scip/bsdnix
1
0
Fork 0
Code Issues Pull Requests Activity

Added ssh config (for accessing kobayashi chat)

Browse Source
This commit is contained in:
Thomas von Dein 2024-12-13 18:39:21 +01:00
parent c7b89345bf
commit 862f2567b1
6 changed files with 41 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -33,7 +33,9 @@ create:
hosts: hosts:
$(ENV) $(HOSTS_COMMAND) $(ENV) $(HOSTS_COMMAND)
# remove ssh control point, which may lead to hangs if wifi breaks during deployment
deploy: deploy:
rm -rf ~/.ansible/cp/*
$(ENV) $(DEPLOY_COMMAND) $(ENV) $(DEPLOY_COMMAND)
clean: clean:

4
TODO.md
View File

@ -3,3 +3,7 @@
## Add quota config and enable/configure rctl ## Add quota config and enable/configure rctl
## Add bsdnix manpage (into pub jail) ## Add bsdnix manpage (into pub jail)
## Check if motd generation works
See Bastillefile pub

2
deploy.yaml
View File

@ -13,4 +13,4 @@
- role: ssh - role: ssh
- role: jails - role: jails
- role: chat - role: chat
#- role: pub - role: pub

9
roles/chat/tasks/main.yaml
View File

@ -9,6 +9,8 @@
git clone https://github.com/tlinden/devzat git clone https://github.com/tlinden/devzat
cd /tmp/devzat cd /tmp/devzat
go build go build
args:
creates: "/tmp/.ansible.devzatbuild"
- name: create services template dir - name: create services template dir
file: file:
@ -33,6 +35,8 @@
- name: copy devzat binary - name: copy devzat binary
shell: install -m 755 /tmp/devzat/devzat /usr/local/bastille/templates/services/{{ role_name }}/usr/local/sbin/devzat shell: install -m 755 /tmp/devzat/devzat /usr/local/bastille/templates/services/{{ role_name }}/usr/local/sbin/devzat
args:
creates: "/tmp/.ansible.devzat"
- name: copy devzat config file - name: copy devzat config file
copy: copy:
@ -55,3 +59,8 @@
- name: template jail - name: template jail
shell: "bastille template {{ role_name }} services/{{ role_name }}" shell: "bastille template {{ role_name }} services/{{ role_name }}"
args:
# FIXME: might make it impossible to update, on the other hand w/o
# it this command fails with "devzat binary busy" when the jail is
# already running, since go binaries do not fork.
creates: "/tmp/.ansible.devzattemplate"

26
roles/pub/bin/user.sh
View File

@ -115,8 +115,30 @@ case "$action" in
if test -e "/usr/local/bastille/keys/$user" -a ! -e "/home/$user/.ssh/authorized_keys"; then if test -e "/usr/local/bastille/keys/$user" -a ! -e "/home/$user/.ssh/authorized_keys"; then
# install ssh key # install ssh key
uid=$(getuid "$root" "$user") uid=$(getuid "$root" "$user")
install -m 700 -o "$uid" -g "$uid" -d "/home/$user/.ssh" run install -m 700 -o "$uid" -g "$uid" -d "/home/$user/.ssh"
install -m 600 -o "$uid" -g "$uid" "/usr/local/bastille/keys/$user" "/home/$user/.ssh/authorized_keys" run install -m 600 -o "$uid" -g "$uid" "/usr/local/bastille/keys/$user" "/home/$user/.ssh/authorized_keys"
# generate chat key, which is required so login to
# kobayashi, so that ssh-chat works even if the user does
# not have their own key yet.
run ssh-keygen -t ed25519 -f /home/$user/.ssh/id_chat_kobayashi -P ""
(
echo "The key id_chat_kobayashi exists so that you're able to reach"
echo "the kobayashi chat service. Once you have generated your own"
echo "key, you can just delete it."
) > "/home/$user/.ssh/README"
if test ! -e "/home/$user/.ssh/config"; then
(
echo "Host kobayashi"
echo " Port 2222"
echo " IdentityFile ~/.ssh/id_chat_kobayashi"
echo " StrictHostKeyChecking no"
) > "/home/$user/.ssh/config"
fi
run chown "$uid:$uid" /home/$user/.ssh/*
fi fi
;; ;;
absent) absent)

2
roles/pub/templates/Bastillefile.j2
View File

@ -13,8 +13,8 @@ CMD mkdir -p /home
FSTAB /home home nullfs rw 0 0 FSTAB /home home nullfs rw 0 0
# FIXME: fails for now, see: https://github.com/BastilleBSD/bastille/issues/743 # FIXME: fails for now, see: https://github.com/BastilleBSD/bastille/issues/743
#CP usr/share/skel /usr/share/skel #CP usr/share/skel /usr/share/skel
SERVICE sshd start SERVICE sshd start
SERVICE motd restart