marcuskammer/cloudinit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' of git.sr.ht:~marcuskammer/cloudinit

Browse source
This commit is contained in:
Marcus Kammer 2023-11-04 16:07:25 +01:00
commit e8918a12c2
1 changed files with 134 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

157
sbcl-nginx.yml
View file

@ -1,7 +1,26 @@
#cloud-config #cloud-config
# Make sure to check the cloud-init logs: /var/log/cloud-init.log and /var/log/cloud-init-output.log # Make sure to check the cloud-init logs: /var/log/cloud-init.log and /var/log/cloud-init-output.log
# License: MIT
# Author: Marcus Kammer # Author: Marcus Kammer
# Tested: Ubuntu 22.04
# Copyright © 2023 Marcus Kammer
# Permission is hereby granted, free of charge, to any person obtaining a copy of
# this software and associated documentation files (the “Software”), to deal in
# the Software without restriction, including without limitation the rights to
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is furnished to do
# so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
locale: en_US.UTF-8 locale: en_US.UTF-8
keyboard: keyboard:
layout: us layout: us
@ -16,8 +35,8 @@ users:
shell: /usr/sbin/nologin shell: /usr/sbin/nologin
groups: nginxgroup groups: nginxgroup
sudo: null sudo: null
# Create a new user named 'marcus' # Create a new user named 'cl'
- name: marcus - name: cl
# Add the user to the 'users' and 'admin' groups # Add the user to the 'users' and 'admin' groups
groups: users, admin groups: users, admin
# Allow the user to execute any command with sudo without entering a password # Allow the user to execute any command with sudo without entering a password
@ -27,6 +46,7 @@ users:
# Add the user's public SSH key for key-based authentication # Add the user's public SSH key for key-based authentication
ssh_authorized_keys: ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+46Y3AHPLJgz8KK61doqH3jBX2TL3TJvZsJrB9Km03 visua@xps-8930 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+46Y3AHPLJgz8KK61doqH3jBX2TL3TJvZsJrB9Km03 visua@xps-8930
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB6xSH5nE0uy0C0kglpp4EqrbbW2CrBeAIj+X6Sf2pd0 XPS-8930-Ubuntu_22
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHJ5qpMIKL7N3nC0GG1O4ygtkqOlQuZReoik6xGBxn marcus@XPS-13-9380.local - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHJ5qpMIKL7N3nC0GG1O4ygtkqOlQuZReoik6xGBxn marcus@XPS-13-9380.local
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB6xSH5nE0uy0C0kglpp4EqrbbW2CrBeAIj+X6Sf2pd0 XPS-8930-Ubuntu_22 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB6xSH5nE0uy0C0kglpp4EqrbbW2CrBeAIj+X6Sf2pd0 XPS-8930-Ubuntu_22
@ -101,7 +121,7 @@ write_files:
# Specifies the command to use for the SFTP subsystem # Specifies the command to use for the SFTP subsystem
Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp /usr/lib/openssh/sftp-server
# Specifies the user(s) allowed to log in via SSH (in this case, only the user "marcus") # Specifies the user(s) allowed to log in via SSH (in this case, only the user "marcus")
AllowUsers marcus AllowUsers cl
- path: /etc/fail2ban/jail.local - path: /etc/fail2ban/jail.local
content: | content: |
@ -273,14 +293,13 @@ write_files:
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / { location / {
root /home/marcus/www/u1/docs/public; root /home/cl/www/u1/docs/public;
index index.html; index index.html;
} }
} }
write_files: - path: /home/cl/setup_git.sh
- path: /home/marcus/setup_git.sh owner: 'cl:cl'
owner: 'marcus:marcus'
permissions: '0755' permissions: '0755'
defer: True defer: True
content: | content: |
@ -289,39 +308,132 @@ write_files:
git config --global user.name "Marcus Kammer" git config --global user.name "Marcus Kammer"
git config --global init.defaultBranch main git config --global init.defaultBranch main
- path: /home/marcus/setup_repos.sh - path: /home/cl/setup_repos.sh
owner: 'marcus:marcus' owner: 'cl:cl'
permissions: '0755' permissions: '0755'
defer: True defer: True
content: | content: |
#!/bin/bash #!/bin/bash
# Clone the SBCL repository for a specific branch and depth. # Clone the SBCL repository for a specific branch and depth.
# Version is equal to the sbcl version available in ubuntu apt-get repo. # Version is equal to the sbcl version available in ubuntu apt-get repo.
git clone --depth 1 --branch sbcl-2.1.11 git://git.code.sf.net/p/sbcl/sbcl /home/marcus/sbcl git clone --depth 1 --branch sbcl-2.1.11 git://git.code.sf.net/p/sbcl/sbcl /home/cl/sbcl
# Clone the SLIME repository for a specific branch and depth # Clone the SLIME repository for a specific branch and depth
git clone --depth 1 --branch v2.28 https://github.com/slime/slime.git /home/marcus/slime git clone --depth 1 --branch v2.28 https://github.com/slime/slime.git /home/cl/slime
