#cloud-config

# Dynamic DNS server for instances.
# Makes <instance-id>.instance.encodedcc.org and <name>.instance.encodedcc.org resolve.
# Run on a t2.micro instance with Ubuntu 14.04.
# Security group: ssh-dns.
# IAM role: demo-dns-server.

# $ aws ec2 run-instances --user-data file://instance-dns.yml --security-groups "ssh-dns" --iam-instance-profile Name="demo-dns-server" --image-id ami-5189a661 --instance-type t2.micro --region us-west-2

# Associate elastic-ip address for instance.encodedcc.org NS record.
# $ aws ec2 associate-address --public-ip 52.25.250.155 --region us-west-2 --instance-id i-xxxx


bootcmd:
- cloud-init-per once ssh-users-ca echo "TrustedUserCAKeys /etc/ssh/users_ca.pub" >> /etc/ssh/sshd_config

runcmd:
- set -e
- sudo -u ubuntu GOPATH=/home/ubuntu/gobuild go get github.com/ConradIrwin/aws-name-server
- cp /home/ubuntu/gobuild/bin/aws-name-server /usr/local/bin/
- setcap cap_net_bind_service=+ep /usr/local/bin/aws-name-server
- initctl start aws-name-server

output:
  all: '| tee -a /var/log/cloud-init-output.log'

package_upgrade: true

packages:
- golang
- git
- ntp
- unattended-upgrades
- update-notifier-common

power_state:
  mode: reboot

write_files:
- path: /etc/apt/apt.conf.d/20auto-upgrades
  content: |
    APT::Periodic::Update-Package-Lists "1";
    APT::Periodic::Unattended-Upgrade "1";

- path: /etc/apt/apt.conf.d/50unattended-upgrades
  content: |
    Unattended-Upgrade::Allowed-Origins {
        "${distro_id} ${distro_codename}-security";
    };
    Unattended-Upgrade::Automatic-Reboot "true";

- path: /etc/init/aws-name-server.conf
  content: |
    # upstart script for aws-name-server
    description "AWS Name Server"
    start on filesystem or runlevel [2345]
    stop on runlevel [!2345]
    respawn
    respawn limit 10 5
    setuid nobody
    setgid nogroup
    exec /usr/local/bin/aws-name-server --aws-region us-west-2 --domain instance.encodedcc.org

- path: /etc/ssh/users_ca.pub
  content: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAv/ymOcnN4LhM4NACc3Or116XXJ6KytuOgB/+1qNkOFBqBosrn7cmJ35rsoNHRgYNrCsRE9ch74RKsN6H72FtSJgBhGh/9oUK7Os6Fqt3/ZZXxgxIx6ubs/MTgrxrAnujiBxUXMXQhLKMriNMpo8mt4nGYVtLk9PBjiyfncaS8H9ZKoNio9dhP8bmTuYvioAI35dqKdSlVLyzr/XkZxia8Ki+pQ0N6uuiEwMR3ToM+LSp8wpFOOAiu4PEAujRW7us/+1hlpKWfn0J7/V3826joHE+I967Vg/+ikcVhF77JjK1nib879VgCWfmn1HPQosIpk4yJfVgGvRVI7I2nfBPVw== encoded@demo-l.encodedcc.org