innisfree 0.4.1

Exposes local services on public IPv4 address, via cloud server.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

#cloud-config
users:
  - name: innisfree
    groups:
      - users
      - sudo
    sudo: "ALL=(ALL) NOPASSWD:ALL"
    shell: /bin/bash
    ssh_authorized_keys: []

# Temporarily disabling updates during development,
# since it adds a few minutes to boot time.
package_update: true
package_upgrade: false

ssh_keys:
    ed25519_public: ""
    ed25519_private: ""

write_files:
- content: |
    user www-data www-data;
    worker_processes auto;
    pid /var/run/nginx.pid;
    worker_rlimit_nofile 1024;
    include /etc/nginx/modules-enabled/*.conf;
    events {
        worker_connections 512;
    }
    http {
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        server_tokens off;
        access_log "/var/log/nginx/access.log";
        error_log "/var/log/nginx/error.log" error;

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
    }
    stream {
        tcp_nodelay on;
        include /etc/nginx/conf.d/stream/*.conf;
    }

  owner: root:root
  path: /etc/nginx/nginx.conf
  permissions: '0644'
  # Deferred: written in modules-final, after `nginx` is installed and
  # configured. Without this, the nginx package's postinst runs `nginx -t`
  # against our config, fails on the `stream` directive (because
  # libnginx-mod-stream hasn't been configured yet), and dpkg deadlocks
  # both packages in the unconfigured state.
  defer: true

- content: ""
  owner: root:root
  path: /etc/nginx/sites-enabled/default
  permissions: '0644'

- content: ""
  owner: root:root
  path: /etc/nginx/sites-available/default
  permissions: '0644'

- content: |
    Unattended-Upgrade::Allowed-Origins {
      "*:*"
    };

  owner: root:root
  path: /etc/apt/apt.conf.d/51unattended-upgrades
  permissions: '0644'

packages:
  - nginx
  # The `stream` directive in nginx.conf needs the stream module, which on
  # Debian 12+ is shipped as a separate package and is not pulled in by
  # `nginx` / `nginx-core`. Without this, nginx fails to start with
  # `unknown directive "stream"`.
  - libnginx-mod-stream
  - sudo
  # - unattended-upgrades
  - wireguard
  - wireguard-tools

# Runs after package install and after `defer: true` write_files have landed,
# so by this point /etc/nginx/nginx.conf has the stream block and
# libnginx-mod-stream's load_module drop-in is in /etc/nginx/modules-enabled/.
# nginx is already running with the package's default config — restart it
# to pick up ours. Validate first so a config error doesn't hard-fail
# cloud-init silently.
runcmd:
  - nginx -t && systemctl restart nginx