-
Notifications
You must be signed in to change notification settings - Fork 9
/
instance-dns.yml
69 lines (54 loc) · 2.76 KB
/
instance-dns.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#cloud-config
# Dynamic DNS server for instances.
# Makes <instance-id>.instance.encodedcc.org and <name>.instance.encodedcc.org resolve.
# Run on a t2.micro instance with Ubuntu 14.04.
# Security group: ssh-dns.
# IAM role: demo-dns-server.
# $ aws ec2 run-instances --user-data file://instance-dns.yml --security-groups "ssh-dns" --iam-instance-profile Name="demo-dns-server" --image-id ami-5189a661 --instance-type t2.micro --region us-west-2
# Associate elastic-ip address for instance.encodedcc.org NS record.
# $ aws ec2 associate-address --public-ip 52.25.250.155 --region us-west-2 --instance-id i-xxxx
bootcmd:
- cloud-init-per once ssh-users-ca echo "TrustedUserCAKeys /etc/ssh/users_ca.pub" >> /etc/ssh/sshd_config
runcmd:
- set -e
- sudo -u ubuntu GOPATH=/home/ubuntu/gobuild go get github.com/ConradIrwin/aws-name-server
- cp /home/ubuntu/gobuild/bin/aws-name-server /usr/local/bin/
- setcap cap_net_bind_service=+ep /usr/local/bin/aws-name-server
- initctl start aws-name-server
output:
all: '| tee -a /var/log/cloud-init-output.log'
package_upgrade: true
packages:
- golang
- git
- ntp
- unattended-upgrades
- update-notifier-common
power_state:
mode: reboot
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWCTZCWznGwbZSnKOwJ3fTPo6DHQIFBwOmzfQ8HBnOKD5PuJRuR1/ZkpzxAuMVkLslAgd7hMQx3YzJb85YgoZVnVNxpCtg51u5B/2uYoJEU8wEUCR1XKQ5u7v7R+Bw8M11jLjjonGrvW+kREij6pRnEzdwEyoVHTAjtKVJXwR1U+Bisq3U3rvOQygoW6IuFXucfOx/OdcqL7JtqDc6xjgUlJfvn3/bZ5y+NuJtWIj9sayLGEVbW4D0iTMk+cXGDiQP4cqEbSJK/XbiGthPHJnkmjWbN1qmV+fXvnz2e+sIlxd4In7K+S/Jgg/+SkLHkOQOhMijqvjqjuWV7vuhT5AP [email protected]
write_files:
- path: /etc/apt/apt.conf.d/20auto-upgrades
content: |
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
- path: /etc/apt/apt.conf.d/50unattended-upgrades
content: |
Unattended-Upgrade::Allowed-Origins {
"${distro_id} ${distro_codename}-security";
};
Unattended-Upgrade::Automatic-Reboot "true";
- path: /etc/init/aws-name-server.conf
content: |
# upstart script for aws-name-server
description "AWS Name Server"
start on filesystem or runlevel [2345]
stop on runlevel [!2345]
respawn
respawn limit 10 5
setuid nobody
setgid nogroup
exec /usr/local/bin/aws-name-server --aws-region us-west-2 --domain instance.clinicalgenome.org
- path: /etc/ssh/users_ca.pub
content: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmiM5UBd3Rant92xxhCVZFW+U+gUN3aLkICO1gzOGr/Ps173YgzgVPmdKdiI6vBzCZ8BXMG/aeiBHk2LKA+vFjh1/sFRA51nA+hnBzXuIbWYpsTHaGG3BFhnAP8tzDm/7MYRkIeXLwZRwTeFtrMd9MR/HGBVG5HmbM/jtrvTRWZVwFnXRxLQ3Rs5Y9v1QKOrZs4w5tt3iKBiBr+kJKhDHV5O8COowxjcfSqCZmfafVJQNR+8Dg6cvaizqY+ykHpgzc+a7oXJfo1LDDQELl0DGIPDIa340jMDjSSVV0o+RpjbIXTtH4m3TDpKRmZsTQrnHCMNSp5Uk7mMkhKwIwX1SP [email protected]