [sudo]
shell: /usr/bin/zsh
hashed_passwd: ${user_hashed_password}
lock_passwd: false
ssh_authorized_keys:
%{ for key in user_ssh_public_keys ~}
- ${key}
%{ endfor ~}
- name: git
lock_passwd: true
packages:
- apt-transport-https
- ca-certificates
- curl
- gnupg2
- git
- zsh
- ufw
- fail2ban
- tmux
- bat
- unzip
- age
write_files:
- content: |
#!/bin/sh
GITEA_POD=$(kubectl --kubeconfig /home/git/.kube/config get po -n gitea -l app=gitea -o name --no-headers=true | cut -d'/' -f2)
kubectl --kubeconfig /home/git/.kube/config exec -i -n gitea $GITEA_POD -c gitea -- env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" /bin/sh "$@"
path: /usr/local/bin/gitea-shell
permissions: "0755"
- content: |
#!/bin/sh
GITEA_POD=$(kubectl --kubeconfig /home/git/.kube/config get po -n gitea -l app=gitea -o name --no-headers=true | cut -d'/' -f2)
kubectl --kubeconfig /home/git/.kube/config exec -i -n gitea $GITEA_POD -c gitea -- /usr/local/bin/gitea keys -e git -u $1 -t $2 -k $3
permissions: "0755"
path: /usr/local/bin/gitea-keys
- content: |
Match User git
AuthorizedKeysCommandUser git
AuthorizedKeysCommand /usr/local/bin/gitea-keys %u %t %k
path: /etc/ssh/sshd_config.d/50-gitea.conf
permissions: "0644"
ssh:
emit_keys_to_console: true
ssh_pwauth: false
disable_root: true
runcmd:
# UFW
- ufw default deny incoming
- ufw default allow outgoing
- ufw allow ssh
- ufw allow http
- ufw allow https
- ufw logging on
- ufw enable
# SSH key for user
- su ${username} -c 'ssh-keygen -t ed25519 -f /home/${username}/.ssh/id_ed25519 -q -N "" '
# SSH Passthrough for user git
- usermod -s /usr/local/bin/gitea-shell git
# k3s
- curl -sfL https://get.k3s.io | sh -s - --disable=traefik
# Wait for k3s to be ready
- timeout 300 bash -c 'until kubectl get nodes; do sleep 5; done'
# Set up kubeconfig for user
- mkdir -p /home/${username}/.kube
- cp /etc/rancher/k3s/k3s.yaml /home/${username}/.kube/config
- chown -R ${username}:${username} /home/${username}/.kube
- chmod 600 /home/${username}/.kube/config
# Set up kubeconfig for git
- mkdir -p /home/git/.kube
- cp /etc/rancher/k3s/k3s.yaml /home/git/.kube/config
- chown -R git:git /home/git/.kube
- chmod 600 /home/git/.kube/config
# Dotfiles
- |
su ${username} -c '
cd /home/${username}
curl -fsSL https://raw.githubusercontent.com/LordMathis/dotfiles/main/install.sh > /tmp/install_dotfiles.sh
chmod +x /tmp/install_dotfiles.sh
/tmp/install_dotfiles.sh server
'
# Helm
- curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
- chmod 700 get_helm.sh
- ./get_helm.sh
# Kustomize
- curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash
- mv kustomize /usr/local/bin/
- chmod +x /usr/local/bin/kustomize
# Sops
- curl -LO https://github.com/getsops/sops/releases/download/v3.9.3/sops-v3.9.3.linux.amd64
- mv sops-v3.9.3.linux.amd64 /usr/local/bin/sops
- chmod +x /usr/local/bin/sops
# Install Flux
- curl -s https://fluxcd.io/install.sh | bash
# Install Velero
- curl -LO https://github.com/vmware-tanzu/velero/releases/download/v1.15.1/velero-v1.15.1-linux-amd64.tar.gz
- tar -xzf velero-v1.15.1-linux-amd64.tar.gz
- mv velero-v1.15.1-linux-amd64/velero /usr/local/bin/
- chmod +x /usr/local/bin/velero
final_message: "The system is finally up, after $UPTIME seconds"
Reference in New Issue View Git Blame Copy Permalink