cloud-init_user-data.txt

#cloud-config
cloud_final_modules:
  - [write-files, always]
  - [package-update-upgrade-install, always]
  - [runcmd, always]
  - [users-groups, always]
  - [scripts-user, always]
users:
  - name: sskalnik
    groups: [ wheel ]
    sudo: [ "ALL=(ALL) NOPASSWD:ALL" ]
    shell: /bin/bash
    ssh-authorized-keys: 
    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCJ9UcEAomb1tQqV6Xz+pcRvRxpsM/BTu47aWJOSD3P6gqGe0oHjolq2zGI6z1+hOe1N1YY/9Whd40JghsFDYIcZiP0F84RXH2jlC9LNCbXrxwhPtSEsWx8zLiGCd6egQbFnSnaNct8YHiRAKYoSreSIY/t1jzElsvqe1UKPnpsmVT9R4mhE1ljic87qqaZZPo3o/p8O1X3WMBwnUcGNqKqpEBIm+IUFZcQKh3N94mM/WBH34/m3CdlTcu5/xe1lSetVi9IpDQ6+n5OYRbH4LczubtoxSTvETL89VigS3aqx7sDPsIO7xh+C9bMMrvZee82ASdCMCZXYvJlxdwIJcI9 devbox
repo_update: true
repo_upgrade: all
packages:
  - python3 # This is the system python3. Install the latest Python from source later, as an "altinstall", not system default. 
  - htop
  - iotop
  - git
  - tmux
  - gpg2
  - colordiff
  - fail2ban # block "background noise" scanners and script kiddies
  - clamd # anti-virus
  - dos2unix
  - jq
  - wget
  - curl
  - unzip
  - nc
  - docker
# Python latest 3.9.1 install from source tarball
  - gcc
  - bzip2-devel
  - libffi-devel
  - openssl-devel
# Live kernel patching
  - binutils
  - yum-plugin-kernel-livepatch
# Build the latest tmux from source
  - libevent-devel
runcmd:
  - systemctl start docker.service
# Install nvm, node, eslint
  - su sskalnik -c 'wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash'
  - su sskalnik -c 'nvm install node'
  - su sskalnik -c 'nvm use node'
  - su sskalnik -c 'nvm install-latest-npm'
  - su sskalnik -c 'npm i --save-dev eslint'
# Lock down SSH: non-standard port 666, no root login, no password login, etc.; SSH2 using key-based auth only!
  - [ sh, -c, echo, '# Added by cloud-init user-data:', '>>', '/etc/ssh/sshd_config' ]
  - grep -q '^Port' /etc/ssh/sshd_config && sed -i 's/^Port.*/Port 666/' /etc/ssh/sshd_config || echo 'Port 666' >> /etc/ssh/sshd_config
  - grep -q '^UsePAM' /etc/ssh/sshd_config && sed -i 's/^UsePAM.*/UsePAM yes/' /etc/ssh/sshd_config || echo 'UsePAM yes' >> /etc/ssh/sshd_config
  - grep -q '^Protocol' /etc/ssh/sshd_config && sed -i 's/^Protocol.*/Protocol 2/' /etc/ssh/sshd_config || echo 'Protocol 2' >> /etc/ssh/sshd_config
  - grep -q '^PrintMotd' /etc/ssh/sshd_config && sed -i 's/^PrintMotd.*/PrintMotd no/' /etc/ssh/sshd_config || echo 'PrintMotd no' >> /etc/ssh/sshd_config
  - grep -q '^PermitRootLogin' /etc/ssh/sshd_config && sed -i 's/^PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config || echo 'PermitRootLogin no' >> /etc/ssh/sshd_config
  - grep -q '^AllowUsers' /etc/ssh/sshd_config && sed -i 's/^AllowUsers.*/AllowUsers sskalnik ec2-user/' /etc/ssh/sshd_config || echo 'AllowUsers sskalnik ec2-user' >> /etc/ssh/sshd_config
  - grep -q '^PasswordAuthentication' /etc/ssh/sshd_config && sed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config || echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config
  - service sshd restart
# Set permissions for SSH
  - chmod 700 /home/sskalnik/.ssh
  - chmod 600 /home/sskalnik/.ssh/authorized_keys
# Take control of $HOME
  - chown sskalnik:sskalnik /home/sskalnik/ -R
# Allow 666 through iptables firewall
  - iptables -A IN_public_allow -p tcp -m tcp --dport 666 -m conntrack --ctstate NEW -j ACCEPT
