You've already forked Projects
64 lines
2.2 KiB
YAML
64 lines
2.2 KiB
YAML
#cloud-config
|
|
users:
|
|
- name: zed
|
|
lock_passwd: false
|
|
passwd: your-hashed-passwd # openssl passwd -6 can create a hashed password
|
|
ssh_authorized_keys:
|
|
- your-ssh-PUBLIC-KEY
|
|
shell: /bin/bash
|
|
groups: wheel
|
|
sudo: ['ALL=(ALL) NOPASSWD: ALL'] # optional, make sure to secure access to the instance/VM
|
|
write_files:
|
|
- path: /etc/ssh/sshd_config
|
|
content: |
|
|
Protocol 2
|
|
HostKey /etc/ssh/ssh_host_rsa_key
|
|
HostKey /etc/ssh/ssh_host_dsa_key
|
|
HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
SyslogFacility AUTH
|
|
LogLevel INFO
|
|
LoginGraceTime 120
|
|
PasswordAuthentication no
|
|
PermitRootLogin no
|
|
StrictModes yes
|
|
PubkeyAuthentication yes
|
|
IgnoreRhosts yes
|
|
HostbasedAuthentication no
|
|
PermitEmptyPasswords no
|
|
ChallengeResponseAuthentication no
|
|
PrintLastLog yes
|
|
TCPKeepAlive yes
|
|
AcceptEnv LANG LC_*
|
|
UsePAM yes
|
|
- path: /usr/lib/systemd/system/zed-lake.service
|
|
content: |
|
|
[Unit]
|
|
Description=Zed Lake Service
|
|
After=network.target
|
|
|
|
[Service]
|
|
ExecStart=/opt/Zui/resources/app.asar.unpacked/zdeps/zed serve -l :9867 -lake /home/zed/.config/Zui/lake -log.level=info -log.filemode=rotate -log.path=/home/zed/.config/Zui/logs/zlake.log
|
|
Restart=always
|
|
User=zed
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
package_update: true
|
|
package_upgrade: true
|
|
packages:
|
|
- vim
|
|
- firewalld
|
|
runcmd:
|
|
- systemctl enable --now firewalld
|
|
- firewall-cmd --permanent --add-port 9867/tcp
|
|
- firewall-cmd --reload
|
|
- dnf install -y https://github.com/brimdata/zui/releases/download/v1.18.0/Zui-1.18.0.x86_64.rpm
|
|
- mkdir -p /home/zed/.config/Zui/lake /home/zed/.config/Zui/plugins/brimcap/storage/root /home/zed/.config/Zui/logs
|
|
- chown zed:zed -R /home/zed/.config
|
|
- find /opt/Zui/resources/app.asar.unpacked/zdeps/suricata -exec chmod go+w {} \;
|
|
- /opt/Zui/resources/app.asar.unpacked/zdeps/suricata/suricataupdater
|
|
- systemctl daemon-reload
|
|
- systemctl enable --now zed-lake.service
|
|
package_reboot_if_required: true
|