#cloud-config

package_update: true
package_upgrade: true

packages:
  - curl
  - git
  - ufw
  - fail2ban

write_files:
  # Docker daemon config for Swarm (live-restore must be false for swarm mode)
  - path: /etc/docker/daemon.json
    content: |
      {
        "log-driver": "json-file",
        "log-opts": {
          "max-size": "10m",
          "max-file": "3"
        }
      }

runcmd:
  # Install Docker
  - curl -fsSL https://get.docker.com | sh

  # Configure firewall
  - ufw default allow incoming
  - ufw default allow outgoing
  - ufw --force enable

  # Initialize Docker Swarm
  - docker swarm init --advertise-addr $(curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address)

  # Create the proxy network used by Traefik and all recipes
  - docker network create --driver overlay --attachable proxy