Created
February 23, 2026 17:33
-
-
Save Kirbo/6635ad29b22b7d140ba9ca90ef19685f to your computer and use it in GitHub Desktop.
UpCloud - GitLab Runner - Debian 13 - prepare-image.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # prepare-image.sh | |
| # Purpose: Final pre-image cleanup for Debian 13 runner image. | |
| # - Stops services | |
| # - Removes SSH host keys and authorized_keys | |
| # - Removes gitlab-runner config | |
| # - Clears machine-id | |
| # - Cleans apt lists, caches, logs, journal | |
| # - Removes /tmp and other temp files | |
| # - Zeroes free space for better compression | |
| # - Clears shell history (root + possible user) | |
| # | |
| # Run as root (sudo). This script DOES NOT poweroff the machine. | |
| set -euo pipefail | |
| if [[ "$(id -u)" -ne 0 ]]; then | |
| echo "This script must be run as root. Use sudo." >&2 | |
| exit 1 | |
| fi | |
| echo "==> Stopping services to avoid writes" | |
| systemctl stop gitlab-runner 2>/dev/null || true | |
| systemctl stop docker 2>/dev/null || true | |
| echo "==> Removing gitlab-runner config (avoid baked runner)" | |
| rm -f /etc/gitlab-runner/config.toml 2>/dev/null || true | |
| echo "==> Removing SSH host keys (they will be regenerated on first boot via cloud-init)" | |
| rm -f /etc/ssh/ssh_host_* 2>/dev/null || true | |
| echo "==> Removing authorized_keys from common locations" | |
| rm -f /root/.ssh/authorized_keys 2>/dev/null || true | |
| rm -f /home/*/.ssh/authorized_keys 2>/dev/null || true | |
| echo "==> Clearing machine-id and DBUS machine-id" | |
| truncate -s 0 /etc/machine-id 2>/dev/null || true | |
| rm -f /var/lib/dbus/machine-id 2>/dev/null || true | |
| echo "==> Apt cleanup" | |
| apt clean || true | |
| rm -rf /var/lib/apt/lists/* 2>/dev/null || true | |
| echo "==> Clearing /tmp" | |
| rm -rf /tmp/* 2>/dev/null || true | |
| echo "==> Clearing logs and journal" | |
| journalctl --rotate || true | |
| journalctl --vacuum-time=1s || true | |
| rm -rf /var/log/* 2>/dev/null || true | |
| mkdir -p /var/log | |
| chmod 755 /var/log | |
| echo "==> Clearing user shell history (root and common users)" | |
| # root | |
| history -c || true | |
| history -w || true | |
| rm -f /root/.bash_history 2>/dev/null || true | |
| # attempt to clear other users' histories (if any) | |
| for u in /home/*; do | |
| if [[ -d "$u" ]]; then | |
| user_home="$u" | |
| rm -f "${user_home}/.bash_history" 2>/dev/null || true | |
| rm -f "${user_home}/.zsh_history" 2>/dev/null || true | |
| fi | |
| done | |
| echo "==> Remove wget/apt/other caches" | |
| rm -f /root/.wget-hsts 2>/dev/null || true | |
| rm -rf /var/cache/* 2>/dev/null || true | |
| echo "==> Syncing filesystems" | |
| sync | |
| echo "==> Zeroing free space for better compression (this may take a while)" | |
| # Create a large zero file and remove it to free up space and produce trailing zeroes | |
| dd if=/dev/zero of=/zerofill bs=1M 2>/dev/null || true | |
| sync | |
| rm -f /zerofill 2>/dev/null || true | |
| sync | |
| echo "==> Final sync" | |
| sync | |
| echo "==> DONE: image-prep complete. System NOT powered off by this script." | |
| echo "==> You can now shut down the instance (sudo poweroff) and create the custom image." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment