added cloud install role/playbook

1 files changed, 25 insertions, 0 deletions

diff --git a/roles/cloud-install/templates/hetzner_postinst.sh.j2 b/roles/cloud-install/templates/hetzner_postinst.sh.j2
new file mode 100644
index 00000000..3aa33c76
--- /dev/null
+++ b/roles/cloud-install/templates/hetzner_postinst.sh.j2
@@ -0,0 +1,25 @@
+#!/bin/bash
+set -euf -o pipefail
+
+apt-get update
+apt-get full-upgrade -y
+apt-get install -y --no-install-recommends openssh-server python
+
+passwd -d root && passwd -l root
+{% if install_distro == "debian" %}
+sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces
+{% endif %}
+sed -r 's#(\s+/var/log\s+ext4\s+)defaults#\1noatime,nodev,noexec#g' -i /etc/fstab
+
+mkdir -p -m 0700 /target/root/.ssh
+cat <<EOK > /root/.ssh/authorized_keys
+{{ ssh_keys_root | join('\n') }}
+EOK
+{% if hostvars[hostname].ansible_port is defined %}
+sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[hostname].ansible_port }}/' -i /etc/ssh/sshd_config
+{% endif %}
+
+{# this is actually only needed on ubuntu bionic and beyond but should not hurt on other installations either #}
+swapoff -a; sed -e '/^\/swapfile/d' -i /etc/fstab; rm -f /swapfile
+
+echo "postinst.sh finished successfully"