#cloud-config packages: - zip - unzip - wget - curl - tomcat8 - tomcat8-common - tomcat8-admin - tomcat8-user - postgresql-10 - openjdk-8-jdk-headless - nginx - software-properties-common write_files: - path: /root/aggregate-config.json content: | { "home": "/root", "jdbc": { "host": "127.0.0.1", "port": 5432, "db": "aggregate", "schema": "aggregate", "user": "aggregate", "password": "aggregate" }, "security": { "hostname": "foo.bar", "forceHttpsLinks": true, "port": 80, "securePort": 443, "checkHostnames": false }, "tomcat": { "uid": "tomcat8", "gid": "tomcat8", "webappsPath": "/var/lib/tomcat8/webapps" } } - path: /tmp/nginx-aggregate content: | server { client_max_body_size 100m; server_name foo.bar; location / { proxy_pass http://127.0.0.1:8080; } } - path: /usr/local/bin/download-aggregate-cli permissions: '0755' content: | #!/bin/sh curl -sSL https://api.github.com/repos/getodk/aggregate-cli/releases/latest \ | grep "aggregate-cli.zip" \ | cut -d: -f 2,3 \ | tr -d \" \ | wget -O /tmp/aggregate-cli.zip -qi - unzip /tmp/aggregate-cli.zip -d /usr/local/bin chmod +x /usr/local/bin/aggregate-cli runcmd: - download-aggregate-cli - apt-get -y autoremove - rm /etc/nginx/sites-enabled/default - mv /tmp/nginx-aggregate /etc/nginx/sites-enabled/aggregate - add-apt-repository -y universe - add-apt-repository -y ppa:certbot/certbot - apt-get -y update - apt-get -y install python-certbot-nginx - (crontab -l 2>/dev/null; echo "0 0 1 * * /usr/bin/certbot renew > /var/log/letsencrypt/letsencrypt.log") | crontab - - su - postgres -c "psql -c \"CREATE ROLE aggregate WITH LOGIN PASSWORD 'aggregate'\"" - su - postgres -c "psql -c \"CREATE DATABASE aggregate WITH OWNER aggregate\"" - su - postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE aggregate TO aggregate\"" - su - postgres -c "psql -c \"CREATE SCHEMA aggregate\" aggregate" - su - postgres -c "psql -c \"ALTER SCHEMA aggregate OWNER TO aggregate\" aggregate" - su - postgres -c "psql -c \"GRANT ALL PRIVILEGES ON SCHEMA aggregate TO aggregate\" aggregate" - curl -H Metadata:true "http://169.254.169.254/metadata/instance/compute/tags?api-version=2017-08-01&format=text" | awk -F':' '{print $2}' > /tmp/domain-name - sed -i -e 's/foo\.bar/'"$(cat /tmp/domain-name)"'/' /root/aggregate-config.json - sed -i -e 's/foo\.bar/'"$(cat /tmp/domain-name)"'/' /etc/nginx/sites-enabled/aggregate - aggregate-cli -i -y -c /root/aggregate-config.json - service nginx restart