adding zed-lake project

zed-lake/zed-lake.yaml

@@ -0,0 +1,63 @@
+#cloud-config
+users:
+  - name: zed
+    lock_passwd: false
+    passwd: your-hashed-passwd # openssl passwd -6 can create a hashed password
+    ssh_authorized_keys:
+      - your-ssh-PUBLIC-KEY
+    shell: /bin/bash
+    groups: wheel
+    sudo: ['ALL=(ALL) NOPASSWD: ALL'] # optional, make sure to secure access to the instance/VM
+write_files:
+  - path: /etc/ssh/sshd_config
+    content: |
+         Protocol 2
+         HostKey /etc/ssh/ssh_host_rsa_key
+         HostKey /etc/ssh/ssh_host_dsa_key
+         HostKey /etc/ssh/ssh_host_ecdsa_key
+         HostKey /etc/ssh/ssh_host_ed25519_key         
+         SyslogFacility AUTH
+         LogLevel INFO
+         LoginGraceTime 120
+         PasswordAuthentication no
+         PermitRootLogin no
+         StrictModes yes
+         PubkeyAuthentication yes
+         IgnoreRhosts yes
+         HostbasedAuthentication no
+         PermitEmptyPasswords no
+         ChallengeResponseAuthentication no
+         PrintLastLog yes
+         TCPKeepAlive yes
+         AcceptEnv LANG LC_*         
+         UsePAM yes
+  - path: /usr/lib/systemd/system/zed-lake.service
+    content: |
+         [Unit]
+         Description=Zed Lake Service
+         After=network.target
+         
+         [Service]
+         ExecStart=/opt/Zui/resources/app.asar.unpacked/zdeps/zed serve -l :9867 -lake /home/zed/.config/Zui/lake -log.level=info -log.filemode=rotate -log.path=/home/zed/.config/Zui/logs/zlake.log
+         Restart=always
+         User=zed
+         
+         [Install]
+         WantedBy=multi-user.target
+package_update: true
+package_upgrade: true
+packages:
+  - vim
+  - firewalld
+runcmd:
+  - systemctl enable --now firewalld
+  - firewall-cmd --permanent --add-port 9867/tcp
+  - firewall-cmd --reload
+  - dnf install -y https://github.com/brimdata/zui/releases/download/v1.18.0/Zui-1.18.0.x86_64.rpm
+  - mkdir -p /home/zed/.config/Zui/lake /home/zed/.config/Zui/plugins/brimcap/storage/root /home/zed/.config/Zui/logs
+  - chown zed:zed -R /home/zed/.config
+  - find /opt/Zui/resources/app.asar.unpacked/zdeps/suricata -exec chmod go+w {} \;
+  - /opt/Zui/resources/app.asar.unpacked/zdeps/suricata/suricataupdater
+  - systemctl daemon-reload
+  - systemctl enable --now zed-lake.service
+package_reboot_if_required: true