jambonz-infrastructure/packer/jambonz-web-server/aws/template.json

{
  "variables": {
    "region": "us-east-1",
    "ssh_username": "admin",
    "ami_description": "jambonz webserver", 
    "instance_type": "t3.xlarge",
    "drachtio_version": "v0.8.24-rc1",
    "jambonz_version": "v0.8.5-rc9",
    "ami_base_image_owner": "136693071363",
    "install_datadog": "no",
    "install_cloudwatch":  "yes",
    "install_telegraf": "yes",
    "distro": "debian-11",
    "leave_source": "no"
  },
  "builders": [{
    "type": "amazon-ebs",
    "region": "{{user `region`}}",
    "source_ami_filter": {
      "filters": {
        "virtualization-type": "hvm",
        "name": "jambonz-base-image-{{user `distro`}}",
        "root-device-type": "ebs"
      },
      "owners": ["376029039784"],
      "most_recent": true
    },
    "instance_type": "{{user `instance_type`}}",
    "ssh_username": "{{user `ssh_username`}}",
    "ami_name": "jambonz-webserver-{{user `jambonz_version`}}-{{user `ami_base_image_arch`}}-{{isotime |clean_resource_name }}",
    "ami_description": "{{user `ami_description`}}",
    "launch_block_device_mappings": [
      {
        "device_name": "/dev/xvda",
        "volume_size": 80,
        "volume_type": "gp2",
        "delete_on_termination": true
      }
    ],
    "tags": {
      "Name": "jambonz-webserver"
    },
    "run_tags": {
      "Name": "jambonz-webserver-build"
    }
  }],
  "provisioners": [
    {
      "type": "shell",
      "inline": [
        "while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for cloud-init...'; sleep 1; done",
        "sudo apt-get update",
        "sudo apt-get remove --auto-remove nftables",
        "sudo apt-get purge nftables",
        "sudo apt-get -y install python gcc g++ make cmake build-essential git autoconf automake default-mysql-client redis-tools \\",
        "curl telnet libtool libtool-bin libssl-dev libcurl4-openssl-dev libz-dev systemd-coredump liblz4-tool \\",
        "libxtables-dev libip6tc-dev libip4tc-dev  libiptc-dev libavformat-dev lsb-release fail2ban \\",
        "nginx python3-certbot-nginx default-libmysqlclient-dev htop dnsutils gdb snapd \\",
        "gnupg2 wget pkg-config ca-certificates libjpeg-dev libsqlite3-dev libpcre3-dev libldns-dev libgoogle-perftools-dev",
        "sudo chmod a+w /usr/local/src",
        "ssh-keyscan github.com >> ~/.ssh/known_hosts",
        "mkdir ~/apps",
        "cd ~/apps",
        "git config --global advice.detachedHead false",
        "git clone https://github.com/jambonz/jambonz-api-server.git -b {{user `jambonz_version`}}",
        "git clone https://github.com/jambonz/jambonz-webapp.git -b {{user `jambonz_version`}}",
        "git clone https://github.com/jambonz/public-apps.git",
        "sudo find / -name authorized_keys | sudo xargs -0 -r rm -Rf"
      ]
    },
    {
      "type": "file",
      "source": "files/",
      "destination": "/tmp"
    },
    {
      "type": "shell",
      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `distro`}}",
      "script": "scripts/install_os_tuning.sh"
    },
    {
      "type": "shell",
      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `install_cloudwatch`}}",
      "script": "scripts/install_cloudwatch.sh"
    },
    {
      "type": "shell",
      "script": "scripts/install_nginx.sh"
    },
    {
      "type": "shell",
      "script": "scripts/install_chrony.sh"
    },
    {
      "type": "shell",
      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `install_telegraf`}}",
      "script": "scripts/install_telegraf.sh"
    },
    {
      "type": "shell",
      "script": "scripts/install_nodejs.sh"
    },
    {
      "type": "shell",
      "script": "scripts/install_fail2ban.sh"
    },
    {
      "type": "shell",
      "execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `jambonz_version`}}",
      "script": "scripts/install_app.sh"
    },
    {
      "type": "shell",
      "inline": [
        "set -e",
        "set -x",
        "echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections",
        "echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections",
        "sudo apt-get -y install iptables-persistent",
        "sudo rm -Rf /tmp/*",
        "sudo rm /root/.ssh/authorized_keys",
        "sudo rm /home/admin/.ssh/authorized_keys",
        "if [ \"{{user `leave_source`}}\" = 'no' ]; then sudo rm -Rf /usr/local/src/*; fi"
      ]
    }
  ]
}