From 3c55ccb22322f107c8b82a824e5e28a576af9ae0 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 13 Apr 2019 23:31:30 +0200
Subject: added cloud install role/playbook

---
 .../cloud-install/templates/hetzner_postinst.sh.j2 | 25 ++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 roles/cloud-install/templates/hetzner_postinst.sh.j2

(limited to 'roles/cloud-install/templates/hetzner_postinst.sh.j2')

diff --git a/roles/cloud-install/templates/hetzner_postinst.sh.j2 b/roles/cloud-install/templates/hetzner_postinst.sh.j2
new file mode 100644
index 00000000..3aa33c76
--- /dev/null
+++ b/roles/cloud-install/templates/hetzner_postinst.sh.j2
@@ -0,0 +1,25 @@
+#!/bin/bash
+set -euf -o pipefail
+
+apt-get update
+apt-get full-upgrade -y
+apt-get install -y --no-install-recommends openssh-server python
+
+passwd -d root && passwd -l root
+{% if install_distro == "debian" %}
+sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces
+{% endif %}
+sed -r 's#(\s+/var/log\s+ext4\s+)defaults#\1noatime,nodev,noexec#g' -i /etc/fstab
+
+mkdir -p -m 0700 /target/root/.ssh
+cat <<EOK > /root/.ssh/authorized_keys
+{{ ssh_keys_root | join('\n') }}
+EOK
+{% if hostvars[hostname].ansible_port is defined %}
+sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[hostname].ansible_port }}/' -i /etc/ssh/sshd_config
+{% endif %}
+
+{# this is actually only needed on ubuntu bionic and beyond but should not hurt on other installations either #}
+swapoff -a; sed -e '/^\/swapfile/d' -i /etc/fstab; rm -f /swapfile
+
+echo "postinst.sh finished successfully"
-- 
cgit v1.2.3