Example Cloud init Script - dshoreman/servidor GitHub Wiki

#cloud-config
hostname: YOUR_HOSTNAME
fqdn: YOUR_HOSTNAME.YOUR_DOMAIN.TLD
prefer_fqdn_over_hostname: true
users:
  - name: YOUR_USER
    shell: /bin/fish
    groups: users, admin, adm
    sudo: ALL=(ALL) NOPASSWD:ALL
    lock_passwd: true
    ssh_import_id:
      - gh:YOUR_GITHUB_USER
locale: en_GB
timezone: Etc/UTC
packages:
  - fish
  - nginx
  - fail2ban
package_update: true
package_upgrade: true
disable_root: true
runcmd:
  - printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local
  - systemctl enable fail2ban
  - ufw allow 'Nginx Full'
  - ufw allow OpenSSH
  - ufw allow 8042
  - ufw enable
  - sed -i '$a AllowUsers YOUR_USER' /etc/ssh/sshd_config
  - sed -i -E '/^#?PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
  - sed -i -E '/^#?PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
  - sed -i -E '/^#?X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
  - sed -i -E '/^#?MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
  - sed -i -E '/^#?AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
  - sed -i -E '/^#?AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
  - sed -i -E '/^#?AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
  - systemctl restart ssh.service
  - |
    curl -sSL -o /tmp/setup-servidor.sh \
      https://github.com/dshoreman/servidor/releases/download/v0.16.0/setup.sh
  - |
    bash /tmp/setup-servidor.sh -v --branch master \
      --pusher 1234567:123abc45d67890e12f34:12345a6b7890c1defa2b