diff --git a/.vitepress/config.mts b/.vitepress/config.mts index 73d9c71..1e8e1b5 100644 --- a/.vitepress/config.mts +++ b/.vitepress/config.mts @@ -36,7 +36,7 @@ export default defineConfig({ { text: 'Google Sign in without Identity', link: '/dotnet/google-sign-in-without-identity' }, { text: 'Service Testing', link: '/dotnet/service-testing' }, { text: 'Controller Testing', link: '/dotnet/controller-testing' }, - { text: 'API Key Authentication', link: '/dotnet/api-key-auth'} + { text: 'API Key Authentication', link: '/dotnet/api-key-auth' } ] }, { @@ -147,6 +147,7 @@ export default defineConfig({ link: '/opentofu/', collapsed: true, items: [ + { text: 'Digital Ocean Droplet Creation', link: '/opentofu/digital-ocean-droplet-non-root-user' }, { text: 'Encrypted State', link: '/opentofu/encrypted-state' }, ] }, diff --git a/docs/opentofu/digital-ocean-droplet-non-root-user.md b/docs/opentofu/digital-ocean-droplet-non-root-user.md new file mode 100644 index 0000000..f010562 --- /dev/null +++ b/docs/opentofu/digital-ocean-droplet-non-root-user.md @@ -0,0 +1,27 @@ +# Digital Ocean Droplet Non Root User + +Digital Ocean droplets usually have a default user which is root, which is not ideal for security reasons. The following userdata script can be used to create a non-root user and set up SSH access for that user. This is typically used when creating a droplet with Terraform or any other infrastructure as code tool that supports user data. + +```tf +data "digitalocean_ssh_key" "default" { + name = "my-ssh-key" +} + +resource "digitalocean_droplet" "example" { + # ... other droplet configuration ... + + user_data = <<-EOF + #cloud-config + users: + - name: reach + groups: sudo + shell: /bin/bash + sudo: ALL=(ALL) NOPASSWD:ALL + ssh-authorized-keys: + - ${data.digitalocean_ssh_key.default.public_key} + + disable_root: true + package_update: true + package_upgrade: true + EOF +} \ No newline at end of file