ともたこ(Tomotaka Ogino)さんのコード(2024-12-15 12:52:52.964653)

<powershell>

Write-Output "Set admin password."
net user Administrator "Hogehoge123_"

# Install chocolatey
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

# Conifigure chocolatey to install packages with -y option.
choco feature enable -n allowGlobalConfirmation

#install OpenJDK17
choco install temurin17

$BucketName="[YourBucketName]"

# Timezone
Write-Output "Set Timezone"
Set-TimeZone -Id "Tokyo Standard Time"

# Install OpenSSH Server
# https://dev.classmethod.jp/articles/windows-server-open-ssh/
Write-Output "Install OpenSSH server"
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Set-Service -Name sshd -StartupType Automatic
Start-Service sshd

# Copy ssh rsa Key
Write-Output "Copy ssh rsa key"
$PREREQ_PREFIX="[KeyPrefixForAuthorizedKeys]"
$RSA_PUB_KEY = "[AuthorizedKeysForYourKeyPair]"
$RSA_PUB_KEY_FILE="C:\ProgramData\ssh\administrators_authorized_keys"
$SSHD_CONFIG_FILE="C:\ProgramData\ssh\sshd_config"
Write-Output "Retrieve from S3: $RSA_PUB_KEY"
Read-S3Object -BucketName $BucketName -Region ap-northeast-1 -Key $PREREQ_PREFIX/$RSA_PUB_KEY -File $RSA_PUB_KEY_FILE

# Set premission to ssh rsa key
Write-Output "Set premission to ssh rsa key"
$NewAcl = Get-Acl -Path "$RSA_PUB_KEY_FILE"
# Prohibit inheritance
$NewAcl.SetAccessRuleProtection($true, $false)
# Create new rule
$fileSystemAccessRuleArgumentList = "BUILTIN\Administrators", "FullControl", "Allow"
$fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList
# Apply new rule
$NewAcl.SetAccessRule($fileSystemAccessRule)
Set-Acl -Path "$RSA_PUB_KEY_FILE" -AclObject $NewAcl

sleep 10

# Change auth mode
echo "" >> $SSHD_CONFIG_FILE
echo "PubkeyAuthentication yes" >> $SSHD_CONFIG_FILE
echo "PasswordAuthentication no" >> $SSHD_CONFIG_FILE

# install PowerShell7
choco install powershell-core

# Set PowerShell7 to default shell
Write-Output "Set PowerShell7 to default shell"
$PWSH_PATH="C:\Program Files\PowerShell\7\pwsh.exe"
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "$PWSH_PATH" -PropertyType String -Force

Restart-Service sshd

Write-Output "Installing Github CLI..."
choco install gh

Write-Output "Installing Git CLI..."
choco install git.install

Write-Output "Installing 7zip..."
choco install 7zip

</powershell>