- path: /home/marcus/setup_quicklisp.sh - path: /home/cl/setup_quicklisp.sh
owner: 'marcus:marcus' owner: 'cl:cl'
permissions: '0755' permissions: '0755'
defer: True defer: True
content: | content: |
#!/bin/bash #!/bin/bash
# Needs to be run manually, cant be run automatically. # Needs to be run manually, cant be run automatically.
# If runs automatically, `quicklisp.lisp' cant be find by sbcl. # If runs automatically, `quicklisp.lisp' cant be find by sbcl.
curl https://beta.quicklisp.org/quicklisp.lisp -o /home/marcus/quicklisp.lisp && chown marcus:marcus /home/marcus/quicklisp.lisp curl https://beta.quicklisp.org/quicklisp.lisp -o /home/cl/quicklisp.lisp && chown cl:cl /home/cl/quicklisp.lisp
sbcl --load quicklisp.lisp --non-interactive --eval '(quicklisp-quickstart:install)' --quit sbcl --load quicklisp.lisp --non-interactive --eval '(quicklisp-quickstart:install)' --quit
curl https://git.sr.ht/~marcuskammer/cloudinit/blob/main/.sbclrc -o /home/marcus/.sbclrc && chown marcus:marcus /home/marcus/.sbclrc curl https://git.sr.ht/~marcuskammer/cloudinit/blob/main/.sbclrc -o /home/cl/.sbclrc && chown cl:cl /home/cl/.sbclrc
sbcl --non-interactive --eval "(ql:quickload '(:hunchentoot :spinneret :dexador :rove :vecto :woo :clsql-sqlite3))" --quit sbcl --non-interactive --eval "(ql:quickload '(:hunchentoot :jonathan :spinneret :dexador :rove :vecto :woo :clsql-sqlite3 :mito :bknr.datastore))" --quit
- path: /home/marcus/setup_user_all.sh - path: /home/cl/block_openai.sh
owner: 'marcus:marcus' owner: 'cl:cl'
permissions: '0755' permissions: '0755'
defer: True defer: True
content: | content: |
#!/bin/bash #!/bin/bash
/bin/bash /home/marcus/setup_git.sh # Purpose: Block OpenAI ChatGPT bot CIDR
/bin/bash /home/marcus/setup_repos.sh # Tested on: Debian and Ubuntu Linux
# Author: Vivek Gite {https://www.cyberciti.biz} under GPL v2.x+
# ------------------------------------------------------------------
file="/tmp/out.txt.$$"
wget -q -O "$file" https://openai.com/gptbot-ranges.txt 2>/dev/null
while IFS= read -r cidr
do
sudo ufw deny proto tcp from $cidr to any port 80
sudo ufw deny proto tcp from $cidr to any port 443
done < "$file"
[ -f "$file" ] && rm -f "$file"
- path: /home/cl/setup_user_all.sh
owner: 'cl:cl'
permissions: '0755'
defer: True
content: |
#!/bin/bash
/bin/bash /home/cl/setup_git.sh
/bin/bash /home/cl/setup_repos.sh
ssh-keygen -t ed25519 -C 'u1.metalisp' -f ~/.ssh/id_ed25519 -N ''
mkdir -p ~/www/u1/docs/
- path: /home/cl/.tmux.conf
owner: 'cl:cl'
permissions: '0755'
defer: True
content: |
# Improve colors and set TERM correctly inside tmux
set -g default-terminal "screen-256color"
# Set prefix key to Ctrl-a, like GNU Screen
unbind C-b
set -g prefix C-a
bind C-a send-prefix
# Enable mouse support
set -g mouse on
# Use Alt-arrow keys to switch panes
bind -n M-Left select-pane -L
bind -n M-Right select-pane -R
bind -n M-Up select-pane -U
bind -n M-Down select-pane -D
# Use Alt+h/j/k/l to resize panes
bind -n M-h resize-pane -L 2
bind -n M-j resize-pane -D 2
bind -n M-k resize-pane -U 2
bind -n M-l resize-pane -R 2
# Split panes with | and -
bind | split-window -h
bind - split-window -v
# Reload tmux config
bind r source-file ~/.tmux.conf
# Quick pane cycling
unbind ^A
bind ^A select-pane -t :.+
# Enable clipboard support on macOS
# Uncomment the line below if you are on macOS and have reattach-to-user-namespace installed
# set-option -g default-command "reattach-to-user-namespace -l $SHELL"
# Set status bar
set -g status-bg black
set -g status-fg white
set -g status-interval 5
set -g status-left "#[fg=green]#H"
set -g status-right "#[fg=yellow]#(date '+%Y-%m-%d %H:%M')"
# Highlight active window in status bar
setw -g window-status-current-style bg=red
# Increase history limit
set -g history-limit 50000
- path: /home/cl/nginx_logs.sql
owner: 'cl:cl'
defer: True
content: |
CREATE TABLE nginx_logs (
timestamp TEXT,
ip_address TEXT,
remote_user TEXT,
request TEXT,
status_code INTEGER,
body_bytes_sent INTEGER,
http_referer TEXT,
http_user_agent TEXT
);
runcmd: runcmd:
# Generate the en_US.UTF-8 locale # Generate the en_US.UTF-8 locale
@ -387,5 +499,4 @@ runcmd:
- systemctl enable fail2ban && systemctl start fail2ban - systemctl enable fail2ban && systemctl start fail2ban
# Restart the SSH server to apply the new configuration # Restart the SSH server to apply the new configuration
- systemctl restart sshd - systemctl restart sshd
- sudo -u marcus /bin/bash /home/marcus/setup_user_all.sh - sudo -u cl /bin/bash /home/cl/setup_user_all.sh
- sudo -u marcus ssh-keygen -t ed25519 -C "u1.metalisp" -f ~/.ssh/id_ed25519 -N ""