forked from Wikidepia/crawlingathome-worker
-
Notifications
You must be signed in to change notification settings - Fork 5
/
cloud-config.yaml
84 lines (84 loc) · 3.69 KB
/
cloud-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#cloud-config
users:
- default
- name: crawl
groups: users, adm
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
ssh_authorized_keys:
- <<your_ssh_public_key>>
package_update: true
package_upgrade: true
packages:
- zip
- python3
- python3-pip
- git
- build-essential
- libssl-dev
- libffi-dev
- python3-dev
- libwebp-dev
- libjpeg-dev
- libtinfo5
runcmd:
- [ ls, -l, / ]
- [ sh, -xc, "echo $(date) ': hello crawl!'" ]
- [ sh, -c, echo "=========hello crawl'=========" ]
- ls -l /root
# make swap file so tensorflow and pytorch can install
- fallocate -l 5G /swapfile
- chmod 600 /swapfile
- mkswap /swapfile
- swapon /swapfile
- cp /etc/fstab /etc/fstab.bak
- 'echo "/swapfile none swap sw 0 0" | tee -a /etc/fstab'
- sysctl vm.swappiness=75
- 'echo "vm.swappiness=75" | tee -a /etc/sysctl.conf'
# take care of max open files
- echo "* soft nproc 65535 " >> /etc/security/limits.conf
- echo "* hard nproc 65535 " >> /etc/security/limits.conf
- echo "* soft nofile 65535" >> /etc/security/limits.conf
- echo "* hard nofile 65535" >> /etc/security/limits.conf
- echo "root soft nproc 65535 " >> /etc/security/limits.conf
- echo "root hard nproc 65535 " >> /etc/security/limits.conf
- echo "root soft nofile 65535" >> /etc/security/limits.conf
- echo "root hard nofile 65535" >> /etc/security/limits.conf
- echo "session required pam_limits.so" >> /etc/pam.d/common-session
- echo "fs.file-max = 2097152" >> /etc/sysctl.conf
# secure ssh
- sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
- sed -i '$a AllowUsers crawl' /etc/ssh/sshd_config
# install the script
- cd /home/crawl
- wget https://raw.githubusercontent.com/ARKseal/crawlingathome-worker/master/setup/setup_hybrid.sh
- bash setup.sh
# make the script run as a service at startup
- echo "[Unit]" >> /etc/systemd/system/crawl.service
- echo "After=network.service" >> /etc/systemd/system/crawl.service
- echo "Description=Crawling @ Home" >> /etc/systemd/system/crawl.service
- echo "[Service]" >> /etc/systemd/system/crawl.service
- echo "Type=simple" >> /etc/systemd/system/crawl.service
- echo "LimitNOFILE=2097152" >> /etc/systemd/system/crawl.service
- echo "PYTHONHASHSEED=0" >> /etc/systemd/system/crawl.service
- echo "WorkingDirectory=/home/crawl" >> /etc/systemd/system/crawl.service
- echo "ExecStart=/home/crawl/crawl.sh" >> /etc/systemd/system/crawl.service
- echo "User=crawl" >> /etc/systemd/system/crawl.service
- echo "[Install]" >> /etc/systemd/system/crawl.service
- echo "WantedBy=multi-user.target" >> /etc/systemd/system/crawl.service
- chmod 664 /etc/systemd/system/crawl.service
- systemctl daemon-reload
- systemctl enable crawl.service
- echo "#!/bin/bash" >> /home/crawl/crawl.sh
- echo ". venv/bin/activate" >> /home/crawl/crawl.sh
- echo "export PYTHONHASHCODE=0 && python3 -u /home/crawl/crawlingathome.py >> /home/crawl/crawl.log 2>&1" >> /home/crawl/crawl.sh
- chmod 744 /home/crawl/crawl.sh
- chown crawl:adm -R /home/crawl/
- reboot
final_message: "The system is finally up, after $UPTIME seconds"