#cloud-config
package_update: true
package_upgrade: true

packages:
  - mysql-server
  - mysql-client

write_files:
  - path: /etc/mysql/mysql.conf.d/mysqld_custom.cnf
    content: |
      [mysqld]
      bind-address = 127.0.0.1
      max_connections = 200
      innodb_buffer_pool_size = 256M
      query_cache_size = 16M
      tmp_table_size = 32M
      max_heap_table_size = 32M
      
  - path: /tmp/mysql_secure_installation.sql
    content: |
      ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'StrongPassword123!';
      DELETE FROM mysql.user WHERE User='';
      DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
      DROP DATABASE IF EXISTS test;
      DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
      FLUSH PRIVILEGES;

runcmd:
  - systemctl enable mysql
  - systemctl start mysql
  - mysql < /tmp/mysql_secure_installation.sql
  - rm /tmp/mysql_secure_installation.sql
  - systemctl restart mysql
  - ufw allow 3306/tcp