From 862f2567b18f502394218bbbaafeca4b8bb5b70b Mon Sep 17 00:00:00 2001 From: Thomas von Dein Date: Fri, 13 Dec 2024 18:39:21 +0100 Subject: [PATCH] Added ssh config (for accessing kobayashi chat) --- Makefile | 2 ++ TODO.md | 4 ++++ deploy.yaml | 2 +- roles/chat/tasks/main.yaml | 9 +++++++++ roles/pub/bin/user.sh | 26 ++++++++++++++++++++++++-- roles/pub/templates/Bastillefile.j2 | 2 +- 6 files changed, 41 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 3abeca8..8b8d7db 100644 --- a/Makefile +++ b/Makefile @@ -33,7 +33,9 @@ create: hosts: $(ENV) $(HOSTS_COMMAND) +# remove ssh control point, which may lead to hangs if wifi breaks during deployment deploy: + rm -rf ~/.ansible/cp/* $(ENV) $(DEPLOY_COMMAND) clean: diff --git a/TODO.md b/TODO.md index 8da1549..ce4447c 100644 --- a/TODO.md +++ b/TODO.md @@ -3,3 +3,7 @@ ## Add quota config and enable/configure rctl ## Add bsdnix manpage (into pub jail) + +## Check if motd generation works + +See Bastillefile pub diff --git a/deploy.yaml b/deploy.yaml index d19a22b..76f5ac9 100644 --- a/deploy.yaml +++ b/deploy.yaml @@ -13,4 +13,4 @@ - role: ssh - role: jails - role: chat - #- role: pub + - role: pub diff --git a/roles/chat/tasks/main.yaml b/roles/chat/tasks/main.yaml index fecd91e..d1f03af 100644 --- a/roles/chat/tasks/main.yaml +++ b/roles/chat/tasks/main.yaml @@ -9,6 +9,8 @@ git clone https://github.com/tlinden/devzat cd /tmp/devzat go build + args: + creates: "/tmp/.ansible.devzatbuild" - name: create services template dir file: @@ -33,6 +35,8 @@ - name: copy devzat binary shell: install -m 755 /tmp/devzat/devzat /usr/local/bastille/templates/services/{{ role_name }}/usr/local/sbin/devzat + args: + creates: "/tmp/.ansible.devzat" - name: copy devzat config file copy: @@ -55,3 +59,8 @@ - name: template jail shell: "bastille template {{ role_name }} services/{{ role_name }}" + args: + # FIXME: might make it impossible to update, on the other hand w/o + # it this command fails with "devzat binary busy" when the jail is + # already running, since go binaries do not fork. + creates: "/tmp/.ansible.devzattemplate" diff --git a/roles/pub/bin/user.sh b/roles/pub/bin/user.sh index d51f4ad..4ebd2f8 100755 --- a/roles/pub/bin/user.sh +++ b/roles/pub/bin/user.sh @@ -115,8 +115,30 @@ case "$action" in if test -e "/usr/local/bastille/keys/$user" -a ! -e "/home/$user/.ssh/authorized_keys"; then # install ssh key uid=$(getuid "$root" "$user") - install -m 700 -o "$uid" -g "$uid" -d "/home/$user/.ssh" - install -m 600 -o "$uid" -g "$uid" "/usr/local/bastille/keys/$user" "/home/$user/.ssh/authorized_keys" + run install -m 700 -o "$uid" -g "$uid" -d "/home/$user/.ssh" + run install -m 600 -o "$uid" -g "$uid" "/usr/local/bastille/keys/$user" "/home/$user/.ssh/authorized_keys" + + # generate chat key, which is required so login to + # kobayashi, so that ssh-chat works even if the user does + # not have their own key yet. + run ssh-keygen -t ed25519 -f /home/$user/.ssh/id_chat_kobayashi -P "" + + ( + echo "The key id_chat_kobayashi exists so that you're able to reach" + echo "the kobayashi chat service. Once you have generated your own" + echo "key, you can just delete it." + ) > "/home/$user/.ssh/README" + + if test ! -e "/home/$user/.ssh/config"; then + ( + echo "Host kobayashi" + echo " Port 2222" + echo " IdentityFile ~/.ssh/id_chat_kobayashi" + echo " StrictHostKeyChecking no" + ) > "/home/$user/.ssh/config" + fi + + run chown "$uid:$uid" /home/$user/.ssh/* fi ;; absent) diff --git a/roles/pub/templates/Bastillefile.j2 b/roles/pub/templates/Bastillefile.j2 index 5496fbe..6f3bc12 100644 --- a/roles/pub/templates/Bastillefile.j2 +++ b/roles/pub/templates/Bastillefile.j2 @@ -13,8 +13,8 @@ CMD mkdir -p /home FSTAB /home home nullfs rw 0 0 - # FIXME: fails for now, see: https://github.com/BastilleBSD/bastille/issues/743 #CP usr/share/skel /usr/share/skel SERVICE sshd start +SERVICE motd restart