  - iptables -A INPUT -p tcp -m tcp --dport 666 -m conntrack --ctstate NEW -j ACCEPT
# Python 3.9.1
# Compiling from source can take a long time on a small instance!
  - (cd /opt && wget https://www.python.org/ftp/python/3.9.1/Python-3.9.1.tgz && tar xzf Python-3.9.1.tgz && cd Python-3.9.1 && ./configure --enable-optimizations && make && make altinstall && rm -f /opt/Python-3.9.1.tgz)
# Install the best vim color scheme
  - wget https://raw.githubusercontent.com/vim-scripts/vibrantink/master/colors/vibrantink.vim -O /usr/share/vim/vimfiles/colors/vibrantink.vim
# Terraform syntax for vim
  - git clone https://github.com/hashivim/vim-terraform.git /home/sskalnik/.vim/pack/plugins/start/vim-terraform
  - find /home/sskalnik/.vim/pack/plugins/start/vim-terraform/ -type f -print0 | xargs -0 dos2unix
# Install requirements for RVM
  - yum install -y gcc openssl-devel libyaml-devel libffi-devel readline-devel zlib-devel gdbm-devel ncurses-devel ruby-devel gcc-c++ jq patch autoconf automake bison libtool patch sqlite-devel
  - su sskalnik -c 'curl -sSL https://rvm.io/mpapis.asc | gpg2 --import -'
  - su sskalnik -c 'curl -sSL https://rvm.io/pkuczynski.asc | gpg2 --import -'
# This can take a while to install RVM and a stable Ruby
  - su sskalnik -c '\curl -sSL https://get.rvm.io | bash -s stable --ruby && echo "source $HOME/.rvm/scripts/rvm" >> ~/.bash_profile'
# This can take a long time to compile the latest Ruby on a small instance!
# - su sskalnik -c 'rvm install ruby-head'
# Install pip3 to user directory
  - su sskalnik -c 'python3.9 -m pip install --upgrade pip --user'
# https://www.activestate.com/blog/why-pipenv-venv/
  - su sskalnik -c 'python3.9 -m pip install --upgrade pipenv --user'
# Install EPEL
  - yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# Install EPEL package 'sl'
  - yum install -y sl
# Install Terraform and download updater script
  - mkdir /home/sskalnik/bin
  - wget https://raw.githubusercontent.com/sskalnik/tf-updater/master/get-latest-terraform.sh -O /home/sskalnik/bin/get-latest-terraform.sh
  - chmod +x /home/sskalnik/bin/get-latest-terraform.sh
  - /home/sskalnik/bin/get-latest-terraform.sh
# https://github.com/tfsec/tfsec
  - curl -sL "$(curl -Ls https://api.github.com/repos/liamg/tfsec/releases/latest | grep -o -E "https://.+?linux-amd64")" -o /usr/local/bin/tfsec
  - chmod +x /usr/local/bin/tfsec
# https://github.com/terraform-linters/tflint
  - curl -sL "$(curl -Ls https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" -o tflint.zip
  - unzip tflint.zip && rm tflint.zip && mv tflint /usr/local/bin/tflint
  - chmod +x /usr/local/bin/tflint
# Live kernel patching
  - yum kernel-livepatch enable -y
  - yum update kpatch-runtime
  - amazon-linux-extras enable livepatch
# Build the latest tmux from source, and install tmux-plugins, and finally install the tmux-resurrect plugin
  - (cd /tmp && git clone https://github.com/tmux/tmux.git && cd ./tmux && dos2unix ./* && sh autogen.sh && ./configure && make && make install)
  - su sskalnik -c 'git clone https://github.com/tmux-plugins/tpm ~/.tmux/plugins/tpm'
write_files:
  - path: /home/sskalnik/.ssh/config
    owner: sskalnik:sskalnik
    permissions: 0600
    content: |
      Host github.com
        Hostname github.com
        IdentityFile ~/.ssh/sskalnik_github
        User git
        IdentitiesOnly yes
        Port 22

