opencode-devbox/deploy/cloud-init.yml

#cloud-config
# cloud-init template for opencode-devbox host VM
# Tested on Debian 13 (Trixie) and Ubuntu 24.04
#
# Usage:
#   - Proxmox: attach this file as cloud-init user-data in VM config
#   - OpenStack: pass as --user-data when creating the instance
#   - Cloud providers: paste into "user data" field
#
# Customize the marked sections before use.

# ── Hostname ─────────────────────────────────────────────────────────
hostname: devbox
manage_etc_hosts: true

# ── User ─────────────────────────────────────────────────────────────
users:
  - name: devbox
    groups: sudo, docker
    shell: /bin/bash
    sudo: ALL=(ALL) NOPASSWD:ALL
    ssh_authorized_keys:
      # CUSTOMIZE: replace with your public SSH key.
      # This is the only SSH key config needed — do NOT use --key-name with
      # openstack server create, as that injects into the image's default
      # user (e.g. debian), not the devbox user defined here.
      - ssh-ed25519 AAAA... your-key-here

# ── Optional: console password ───────────────────────────────────────
# Uncomment to set a password for the devbox user. Only needed for
# emergency access via the OpenStack/Proxmox console (VNC/noVNC).
# SSH key authentication is used for normal access.
#
# chpasswd:
#   expire: false
#   users:
#     - name: devbox
#       password: your-password-here
#       type: text

# ── Locale and timezone ──────────────────────────────────────────────
# en_US.UTF-8 is pre-generated on Debian/Ubuntu and works out of the box.
# To use a different locale (e.g. sv_SE.UTF-8), add it to the runcmd
# section before the locale is applied:
#   - locale-gen sv_SE.UTF-8
# Then change the locale line below to match.
locale: en_US.UTF-8
timezone: Europe/Stockholm

# ── Package installation ─────────────────────────────────────────────
package_update: true
package_upgrade: true
packages:
  - ca-certificates
  - curl
  - gnupg
  - git
  - tmux
  - mosh
  - rsync
  - fzf
  - ripgrep
  - ufw

# ── Commands to run at first boot ────────────────────────────────────
runcmd:
  # Install Docker from official repository
  - install -m 0755 -d /etc/apt/keyrings
  - curl -fsSL https://download.docker.com/linux/$(. /etc/os-release && echo "$ID")/gpg -o /etc/apt/keyrings/docker.asc
  - chmod a+r /etc/apt/keyrings/docker.asc
  - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/$(. /etc/os-release && echo \"$ID\") $(. /etc/os-release && echo \"$VERSION_CODENAME\") stable" > /etc/apt/sources.list.d/docker.list
  - apt-get update
  - apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
  - usermod -aG docker devbox

  # Firewall — skip on OpenStack (use security groups instead)
  - |
    if curl -s --connect-timeout 2 http://169.254.169.254/openstack/ >/dev/null 2>&1; then
      echo "OpenStack detected — skipping ufw (use security groups instead)"
    else
      ufw default deny incoming
      ufw default allow outgoing
      ufw allow ssh
      ufw allow 60000:61000/udp
      ufw --force enable
    fi

  # Disable IPv6 preference for Docker (avoids intermittent Docker Hub connectivity issues)
  - echo 'precedence ::ffff:0:0/96  100' >> /etc/gai.conf

  # Create projects directory for the user
  - mkdir -p /home/devbox/projects
  - chown devbox:devbox /home/devbox/projects

# ── Final message ───────────────────────────────────────────────────
final_message: |
  opencode-devbox host VM ready.

  Next steps:
    1. SSH in:      ssh devbox@<this-host>
    2. Clone your opencode-devbox compose config, or:
       mkdir -p ~/opencode-devbox && cd ~/opencode-devbox
       curl -sL https://gitea.jordbo.se/joakimp/opencode-devbox/raw/branch/main/docker-compose.yml -o docker-compose.yml
       curl -sL https://gitea.jordbo.se/joakimp/opencode-devbox/raw/branch/main/.env.example -o .env
    3. Edit .env with your provider and keys
    4. Edit docker-compose.yml to uncomment optional mounts (e.g. ~/.aws for Bedrock)
    5. docker compose up -d
    6. docker compose exec -u developer devbox opencode

  Cloud-init run completed in $UPTIME seconds.