zed-lake/zed-lake.yaml

#cloud-config
users:
  - name: zed
    lock_passwd: false
    passwd: your-hashed-passwd # openssl passwd -6 can create a hashed password
    ssh_authorized_keys:
      - your-ssh-PUBLIC-KEY
    shell: /bin/bash
    groups: wheel
    sudo: ['ALL=(ALL) NOPASSWD: ALL'] # optional, make sure to secure access to the instance/VM
write_files:
  - path: /etc/ssh/sshd_config
    content: |
         Protocol 2
         HostKey /etc/ssh/ssh_host_rsa_key
         HostKey /etc/ssh/ssh_host_dsa_key
         HostKey /etc/ssh/ssh_host_ecdsa_key
         HostKey /etc/ssh/ssh_host_ed25519_key         
         SyslogFacility AUTH
         LogLevel INFO
         LoginGraceTime 120
         PasswordAuthentication no
         PermitRootLogin no
         StrictModes yes
         PubkeyAuthentication yes
         IgnoreRhosts yes
         HostbasedAuthentication no
         PermitEmptyPasswords no
         ChallengeResponseAuthentication no
         PrintLastLog yes
         TCPKeepAlive yes
         AcceptEnv LANG LC_*         
         UsePAM yes
  - path: /usr/lib/systemd/system/zed-lake.service
    content: |
         [Unit]
         Description=Zed Lake Service
         After=network.target
         
         [Service]
         ExecStart=/opt/Zui/resources/app.asar.unpacked/zdeps/zed serve -l :9867 -lake /home/zed/.config/Zui/lake -log.level=info -log.filemode=rotate -log.path=/home/zed/.config/Zui/logs/zlake.log
         Restart=always
         User=zed
         
         [Install]
         WantedBy=multi-user.target
package_update: true
package_upgrade: true
packages:
  - vim
  - firewalld
runcmd:
  - systemctl enable --now firewalld
  - firewall-cmd --permanent --add-port 9867/tcp
  - firewall-cmd --reload
  - dnf install -y https://github.com/brimdata/zui/releases/download/v1.18.0/Zui-1.18.0.x86_64.rpm
  - mkdir -p /home/zed/.config/Zui/lake /home/zed/.config/Zui/plugins/brimcap/storage/root /home/zed/.config/Zui/logs
  - chown zed:zed -R /home/zed/.config
  - find /opt/Zui/resources/app.asar.unpacked/zdeps/suricata -exec chmod go+w {} \;
  - /opt/Zui/resources/app.asar.unpacked/zdeps/suricata/suricataupdater
  - systemctl daemon-reload
  - systemctl enable --now zed-lake.service
package_reboot_if_required: true
adding zed-lake project 2025-10-13 20:30:00 +00:00			`#cloud-config`
			`users:`
			`- name: zed`
			`lock_passwd: false`
			`passwd: your-hashed-passwd # openssl passwd -6 can create a hashed password`
			`ssh_authorized_keys:`
			`- your-ssh-PUBLIC-KEY`
			`shell: /bin/bash`
			`groups: wheel`
			`sudo: ['ALL=(ALL) NOPASSWD: ALL'] # optional, make sure to secure access to the instance/VM`
			`write_files:`
			`- path: /etc/ssh/sshd_config`
			`content: \|`
			`Protocol 2`
			`HostKey /etc/ssh/ssh_host_rsa_key`
			`HostKey /etc/ssh/ssh_host_dsa_key`
			`HostKey /etc/ssh/ssh_host_ecdsa_key`
			`HostKey /etc/ssh/ssh_host_ed25519_key`
			`SyslogFacility AUTH`
			`LogLevel INFO`
			`LoginGraceTime 120`
			`PasswordAuthentication no`
			`PermitRootLogin no`
			`StrictModes yes`
			`PubkeyAuthentication yes`
			`IgnoreRhosts yes`
			`HostbasedAuthentication no`
			`PermitEmptyPasswords no`
			`ChallengeResponseAuthentication no`
			`PrintLastLog yes`
			`TCPKeepAlive yes`
			`AcceptEnv LANG LC_*`
			`UsePAM yes`
			`- path: /usr/lib/systemd/system/zed-lake.service`
			`content: \|`
			`[Unit]`
			`Description=Zed Lake Service`
			`After=network.target`

			`[Service]`
			`ExecStart=/opt/Zui/resources/app.asar.unpacked/zdeps/zed serve -l :9867 -lake /home/zed/.config/Zui/lake -log.level=info -log.filemode=rotate -log.path=/home/zed/.config/Zui/logs/zlake.log`
			`Restart=always`
			`User=zed`

			`[Install]`
			`WantedBy=multi-user.target`
			`package_update: true`
			`package_upgrade: true`
			`packages:`
			`- vim`
			`- firewalld`
			`runcmd:`
			`- systemctl enable --now firewalld`
			`- firewall-cmd --permanent --add-port 9867/tcp`
			`- firewall-cmd --reload`
			`- dnf install -y https://github.com/brimdata/zui/releases/download/v1.18.0/Zui-1.18.0.x86_64.rpm`
			`- mkdir -p /home/zed/.config/Zui/lake /home/zed/.config/Zui/plugins/brimcap/storage/root /home/zed/.config/Zui/logs`
			`- chown zed:zed -R /home/zed/.config`
			`- find /opt/Zui/resources/app.asar.unpacked/zdeps/suricata -exec chmod go+w {} \;`
			`- /opt/Zui/resources/app.asar.unpacked/zdeps/suricata/suricataupdater`
			`- systemctl daemon-reload`
			`- systemctl enable --now zed-lake.service`
			`package_reboot_if_required: true`