diff --git a/sbcl-nginx.yml b/sbcl-nginx.yml index 23a9d5b..91bcc2e 100644 --- a/sbcl-nginx.yml +++ b/sbcl-nginx.yml @@ -1,7 +1,26 @@ #cloud-config # Make sure to check the cloud-init logs: /var/log/cloud-init.log and /var/log/cloud-init-output.log -# License: MIT # Author: Marcus Kammer +# Tested: Ubuntu 22.04 +# Copyright © 2023 Marcus Kammer + +# Permission is hereby granted, free of charge, to any person obtaining a copy of +# this software and associated documentation files (the “Software”), to deal in +# the Software without restriction, including without limitation the rights to +# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is furnished to do +# so, subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. locale: en_US.UTF-8 keyboard: layout: us @@ -16,8 +35,8 @@ users: shell: /usr/sbin/nologin groups: nginxgroup sudo: null - # Create a new user named 'marcus' - - name: marcus + # Create a new user named 'cl' + - name: cl # Add the user to the 'users' and 'admin' groups groups: users, admin # Allow the user to execute any command with sudo without entering a password @@ -27,6 +46,7 @@ users: # Add the user's public SSH key for key-based authentication ssh_authorized_keys: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+46Y3AHPLJgz8KK61doqH3jBX2TL3TJvZsJrB9Km03 visua@xps-8930 + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB6xSH5nE0uy0C0kglpp4EqrbbW2CrBeAIj+X6Sf2pd0 XPS-8930-Ubuntu_22 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHJ5qpMIKL7N3nC0GG1O4ygtkqOlQuZReoik6xGBxn marcus@XPS-13-9380.local - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB6xSH5nE0uy0C0kglpp4EqrbbW2CrBeAIj+X6Sf2pd0 XPS-8930-Ubuntu_22 @@ -101,7 +121,7 @@ write_files: # Specifies the command to use for the SFTP subsystem Subsystem sftp /usr/lib/openssh/sftp-server # Specifies the user(s) allowed to log in via SSH (in this case, only the user "marcus") - AllowUsers marcus + AllowUsers cl - path: /etc/fail2ban/jail.local content: | @@ -273,14 +293,13 @@ write_files: ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { - root /home/marcus/www/u1/docs/public; + root /home/cl/www/u1/docs/public; index index.html; } } -write_files: - - path: /home/marcus/setup_git.sh - owner: 'marcus:marcus' + - path: /home/cl/setup_git.sh + owner: 'cl:cl' permissions: '0755' defer: True content: | @@ -289,39 +308,132 @@ write_files: git config --global user.name "Marcus Kammer" git config --global init.defaultBranch main - - path: /home/marcus/setup_repos.sh - owner: 'marcus:marcus' + - path: /home/cl/setup_repos.sh + owner: 'cl:cl' permissions: '0755' defer: True content: | #!/bin/bash # Clone the SBCL repository for a specific branch and depth. # Version is equal to the sbcl version available in ubuntu apt-get repo. - git clone --depth 1 --branch sbcl-2.1.11 git://git.code.sf.net/p/sbcl/sbcl /home/marcus/sbcl + git clone --depth 1 --branch sbcl-2.1.11 git://git.code.sf.net/p/sbcl/sbcl /home/cl/sbcl # Clone the SLIME repository for a specific branch and depth - git clone --depth 1 --branch v2.28 https://github.com/slime/slime.git /home/marcus/slime + git clone --depth 1 --branch v2.28 https://github.com/slime/slime.git /home/cl/slime - - path: /home/marcus/setup_quicklisp.sh - owner: 'marcus:marcus' + - path: /home/cl/setup_quicklisp.sh + owner: 'cl:cl' permissions: '0755' defer: True content: | #!