#cloud-config
users:
  - name: innisfree
    groups:
      - users
      - sudo
    sudo: "ALL=(ALL) NOPASSWD:ALL"
    shell: /bin/bash
    ssh_authorized_keys: []

# Temporarily disabling updates during development,
# since it adds a few minutes to boot time.
package_update: false
package_upgrade: false

ssh_keys:
    ed25519_public: ""
    ed25519_private: ""

write_files:
- content: |
    user www-data www-data;
    worker_processes auto;
    pid /var/run/nginx.pid;
    worker_rlimit_nofile 1024;
    include /etc/nginx/modules-enabled/*.conf;
    events {
        worker_connections 512;
    }
    http {
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        server_tokens off;
        access_log "/var/log/nginx/access.log";
        error_log "/var/log/nginx/error.log" error;

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
    }
    stream {
        tcp_nodelay on;
        include /etc/nginx/conf.d/stream/*.conf;
    }

  owner: root:root
  path: /etc/nginx/nginx.conf
  permissions: '0644'

- content: ""
  owner: root:root
  path: /etc/nginx/sites-enabled/default
  permissions: '0644'

- content: ""
  owner: root:root
  path: /etc/nginx/sites-available/default
  permissions: '0644'

- content: |
    Unattended-Upgrade::Allowed-Origins {
      "*:*"
    };

  owner: root:root
  path: /etc/apt/apt.conf.d/51unattended-upgrades
  permissions: '0644'

packages:
  - nginx
  - sudo
  - unattended-upgrades
  - wireguard
  - wireguard-tools