Home Onidel Cloud Startup Scripts

Startup Scripts

Last updated on Mar 15, 2026

Startup Scripts on Onidel Cloud enable users to automate common initialization tasks, typically performed right after deploying a new Virtual Machine.

Those are executed once during the instance creation as root in the context of guest OS, using cloud-init. They are highly reusable and location-independent, allowing you to easily standardize environments across all your deployments.

Startup Scripts are primarily meant for:

  • Automated Software Installation

  • Basic Software Configuration

  • Security Hardening

There is an example script included at the end of this wiki page showcasing how to implement those in practice. You are free to take it as a base and add any other actions you want to be performed automatically during provisioning.

You can use any scripting language as long as the interpreter is included within the OS template of your choice.

Creating a Script

In Onidel Cloud Panel, go to Orchestration > Scripts then click on New Script.

From there, you can name your script and paste its contents. Remember to use appropriate shebang in the first line of your script, so it can be interpreted correctly.

To save it, click New Script at the bottom.

After that, your script should be visible in the list of scripts.

Deploying a VM with Startup Script

You can select the Startup Script to be applied to a VM during the ordering process. After the instance is deployed, the script will automatically be executed. Keep in mind the build process may be slightly longer during the time your startup script is executed.

Example Startup Script

Here's an example startup script made for provisioning Debian VMs. You can treat it as a presentation of common actions performed automatically after deployment, or as a reference script to be tweaked to your liking.

#!/bin/bash

# name of non-root user
NEW_USER="onichan"

export DEBIAN_FRONTEND=noninteractive

# install some common utilities
apt-get update
apt-get install -y fish htop btop doas vnstat iftop

# create new non-root user with fish as login shell
useradd -m -s /usr/bin/fish "$NEW_USER"

# copy ssh authorized client key from root to new user
ROOT_SSH="/root/.ssh"
USER_SSH="/home/$NEW_USER/.ssh"
if [ -d "$ROOT_SSH" ]; then
    mkdir -p "$USER_SSH"
    chmod 700 "$USER_SSH"

    if [ -f "$ROOT_SSH/authorized_keys" ]; then
        cp "$ROOT_SSH/authorized_keys" "$USER_SSH/"
    fi

    chown -R "$NEW_USER:$NEW_USER" "$USER_SSH"
    chmod 600 "$USER_SSH/authorized_keys" 2>/dev/null || true
fi

# configure doas
echo "permit persist $NEW_USER" > /etc/doas.conf
chmod 0400 /etc/doas.conf

# disallow root and password login on ssh
rm /etc/ssh/sshd_config.d/*cloud-init*.conf
echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config.d/99-custom.conf
echo 'PermitRootLogin no' >> /etc/ssh/sshd_config.d/99-custom.conf
systemctl restart sshd

# lock root account
passwd -l root

# force password change on first login, password is the same as username initially
echo "$NEW_USER:$NEW_USER" | chpasswd
chage -d 0 "$NEW_USER"

It installs some common monitoring utilities, disallows SSH password logins, blocks root user and creates a new regular user whose password needs to be changed on first login.

The SSH public key is copied from root user to newly created one to allow logins using SSH key you've set when the VM deployment.

It also changes user shell to fish and configures the doas utility to enable controlled execution of commands as root.

Demonstration

After the Virtual Machine with the example script was deployed, I logged into the VM using SSH key previously uploaded to Onidel Cloud. It first asks for the non-root user password to be set.

$ ssh -i ~/.ssh/onidel_main_key [email protected]
...
WARNING: Your password has expired.
You must change your password now and log in again!
Changing password for onichan.
Current password: 
New password: 
Retype new password: 
passwd: password updated successfully
Connection to 185.232.84.76 closed.

Then I'm able to login into shell using SSH key.

$ ssh -i ~/.ssh/onidel_main_key [email protected]
...
Welcome to fish, the friendly interactive shell
Type help for instructions on how to use fish
onichan@work-vm ~>

Without supplying the key, login attempts are instantly rejected.

$ ssh [email protected]
[email protected]: Permission denied (publickey).

Inside the VM, I can also verify that monitoring utilities were installed properly.

onichan@work-vm ~> vnstat -d

 eth0  /  daily

          day        rx      |     tx      |    total    |   avg. rate
     ------------------------+-------------+-------------+---------------
     2026-03-15    10.40 MiB |  279.38 KiB |   10.68 MiB |   16.10 kbit/s
     ------------------------+-------------+-------------+---------------
      estimated   105.78 MiB |    2.75 MiB |  108.53 MiB |