Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update cloud-init.yml #139

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 29 additions & 7 deletions cloud/cloud-init.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
#cloud-config

package_update: true

package_upgrade: true

packages:
Expand All @@ -10,13 +9,36 @@ packages:
- gnupg
- lsb-release
- git

runcmd:
- sudo mkdir -p /etc/apt/keyrings
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --import
- FINGERPRINT="9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88"
- if [ "$(sudo gpg --verify-options show-notations --verify /etc/apt/keyrings/docker.gpg | grep "$FINGERPRINT" | wc -l)" -eq 0 ]; then echo "Docker keyring fingerprint does not match expected value." && exit 1; fi
- echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
- sudo apt-get update
- sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
- git clone https://github.com/WhatsApp/proxy.git $HOME/whatsapp-proxy
- docker compose -f $HOME/whatsapp-proxy/proxy/ops/docker-compose.yml up -d

- sudo apt-get install -y docker-ce=5:20.10.2~ce~3-0~ubuntu
- sudo useradd -r -s /sbin/nologin docker
- sudo usermod -aG docker $USER
- echo 'DOCKER_OPTS="-H unix:///var/run/docker.sock --userland-proxy-path /usr/lib/docker/docker-proxy-current -g /var/lib/docker --userland-proxy-user=docker --userland-proxy-group=docker"' | sudo tee -a /etc/default/docker
- sudo systemctl enable --now docker
- export GIT_REPO_URL=$(cat /path/to/secrets/git_repo_url.txt)
- git clone $GIT_REPO_URL $HOME/whatsapp-proxy
- sudo chown -R $USER:docker $HOME/whatsapp-proxy
- docker-compose -f $HOME/whatsapp-proxy/proxy/ops/docker-compose.yml up -d
- sudo apt-get install -y lynis
- sudo lynis audit system
- sudo apt-get install -y docker-bench-security
- sudo docker-bench-security
- sudo apt-get install -y clamav
- sudo freshclam
- sudo clamscan -r $HOME/whatsapp-proxy
- sudo apt-get install -y fail2ban
- sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
- sudo echo "[sshd]" | sudo tee -a /etc/fail2ban/jail.local
- sudo echo "enabled = true" | sudo tee -a /etc/fail2ban/jail.local
- sudo echo "port = 22" | sudo tee -a /etc/fail2ban/jail.local
- sudo echo "filter = sshd" | sudo tee -a /etc/fail2ban/jail.local
- sudo echo "logpath = /var/log/auth.log" | sudo tee -a /etc/fail2ban/jail.local
- sudo echo "maxretry = 3" | sudo tee -a /etc/fail2ban/jail.local
- sudo systemctl enable --now fail2ban