127 lines
3.3 KiB
TypeScript
127 lines
3.3 KiB
TypeScript
|
|
import * as yaml from "js-yaml";
|
||
|
|
|
||
|
|
export interface GetCloudInitConfigArgs {
|
||
|
|
sshAuthorizedKeys?: string[];
|
||
|
|
extraPackages?: string[];
|
||
|
|
additionalFiles?: {
|
||
|
|
path: string;
|
||
|
|
permissions: string;
|
||
|
|
content: string;
|
||
|
|
}[];
|
||
|
|
lateCommands?: string[];
|
||
|
|
}
|
||
|
|
|
||
|
|
export const getCloudInitConfig = (config: GetCloudInitConfigArgs) => {
|
||
|
|
const defaultCloudInitConfig = {
|
||
|
|
users: [
|
||
|
|
{
|
||
|
|
name: "root",
|
||
|
|
sudo: "ALL=(ALL) NOPASSWD:ALL",
|
||
|
|
"lock-passwd": false,
|
||
|
|
passwd:
|
||
|
|
"$6$hB5RrvU5$ll99.7zgATrkGEbInSRCF7o8t3TatZEYQK4QWqk6Ri.DT3LgG0l38Dz47CT.nBjLhhIUVgzIF6t2ZrWmDOcVl1",
|
||
|
|
ssh_authorized_keys: config.sshAuthorizedKeys || [],
|
||
|
|
},
|
||
|
|
{
|
||
|
|
name: "andiolsi",
|
||
|
|
sudo: "ALL=(ALL) NOPASSWD:ALL",
|
||
|
|
"lock-passwd": false,
|
||
|
|
passwd:
|
||
|
|
"$6$sKcNr2f8$AubrAJ..bZOPxnGVEWKQQrWShW/i7ClAZRvGLstrmeDcIS92/.BVCtYzgvg2tg6ub9rz8agfLRJg.ryDoM7jG/",
|
||
|
|
ssh_authorized_keys: config.sshAuthorizedKeys || [],
|
||
|
|
},
|
||
|
|
],
|
||
|
|
disable_root: false,
|
||
|
|
ssh_pwauth: false,
|
||
|
|
locale: "en_US.UTF-8",
|
||
|
|
mounts: [["tmpfs", "/var/log", "tmpfs", "defaults,size=10%", "0", "0"]],
|
||
|
|
package_update: true,
|
||
|
|
package_upgrade: true,
|
||
|
|
packages: [
|
||
|
|
"curl",
|
||
|
|
"apt-transport-https",
|
||
|
|
"ca-certificates",
|
||
|
|
"vim",
|
||
|
|
"jq",
|
||
|
|
"locales",
|
||
|
|
...(config.extraPackages || []),
|
||
|
|
],
|
||
|
|
write_files: [
|
||
|
|
{
|
||
|
|
path: "/etc/ssh/sshd_config.d/99-cloud-init-manual.conf",
|
||
|
|
permissions: "0600",
|
||
|
|
content: `
|
||
|
|
Port 222
|
||
|
|
PermitRootLogin without-password
|
||
|
|
PubkeyAuthentication yes
|
||
|
|
PubkeyAcceptedKeyTypes=+ssh-rsa
|
||
|
|
|
||
|
|
`,
|
||
|
|
},
|
||
|
|
{
|
||
|
|
path: "/etc/logrotate.d/var_log",
|
||
|
|
permissions: "0644",
|
||
|
|
content: `
|
||
|
|
/var/log/*.log {
|
||
|
|
daily
|
||
|
|
missingok
|
||
|
|
rotate 7
|
||
|
|
compress
|
||
|
|
delaycompress
|
||
|
|
notifempty
|
||
|
|
create 0640 root adm
|
||
|
|
sharedscripts
|
||
|
|
postrotate
|
||
|
|
systemctl reload rsyslog > /dev/null 2>/dev/null || true
|
||
|
|
endscript
|
||
|
|
}`,
|
||
|
|
},
|
||
|
|
{
|
||
|
|
path: "/etc/selinux/config",
|
||
|
|
permissions: "0644",
|
||
|
|
content: "SELINUX=disabled\nSELINUXTYPE=targeted\n",
|
||
|
|
},
|
||
|
|
{
|
||
|
|
path: "/etc/security/limits.conf",
|
||
|
|
permissions: "0644",
|
||
|
|
content: "* soft nofile 32768\n* hard nofile 65536\n",
|
||
|
|
},
|
||
|
|
{
|
||
|
|
path: "/etc/sysctl.d/99-custom.conf",
|
||
|
|
permissions: "0644",
|
||
|
|
content: `
|
||
|
|
net.ipv4.ip_forward=1
|
||
|
|
net.ipv4.conf.all.arp_ignore=1
|
||
|
|
net.ipv4.conf.all.arp_announce=2
|
||
|
|
net.ipv4.ip_nonlocal_bind=1
|
||
|
|
vm.dirty_ratio=10
|
||
|
|
vm.swappiness=0
|
||
|
|
vm.dirty_background_ratio=5
|
||
|
|
net.ipv6.conf.all.disable_ipv6=1
|
||
|
|
fs.nr_open=3000000
|
||
|
|
fs.file-max=3000000
|
||
|
|
fs.inotify.max_user_instances=1048576
|
||
|
|
fs.inotify.max_queued_events=1048576
|
||
|
|
fs.inotify.max_user_watches=1048576
|
||
|
|
vm.max_map_count=262144
|
||
|
|
net.netfilter.nf_conntrack_max=262144
|
||
|
|
net.netfilter.nf_conntrack_tcp_timeout_established=600
|
||
|
|
net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
|
||
|
|
net.netfilter.nf_conntrack_tcp_timeout_close_wait=30
|
||
|
|
net.netfilter.nf_conntrack_tcp_timeout_fin_wait=30
|
||
|
|
`,
|
||
|
|
},
|
||
|
|
...(config.additionalFiles || []),
|
||
|
|
],
|
||
|
|
runcmd: [
|
||
|
|
"echo never > /sys/kernel/mm/transparent_hugepage/enabled",
|
||
|
|
"echo never > /sys/kernel/mm/transparent_hugepage/defrag",
|
||
|
|
"systemctl stop apparmor || true",
|
||
|
|
"systemctl disable apparmor || true",
|
||
|
|
"sysctl --system",
|
||
|
|
...(config.lateCommands || []),
|
||
|
|
],
|
||
|
|
};
|
||
|
|
return `#cloud-config\n` + yaml.dump(defaultCloudInitConfig);
|
||
|
|
};
|