-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.yaml
123 lines (83 loc) · 2.6 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
tags: &tags
- ideme
droplet:
name: ideme
region: lon1
size: s-1vcpu-1gb
image:
slug: ubuntu-20-10-x64
destroy:
minutes: 5
application:
image: theiaide/theia:next
infrastructure:
vpc:
name: ideme
region: lon1
description: "Keeps the publically accessible ideme resources isolated."
domain:
name: clustr.sh
type: "A"
project:
name: ideme
description: "ideme Tooling"
purpose: "To make technical interviewing easier."
env: Production
firewall:
name: "idme-firewall"
rules:
inbound:
- protocol: tcp
portRange: 443
sources:
addresses:
- "0.0.0.0/0"
- "::/0"
outbound:
- protocol: tcp
portRange: 443
destinations:
addresses:
- "0.0.0.0/0"
- "::/0"
tags: *tags
ssh:
name: "ideme public key"
userData: "#!/bin/sh
useradd -m -G users -s /bin/bash ideme
groupadd docker
usermod -aG docker ideme
echo 'ideme ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
mkdir -p /home/ideme/.ssh
cat /root/.ssh/authorized_keys >> /home/ideme/.ssh/authorized_keys
su ideme
sudo ufw disable
sudo fallocate -l 1G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo cp /etc/fstab /etc/fstab.bak
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
sudo apt-get purge do-agent
curl -sSL https://repos.insights.digitalocean.com/install.sh -o /tmp/install.sh
sudo bash /tmp/install.sh
sudo apt-get update
sudo apt install -y git docker.io apache2-utils
sudo sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -i -e '$aAllowUsers ideme' /etc/ssh/sshd_config
sudo restart ssh
sudo eval `ssh-agent -s`
sudo mkdir -p /etc/nginx/htpasswd
sudo touch /etc/nginx/htpasswd/FULL_APP_DOMAIN
sudo htpasswd -b -c /etc/nginx/htpasswd/FULL_APP_DOMAIN RANDOM_USERNAME RANDOM_PASSWORD
sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
mkdir /home/ideme/theia
cd /home/ideme/theia
curl https://raw.githubusercontent.com/ngfgrant/ideme/main/do/nginx-proxy-compose.yaml > nginx-proxy-compose.yaml
curl https://raw.githubusercontent.com/ngfgrant/ideme/main/do/app-compose.yaml > app-compose.yaml
sudo sed -i -e 's/UNIQUE_APP_DOMAIN/FULL_APP_DOMAIN/g' app-compose.yaml
sudo sed -i -e 's/APPLICATION_IMAGE/APPLICATION_DOCKER_IMAGE/g' app-compose.yaml
docker-compose -f nginx-proxy-compose.yaml up -d
docker-compose -f app-compose.yaml up -d
"