      Host bitbucket.org
        Hostname bitbucket.org
        IdentityFile ~/.ssh/sskalnik_bitbucket
        User git
        IdentitiesOnly yes
        Port 22
        
      Host gitlab.com
        Hostname gitlab.com
        IdentityFile ~/.ssh/sskalnik_bitbucket
        User git
        IdentitiesOnly yes
        Port 22

      Host visualstudio.com
        IdentityFile ~/.ssh/sskalnik_microshit
        IdentitiesOnly yes

      Host ssh.dev.azure.com
        IdentityFile ~/.ssh/sskalnik_microshit
        IdentitiesOnly yes

      Host *
        ForwardAgent no
        IdentitiesOnly yes
  - path: /home/sskalnik/.ssh/rc
    owner: sskalnik:sskalnik
    permissions: 0600
    content: |
      #!/bin/bash
      if [ -S "$SSH_AUTH_SOCK" ]; then
        ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
      fi
  - path: /home/sskalnik/.tmux.conf
    owner: sskalnik:sskalnik
    permissions: 0600
    content: |
      bind j resize-pane -D 10
      bind k resize-pane -U 10
      bind l resize-pane -L 10
      bind h resize-pane -R 10
      # List of plugins
      set -g @plugin 'tmux-plugins/tpm'
      set -g @plugin 'tmux-plugins/tmux-sensible'
      set -g @plugin 'tmux-plugins/tmux-resurrect'
  - path: /home/sskalnik/.vimrc
    owner: sskalnik:sskalnik
    permissions: 0600
    content: |
      colorscheme vibrantink
      set t_Co=256
      cmap w!! %!sudo tee > /dev/null %
      cmap p!! :set paste
      cmap np!! :set nopaste
      set autoindent
      set cindent
      set tabstop=2
      set shiftwidth=2
      set expandtab
      set foldmethod=indent
      set foldlevel=99
      syntax on
      filetype on
      filetype plugin indent on
      map <c-j> <c-w>j
      map <c-k> <c-w>k
      map <c-l> <c-w>l
      map <c-h> <c-w>h
      set mouse=
      set ttymouse=
      "This unsets the "last search pattern" register by hitting return
      nnoremap <silent> <CR> :nohlsearch <CR>
  - path: /home/sskalnik/.gitconfig
    owner: sskalnik:sskalnik
    permissions: 0600
    content: |
      [user]
        name = Shelby Skalnik
        email = sskalnik@rackspace.com
      [core]
        autocrlf = true
        safecrlf = false
        editor = vim
        whitespace = cr-at-eol
      [alias]
        co = checkout
        ci = commit
        st = status
        br = branch
        hist = log --pretty=format:\"%h %ad | %s%d [%an]\" --graph --date=short --color --decorate --all
        type = cat-file -t
        dump = cat-file -p
        tree = log --oneline --decorate --all --graph --color
        pretty = log --pretty=format:'%C(yellow)%h %C(magenta)%ad %C(cyan)%an %C(auto)%d %Creset%s' --date=short --decorate --all --graph --color
        dog = log --color --pretty=format:"%h%x09%an%x09%ad%x09%s"
        d = difftool
      [color]
        diff = auto
        status = auto
        branch = auto
        interactive = auto
        ui = true
        pager = true
      [rerere]
        enabled = 1
      [diff]
        tool = vimdiff
      [difftool]
        prompt = false
      [credential]
        helper = cache --timeout=600
  - path: /home/sskalnik/.bash_aliases
    owner: sskalnik:sskalnik
    permissions: 0600
    content: |
      alias rm='rm -i'
      alias emacs='vim'
      alias diff='colordiff'
      alias lc='ls -Chal'
      alias lh='ls -hl'
      alias lt='ls -halt'
      alias lr='ls -haltr'
      alias mount='mount | column -t'
      alias pscpu='ps auxf | sort -nr -k 3'
      alias wtf='ps auxf | sort -nr -k 3 | head -10 && ps auxf | sort -nr -k 4 | head -10'
      alias pyclean='find . | grep -E "(__pycache__|\.pyc|\.pyo$)" | xargs rm -rf'
      alias tputcols=$'printf \'%*s\n\' "${COLUMNS:-$(tput cols)}" \'\' | tr \' \' -'
      # Yum
      alias yeet='yum remove'
      alias yoink='yum install'
      alias yup='yum check-update && yum update'
      alias yep='yum --enablerepo=epel install'
      # iptables
      alias lsacl='sudo /sbin/iptables -L -n -v --line-numbers'
      alias aclin='sudo /sbin/iptables -L INPUT -n -v --line-numbers'
      alias aclout='sudo /sbin/iptables -L OUTPUT -n -v --line-numbers'
      alias aclfwd='sudo /sbin/iptables -L FORWARD -n -v --line-numbers'
      # Git status / log
      alias gats='git status'
      alias gog='git log'
      alias gag='git dag | head'
      alias gitt='git log --oneline --decorate --all --graph --color'
      alias gg='git pretty | head'
      alias ggg='git pretty | head -n 40'
      alias gggg='git pretty'
      alias what=$'gats && gg && printf \'\n\''
      # Git commands
      alias gitm='git commit -m'
      alias gita='git commit -add .'
      alias gitam='git add -A && git commit -m'
      alias gcob='git checkout -b'
      alias glist='git stash list'
      alias getch='git fetch'
      alias gall='git fetch --all'
      alias geads='git log --oneline --decorate --all --graph --color --simplify-by-decoration'
      alias branches='git branch -vv'
      alias gainline='git co mainline && git pull && git co -'
      alias mygit='git config user.name "Shelby Skalnik" && git config user.email "sskalnik@sskalnik.com"'
      alias gnuke='git reset --hard && git clean -df'
      alias gamend='git add -A && git commit --amend'
  - path: /home/sskalnik/.bashrc
    owner: sskalnik:sskalnik
    permissions: 0600
    content: |
      # If not running interactively, don't do anything
      case $- in
          *i*) ;;
            *) return;;
      esac

