/cj-cloud-init.yml Secret
-
Star
(114)
You must be signed in to star a gist -
Fork
(99)
You must be signed in to fork a gist
-
-
Save w3cj/cdd447b1a10ce741e4ee968fa6b75553 to your computer and use it in GitHub Desktop.
| # This config was written for Ubuntu 22.04 | |
| # If you are using a more recent version, see the comments of this gist for fixes | |
| #cloud-config | |
| users: | |
| - name: cj | |
| ssh_authorized_keys: | |
| - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBlfqermlV44zAU+iTCa5im5O0QWXid6sHqh2Z4L1Cm [email protected]" | |
| sudo: ALL=(ALL:ALL) ALL | |
| groups: sudo | |
| shell: /bin/bash | |
| chpasswd: | |
| expire: true | |
| users: | |
| - name: cj | |
| password: changeme | |
| type: text | |
| runcmd: | |
| - sed -i '/PermitRootLogin/d' /etc/ssh/sshd_config | |
| - echo "PermitRootLogin without-password" >> /etc/ssh/sshd_config | |
| - sed -i '/PubkeyAuthentication/d' /etc/ssh/sshd_config | |
| - echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config | |
| - sed -i '/PasswordAuthentication/d' /etc/ssh/sshd_config | |
| - echo "PasswordAuthentication no" >> /etc/ssh/sshd_config | |
| - systemctl restart sshd | |
| - echo "\$nrconf{kernelhints} = -1;" > /etc/needrestart/conf.d/99disable-prompt.conf | |
| - apt update | |
| - apt upgrade -y --allow-downgrades --allow-remove-essential --allow-change-held-packages | |
| - reboot |
Can someone explain Disable needrestart prompts ? Should we enable again at the end?
Can we use -apt full-upgrade -y as - apt upgrade -y --allow-downgrades --allow-remove-essential --allow-change-held-packages seems risky?
Can someone explain Disable needrestart prompts ? Should we enable again at the end? Can we use -apt full-upgrade -y as - apt upgrade -y --allow-downgrades --allow-remove-essential --allow-change-held-packages seems risky?
disbaling needrestart is perfect for the cloud-init automation, we reboot at the end anyway, so there’s no need to re-enable it here
prompts would only matter for later manual updates, and you can remove this file post-setup if you want them back
as for the apt upgrade yeah, unless cj was fixing some specific issue requiring downgrades or removals, I agree apt full-upgrade -y is a safer bet
i kept getting the error root@[xxx.xxxx.xxx.xxx]: Permission denied (publickey) error in the newest version till i found out that coolify somehow added a key (something like <key>/x coolify) to the authorized_keys key file but didnt write it to a new line, so it was appended after the already existing key. Moving the key to a new line fixed the issue for me
@SebastianArce remember to also add
#cloud-configat top of file. I thought it was just a comment, but without it the whole config didn't work
Thank you x_x that is so dumb I've been struggling for a while because of that simple thing
Hm, not of the provided fixes worked for me :(
Here's a version that worked for me (it has some bigger changes compared to the original):
#cloud-config
users:
- name: yourname
ssh_authorized_keys:
- "<SSH_KEY>"
sudo: ALL=(ALL:ALL) ALL
groups: sudo
shell: /bin/bash
chpasswd:
expire: true
users:
- name: yourname
password: changeme
type: text
write_files:
- path: /etc/ssh/sshd_config.d/99-custom.conf
content: |
PermitRootLogin without-password
PubkeyAuthentication yes
PasswordAuthentication no
runcmd:
- systemctl restart sshd
- echo "\$nrconf{kernelhints} = -1;" > /etc/needrestart/conf.d/99disable-prompt.conf
- apt update
- apt upgrade -y --allow-downgrades --allow-remove-essential --allow-change-held-packages
- reboot
I have also encountered issues with running cloud init on Hetzner Ubuntu 24.04 ARM VPS. Unfortunately, sshd was not aliased so I had to use systemclt restart ssh instead.
Here is a config that ended up working for me
#cloud-config
users:
- name: <username>
ssh_authorized_keys:
- <pub_ssh_key>
sudo: ALL=(ALL:ALL) ALL
groups: sudo
shell: /bin/bash
chpasswd:
expire: true
users:
- name: <username>
password: changeme
type: text
package_update: true
package_upgrade: true
runcmd:
- sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin without-password/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)PubkeyAuthentication/s/^.*$/PubkeyAuthentication yes/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
- systemctl restart ssh
- echo "\$nrconf{kernelhints} = -1;" > /etc/needrestart/conf.d/99disable-prompt.conf
power_state:
delay: 1
timeout: 60
mode: reboot
message: Rebooting after cloud init
@dwatek yes, that was it. Thanks!