#!/bin/env bash # Prepended to this automatically are the following: #SERVER= #HOSTNAME= #ROLES= #REPO_URL= #BRANCH= #SSH_SECRET_ID= if ! curl -s -m 5 http://169.254.169.254/latest/dynamic/instance-identity/document | grep instanceId; then echo "This should be run on AWS instances, not locally." exit 1 fi set -e set -x # Set the hostname early echo "$HOSTNAME" > /etc/hostname hostname "$HOSTNAME" sed -i "s/localhost$/localhost $HOSTNAME $SERVER/" /etc/hosts # Delete the ubuntu user userdel ubuntu # Make sure root doesn't have a password passwd -d root # Allow root logins sed -i 's/disable_root: true/disable_root: false/' /etc/cloud/cloud.cfg # Dependencies to install AWS CLI ( export DEBIAN_FRONTEND=noninteractive apt-get -qy update apt-get -qy -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold" upgrade apt-get -qy install jq unzip wget apt-get -qy autoclean ) # The following line gets subbed in with the contents of bootstrap-awscli AWS= # Set up AWS so we can use the role credentials we were started with, which give secrets access mkdir -p /root/.aws cat >/root/.aws/config < "$SSHDIR/id_rsa.pub" echo "$KEYDATA" | jq -r .private | base64 -d > "$SSHDIR/id_rsa" chown -R "$USERNAME:$USERNAME" "$SSHDIR" chmod 600 "$SSHDIR/id_rsa" } install_keys root # Provide GitHub known_hosts setup; you can verify against fingerprints at # https://docs.github.com/en/github/authenticating-to-github/githubs-ssh-key-fingerprints # via `ssh-keygen -lf` cat >/root/.ssh/known_hosts <