Compare commits
No commits in common. "stackscript" and "main" have entirely different histories.
stackscrip
...
main
4 changed files with 7 additions and 108 deletions
2
config
2
config
|
@ -1 +1 @@
|
||||||
Subproject commit c87059bbe4d1478e6319e02c2eda35a68f369beb
|
Subproject commit 099c48acfad1cc0f4a6f09cbf0e691604f9d2f74
|
|
@ -13,7 +13,6 @@ type platform struct {
|
||||||
Region string `json:"region"`
|
Region string `json:"region"`
|
||||||
Tags []string `json:"tags"`
|
Tags []string `json:"tags"`
|
||||||
Volumes []volumeConfig `json:"volumes"`
|
Volumes []volumeConfig `json:"volumes"`
|
||||||
StackScript stackScriptConfig `json:"stackScript"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type domainConfig struct {
|
type domainConfig struct {
|
||||||
|
@ -63,14 +62,6 @@ type volumeConfig struct {
|
||||||
Size int32 `json:"size"`
|
Size int32 `json:"size"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type stackScriptConfig struct {
|
|
||||||
Label string `json:"label"`
|
|
||||||
Description string `json:"description"`
|
|
||||||
Public bool `json:"public"`
|
|
||||||
SharedGroupGid int32 `json:"sharedGroupGid"`
|
|
||||||
AuthorizedKey string `json:"authorizedKey"`
|
|
||||||
}
|
|
||||||
|
|
||||||
func newConfig(path string) (*platform, error) {
|
func newConfig(path string) (*platform, error) {
|
||||||
f, err := os.Open(path)
|
f, err := os.Open(path)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
46
main.go
46
main.go
|
@ -2,10 +2,8 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"bytes"
|
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
"strconv"
|
||||||
"text/template"
|
|
||||||
|
|
||||||
"github.com/pulumi/pulumi-linode/sdk/v3/go/linode"
|
"github.com/pulumi/pulumi-linode/sdk/v3/go/linode"
|
||||||
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
|
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
|
||||||
|
@ -26,10 +24,6 @@ func infra(ctx *pulumi.Context) error {
|
||||||
return fmt.Errorf("unable to load the platform configuration; %w", err)
|
return fmt.Errorf("unable to load the platform configuration; %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := stackscript(ctx, p); err != nil {
|
|
||||||
return fmt.Errorf("unable to manage the StackScript; %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
instanceDetails, err := instance(ctx, p);
|
instanceDetails, err := instance(ctx, p);
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("unable to manage the instance; %w", err)
|
return fmt.Errorf("unable to manage the instance; %w", err)
|
||||||
|
@ -199,46 +193,6 @@ func instance(ctx *pulumi.Context, cfg *platform) (instanceOutput, error) {
|
||||||
return output, nil
|
return output, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func stackscript(ctx *pulumi.Context, cfg *platform) error {
|
|
||||||
script, err := stackscriptText(cfg)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
args := linode.StackScriptArgs{
|
|
||||||
Label: pulumi.String(cfg.StackScript.Label),
|
|
||||||
Description: pulumi.String(cfg.StackScript.Description),
|
|
||||||
Script: pulumi.String(script),
|
|
||||||
IsPublic: pulumi.Bool(cfg.StackScript.Public),
|
|
||||||
Images: pulumi.StringArray{
|
|
||||||
pulumi.String("linode/alpine3.17"),
|
|
||||||
pulumi.String("linode/alpine3.16"),
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
_, err = linode.NewStackScript(ctx, cfg.StackScript.Label, &args)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("unable to update StackScript; %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func stackscriptText(cfg *platform) (string, error) {
|
|
||||||
tmpl, err := template.New("stackscript.gotmpl").ParseFiles("./templates/stackscript.gotmpl")
|
|
||||||
if err != nil {
|
|
||||||
return "", fmt.Errorf("unable to get the StackScript template; %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
var b bytes.Buffer
|
|
||||||
|
|
||||||
if err := tmpl.Execute(&b, cfg); err != nil {
|
|
||||||
return "", err
|
|
||||||
}
|
|
||||||
|
|
||||||
return b.String(), nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func readme(ctx *pulumi.Context) error {
|
func readme(ctx *pulumi.Context) error {
|
||||||
data, err := os.ReadFile("./README.md")
|
data, err := os.ReadFile("./README.md")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -1,46 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# Upgrade system and install required packages
|
|
||||||
apk update
|
|
||||||
apk upgrade
|
|
||||||
|
|
||||||
apk add \
|
|
||||||
curl \
|
|
||||||
docker \
|
|
||||||
openntpd \
|
|
||||||
openssh \
|
|
||||||
shadow \
|
|
||||||
tzdata
|
|
||||||
|
|
||||||
groupadd -g {{ .StackScript.SharedGroupGid }} shared-flow
|
|
||||||
groupadd -g 1001 flow
|
|
||||||
useradd -s /bin/bash -g 1001 -u 1001 -m -G docker,shared-flow flow
|
|
||||||
|
|
||||||
mkdir /home/flow/.ssh
|
|
||||||
chmod 0700 /home/flow/.ssh
|
|
||||||
chown flow:flow /home/flow/.ssh
|
|
||||||
touch /home/flow/.ssh/authorized_keys
|
|
||||||
chown flow:flow /home/flow/.ssh/authorized_keys
|
|
||||||
chmod 0600 /home/flow/.ssh/authorized_keys
|
|
||||||
echo "{{ .StackScript.AuthorizedKey }}" | tee /home/flow/.ssh/authorized_keys
|
|
||||||
|
|
||||||
# TODO: Mount volume and edit /etc/fstab
|
|
||||||
|
|
||||||
# TODO: SSH Hardening (backup original config)
|
|
||||||
# Port 3142
|
|
||||||
# PermitRootLogin no
|
|
||||||
# PasswordAuthentication no
|
|
||||||
# PermitEmptyPasswords no
|
|
||||||
# AllowTcpForwarding no
|
|
||||||
# GatewayPorts no
|
|
||||||
# X11Forwarding no
|
|
||||||
|
|
||||||
# Set the timezone and local time
|
|
||||||
mkdir -p /etc/zoneinfo/Europe
|
|
||||||
chmod -R 0755 /etc/zoneinfo
|
|
||||||
cp /usr/share/zoneinfo/Europe/London /etc/zoneinfo/Europe/
|
|
||||||
ln -fs /etc/zoneinfo/Europe/London /etc/localtime
|
|
||||||
echo "Europe/London" > /etc/timezone
|
|
||||||
apk del tzdata
|
|
Loading…
Reference in a new issue