From c308044fa20c0c50f47dab75f7b749471ff0accf Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Sun, 12 Feb 2023 03:06:02 +0100
Subject: [PATCH] Added cloud-init example for boinc-client, improved the one
 for docker

---
 examples/cloud-init/boinc-client.yum.yaml | 42 +++++++++++++++++++++++
 examples/cloud-init/docker.yum.yaml       | 18 +++++-----
 2 files changed, 51 insertions(+), 9 deletions(-)
 create mode 100644 examples/cloud-init/boinc-client.yum.yaml

diff --git a/examples/cloud-init/boinc-client.yum.yaml b/examples/cloud-init/boinc-client.yum.yaml
new file mode 100644
index 0000000..7787713
--- /dev/null
+++ b/examples/cloud-init/boinc-client.yum.yaml
@@ -0,0 +1,42 @@
+#cloud-config
+
+yum_repos:
+  epel:
+    name: Extra Packages for Enterprise Linux 8 - $basearch
+    baseurl: https://dl.fedoraproject.org/pub/epel/8/Everything/$basearch
+    gpgcheck: true
+    gpgkey: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8
+
+packages:
+  - boinc-client
+  - boinc-tui
+
+bootcmd:
+  # `cloud-init` has issues with `firewall-cmd`.
+  # Using the offline version.
+  - firewall-offline-cmd --add-port='31416/tcp' --zone='public'
+
+runcmd:
+  - grep -q 'boinc' '/etc/group' && sudo usermod -a -G 'boinc' 'opc'
+  - chown -R 'boinc:boinc' '/var/lib/boinc'
+  - systemctl enable --now 'boinc-client.service'
+  - sleep '5s'
+  - boinccmd --acct_mgr attach 'acct_mgr_url' 'acct_mgr_user' 'acct_mgr_password'
+  - systemctl reload 'firewalld.service'
+
+write_files:
+  - path: /var/lib/boinc/gui_rpc_auth.cfg
+    permissions: '0640'
+    content: |
+      gui_rpc_password
+  - path: /var/lib/boinc/cc_config.xml
+    content: |
+      <cc_config>
+        <options>
+          <allow_remote_gui_rpc>1</allow_remote_gui_rpc>
+        </options>
+      </cc_config>
+  - path: /var/lib/boinc/remote_hosts.cfg
+    content: |
+      192.168.1.10
+      192.168.1.115
diff --git a/examples/cloud-init/docker.yum.yaml b/examples/cloud-init/docker.yum.yaml
index 6816bce..3a363b2 100644
--- a/examples/cloud-init/docker.yum.yaml
+++ b/examples/cloud-init/docker.yum.yaml
@@ -6,23 +6,19 @@
 # Add the official Docker repository.
 #
 # Got from the official installation guide at
-# https://docs.docker.com/engine/install/rhel/#install-using-the-repository :
-#   yum install -y yum-utils && \
-#   yum-config-manager --add-repo \
-#     https://download.docker.com/linux/rhel/docker-ce.repo && \
-#   cat /etc/yum.repos.d/docker-ce.repo
+# https://docs.docker.com/engine/install/
 #
 # Sources:
 # - https://cloudinit.readthedocs.io/en/latest/topics/modules.html#yum-add-repo
 # - https://cloudinit.readthedocs.io/en/latest/topics/examples.html#adding-a-yum-repository
 yum_repos:
-  docker-ce:
+  docker-ce-stable:
     name: Docker CE Stable - $basearch
     enabled: true
-    baseurl: https://download.docker.com/linux/rhel/$releasever/$basearch/stable
+    baseurl: https://download.docker.com/linux/centos/$releasever/$basearch/stable
     priority: 1
     gpgcheck: true
-    gpgkey: https://download.docker.com/linux/rhel/gpg
+    gpgkey: https://download.docker.com/linux/centos/gpg
 
 # Install required packages.
 # This will *always* update the list of packages, regardless of the value of the
@@ -35,8 +31,12 @@ yum_repos:
 # - https://cloudinit.readthedocs.io/en/latest/topics/examples.html#install-arbitrary-packages
 packages:
   - docker-ce
+  - docker-compose-plugin
 
-# Enable and start the service after installation
 runcmd:
+  # Enable and start the service after installation.
   - systemctl daemon-reload
   - systemctl enable --now docker.service
+
+  # Give the default user permission to use docker without privilege escalation.
+  - grep docker /etc/group -q && sudo usermod -a -G docker user