      # don't put duplicate lines or lines starting with space in the history.
      # See bash(1) for more options
      HISTCONTROL=ignoreboth

      # append to the history file, don't overwrite it
      shopt -s histappend

      # for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
      HISTSIZE=1000000
      HISTFILESIZE=2000000

      # check the window size after each command and, if necessary,
      # update the values of LINES and COLUMNS.
      shopt -s checkwinsize

      force_color_prompt=yes

      # [sskalnik@ip-172-31-39-86:/tmp]$
      export PS1="\[\e[32m\][\[\e[m\]\[\e[36m\]\u\[\e[m\]\[\e[33m\]@\[\e[m\]\[\e[35m\]\h\[\e[m\]:\[\e[1;34m\]\w\[\e[m\]\[\e[32m\]]\[\e[m\]\[\e[32m\]\\$\[\e[m\] "

      # enable color support of ls and also add handy aliases
      if [ -x /usr/bin/dircolors ]; then
          test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
          alias ls='ls --color=auto'
          alias dir='dir --color=auto'
          alias vdir='vdir --color=auto'

          alias grep='grep --color=auto'
          alias fgrep='fgrep --color=auto'
          alias egrep='egrep --color=auto'
      fi

      # Alias definitions.
      if [ -f ~/.bash_aliases ]; then
          . ~/.bash_aliases
      fi

      # enable programmable completion features (you don't need to enable
      # this, if it's already enabled in /etc/bash.bashrc and /etc/profile
      # sources /etc/bash.bashrc).
      if ! shopt -oq posix; then
        if [ -f /usr/share/bash-completion/bash_completion ]; then
          . /usr/share/bash-completion/bash_completion
        elif [ -f /etc/bash_completion ]; then
          . /etc/bash_completion
        fi
      fi

      # vim with colors
      export TERM="xterm-256color"
      export VISUAL="vim"
      export EDITOR="vim"

      # retain history across terminal sessions
      shopt -s histverify
      shopt -s histreedit
      export HISTCONTROL=ignoredups:erasedups
      export PROMPT_COMMAND="history -a; $PROMPT_COMMAND"

      export PYTHONSTARTUP="~/.pythonrc"

      # Add RVM to PATH for scripting. Make sure this is the last PATH variable change.
      # Also add user-scoped NPM and binaries for AWS and Bitbucket, etc.
      export PATH="$HOME/bin:$HOME/.local/bin:$HOME/.npm-global/bin:$PATH:$HOME/.rvm/bin"
      
      [[ -f ~/.tmux_ssh ]] && . ~/.tmux_ssh	

      # https://stackoverflow.com/questions/52540121/make-pipenv-create-the-virtualenv-in-the-same-folder	
      export PIPENV_VENV_IN_PROJECT="enabled"	

      export NVM_DIR="$HOME/.nvm"	
      [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm	
      [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
      
      # https://bugs.launchpad.net/ubuntu/+source/libsecret/+bug/1420914
      if test -z "$DBUS_SESSION_BUS_ADDRESS" ; then
        eval `dbus-launch --sh-syntax`
      fi