/bin/bash # Needs to be run manually, cant be run automatically. # If runs automatically, `quicklisp.lisp' cant be find by sbcl. - curl https://beta.quicklisp.org/quicklisp.lisp -o /home/marcus/quicklisp.lisp && chown marcus:marcus /home/marcus/quicklisp.lisp + curl https://beta.quicklisp.org/quicklisp.lisp -o /home/cl/quicklisp.lisp && chown cl:cl /home/cl/quicklisp.lisp sbcl --load quicklisp.lisp --non-interactive --eval '(quicklisp-quickstart:install)' --quit - curl https://git.sr.ht/~marcuskammer/cloudinit/blob/main/.sbclrc -o /home/marcus/.sbclrc && chown marcus:marcus /home/marcus/.sbclrc - sbcl --non-interactive --eval "(ql:quickload '(:hunchentoot :spinneret :dexador :rove :vecto :woo :clsql-sqlite3))" --quit + curl https://git.sr.ht/~marcuskammer/cloudinit/blob/main/.sbclrc -o /home/cl/.sbclrc && chown cl:cl /home/cl/.sbclrc + sbcl --non-interactive --eval "(ql:quickload '(:hunchentoot :jonathan :spinneret :dexador :rove :vecto :woo :clsql-sqlite3 :mito :bknr.datastore))" --quit - - path: /home/marcus/setup_user_all.sh - owner: 'marcus:marcus' + - path: /home/cl/block_openai.sh + owner: 'cl:cl' permissions: '0755' defer: True content: | #!/bin/bash - /bin/bash /home/marcus/setup_git.sh - /bin/bash /home/marcus/setup_repos.sh + # Purpose: Block OpenAI ChatGPT bot CIDR + # Tested on: Debian and Ubuntu Linux + # Author: Vivek Gite {https://www.cyberciti.biz} under GPL v2.x+ + # ------------------------------------------------------------------ + file="/tmp/out.txt.$$" + wget -q -O "$file" https://openai.com/gptbot-ranges.txt 2>/dev/null + + while IFS= read -r cidr + do + sudo ufw deny proto tcp from $cidr to any port 80 + sudo ufw deny proto tcp from $cidr to any port 443 + done < "$file" + [ -f "$file" ] && rm -f "$file" + + - path: /home/cl/setup_user_all.sh + owner: 'cl:cl' + permissions: '0755' + defer: True + content: | + #!/bin/bash + /bin/bash /home/cl/setup_git.sh + /bin/bash /home/cl/setup_repos.sh + ssh-keygen -t ed25519 -C 'u1.metalisp' -f ~/.ssh/id_ed25519 -N '' + mkdir -p ~/www/u1/docs/ + + - path: /home/cl/.tmux.conf + owner: 'cl:cl' + permissions: '0755' + defer: True + content: | + # Improve colors and set TERM correctly inside tmux + set -g default-terminal "screen-256color" + + # Set prefix key to Ctrl-a, like GNU Screen + unbind C-b + set -g prefix C-a + bind C-a send-prefix + + # Enable mouse support + set -g mouse on + + # Use Alt-arrow keys to switch panes + bind -n M-Left select-pane -L + bind -n M-Right select-pane -R + bind -n M-Up select-pane -U + bind -n M-Down select-pane -D + + # Use Alt+h/j/k/l to resize panes + bind -n M-h resize-pane -L 2 + bind -n M-j resize-pane -D 2 + bind -n M-k resize-pane -U 2 + bind -n M-l resize-pane -R 2 + + # Split panes with | and - + bind | split-window -h + bind - split-window -v + + # Reload tmux config + bind r source-file ~/.tmux.conf + + # Quick pane cycling + unbind ^A + bind ^A select-pane -t :.+ + + # Enable clipboard support on macOS + # Uncomment the line below if you are on macOS and have reattach-to-user-namespace installed + # set-option -g default-command "reattach-to-user-namespace -l $SHELL" + + # Set status bar + set -g status-bg black + set -g status-fg white + set -g status-interval 5 + set -g status-left "#[fg=green]#H" + set -g status-right "#[fg=yellow]#(date '+%Y-%m-%d %H:%M')" + + # Highlight active window in status bar + setw -g window-status-current-style bg=red + + # Increase history limit + set -g history-limit 50000 + + - path: /home/cl/nginx_logs.sql + owner: 'cl:cl' + defer: True + content: | + CREATE TABLE nginx_logs ( + timestamp TEXT, + ip_address TEXT, + remote_user TEXT, + request TEXT, + status_code INTEGER, + body_bytes_sent INTEGER, + http_referer TEXT, + http_user_agent TEXT + ); runcmd: # Generate the en_US.UTF-8 locale @@ -387,5 +499,4 @@ runcmd: - systemctl enable fail2ban && systemctl start fail2ban # Restart the SSH server to apply the new configuration - systemctl restart sshd - - sudo -u marcus /bin/bash /home/marcus/setup_user_all.sh - - sudo -u marcus ssh-keygen -t ed25519 -C "u1.metalisp" -f ~/.ssh/id_ed25519 -N "" + - sudo -u cl /bin/bash /home/cl/setup_user_all.sh