From ad009783012ef5d4d03ef34de18f9b03958f2e95 Mon Sep 17 00:00:00 2001
From: lukeify <5379845+lukeify@users.noreply.github.com>
Date: Sat, 3 Feb 2024 12:12:56 +1300
Subject: [PATCH 1/5] devops: initial cloud-config.yaml

---
 .github/workflows/actions.yaml | 13 +++++++++++++
 cloud-config.yaml              | 20 ++++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 .github/workflows/actions.yaml
 create mode 100644 cloud-config.yaml

diff --git a/.github/workflows/actions.yaml b/.github/workflows/actions.yaml
new file mode 100644
index 0000000..9477792
--- /dev/null
+++ b/.github/workflows/actions.yaml
@@ -0,0 +1,13 @@
+name: Formatting & linting
+on: pull_request
+permissions:
+  contents: read
+jobs:
+  cloud-init:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        # We don't need to install cloud-init as it's already available.
+      - name: Lint cloud-init
+        run: sudo cloud-init schema -c cloud-config.yaml --annotate
\ No newline at end of file
diff --git a/cloud-config.yaml b/cloud-config.yaml
new file mode 100644
index 0000000..00bfeb2
--- /dev/null
+++ b/cloud-config.yaml
@@ -0,0 +1,20 @@
+#cloud-config
+# vim: syntax=yaml
+
+# Arrive at a maximally up-to-date system state
+package_update: true
+package_upgrade: true
+package_reboot_if_required: true
+
+# Install the following packages on first boot.
+packages:
+  - nginx
+
+timezone: Etc/UTC
+
+runcmd:
+  # https://www.linode.com/docs/guides/manage-users-with-cloud-init/#disable-root-user
+  - sed -i '/PermitRootLogin/d' /etc/ssh/sshd_config
+  - echo "PermitRootLogin no" >> /etc/ssh/sshd_config true
+  - systemctl restart sshd
+

From ea0652ed2e763fe9dbef975c08b35e4a919dd2ed Mon Sep 17 00:00:00 2001
From: lukeify <5379845+lukeify@users.noreply.github.com>
Date: Mon, 5 Feb 2024 22:20:58 +1300
Subject: [PATCH 2/5] =?UTF-8?q?chore:=20rename=20actions.yaml=20=E2=86=92?=
 =?UTF-8?q?=20lint.yaml?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/{actions.yaml => lint.yaml} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .github/workflows/{actions.yaml => lint.yaml} (100%)

diff --git a/.github/workflows/actions.yaml b/.github/workflows/lint.yaml
similarity index 100%
rename from .github/workflows/actions.yaml
rename to .github/workflows/lint.yaml

From 85824fe71049de31e7baf426d86fc146e4029eb2 Mon Sep 17 00:00:00 2001
From: lukeify <5379845+lukeify@users.noreply.github.com>
Date: Mon, 5 Feb 2024 22:43:35 +1300
Subject: [PATCH 3/5] chore: cloud-config.yaml groups & users

---
 cloud-config.yaml | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/cloud-config.yaml b/cloud-config.yaml
index 00bfeb2..fa4f4fc 100644
--- a/cloud-config.yaml
+++ b/cloud-config.yaml
@@ -12,9 +12,22 @@ packages:
 
 timezone: Etc/UTC
 
+groups:
+  - cloud-users
+
+users:
+  - name: luke
+    gecos: Luke
+    shell: /bin/bash
+    groups: [sudo, admin, cloud-users]
+    # Disable password login.
+    lock_passwd: true
+    chpasswd: { expire: true }
+    ssh_authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE46x4l8eJC7MOkf0n0GIe0HR37l8SDLgfKtJSrWGuf9 LukesEd22519SSHKey
+
 runcmd:
   # https://www.linode.com/docs/guides/manage-users-with-cloud-init/#disable-root-user
   - sed -i '/PermitRootLogin/d' /etc/ssh/sshd_config
-  - echo "PermitRootLogin no" >> /etc/ssh/sshd_config true
-  - systemctl restart sshd
-
+  - echo "PermitRootLogin no" >> /etc/ssh/sshd_config
+  - systemctl restart sshd
\ No newline at end of file

From 7b6bf9525d366dac851da95bfd7705cda5384124 Mon Sep 17 00:00:00 2001
From: lukeify <5379845+lukeify@users.noreply.github.com>
Date: Mon, 5 Feb 2024 22:43:50 +1300
Subject: [PATCH 4/5] chore: initial nginx.conf

---
 nginx.conf | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 nginx.conf

diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..8e5fbad
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,9 @@
+server {
+        listen 80;
+        server_name luke.kiwi;
+        root /wwwroot/website;
+
+        location / {
+                index index.html;
+        }
+}
\ No newline at end of file

From f56e7104f3426d23333ae3b7ec67cb98557997fc Mon Sep 17 00:00:00 2001
From: lukeify <5379845+lukeify@users.noreply.github.com>
Date: Mon, 5 Feb 2024 22:56:26 +1300
Subject: [PATCH 5/5] docs: README.md

---
 README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..7c748d9
--- /dev/null
+++ b/README.md
@@ -0,0 +1,11 @@
+# Website
+
+## `cloud-init`
+
+`cloud-config.yaml` declares the configuration to initialize a compute instance on DigitalOcean via `cloud-init`, performing the following operations:
+
+* Updating `apt`, installing `nginx`.
+* Creating `luke` user.
+* Standard server hardening (disabling `ssh` for `root`, etc).
+
+This configuration is then linted via GitHub Actions.
\ No newline at end of file