diff options
| author |  steering7253 | 2026-04-10 15:47:31 +0000 |
|---|---|---|
| committer | steering7253 | 2026-04-10 15:47:31 +0000 |
| commit | c1c7dee1fa6037a1197965727398346efa1137af (patch) | |
| tree | 093d2cbccaf24b30c0676f975c17a0dea587efd9 | |
| parent | install.sh - 711 /etc/wireguard (diff) | |
add notifications
| -rwxr-xr-x | authorized_keys.sh | 15 | ||||
| -rwxr-xr-x | autopeer_shell.py | 10 | ||||
| -rw-r--r-- | config.py | 2 | ||||
| -rwxr-xr-x | install.sh | 5 |
4 files changed, 25 insertions, 7 deletions
diff --git a/authorized_keys.sh b/authorized_keys.sh index ec82497..24bf72e 100755 --- a/authorized_keys.sh +++ b/authorized_keys.sh @@ -2,15 +2,24 @@ set -o pipefail +cd /opt/autopeer +NOTIFY_TO="$(python -c 'import config; print(config.NOTIFY_TO)')" + user="$1" if [ "$1" = "new" ]; then type="$2" key="$3" - connection="$(echo "$4" | tr : _)" + connection="$4" + if user="$(grep -l -s -r -P '^\s*auth:\s*\Q'"$type"'\E\s+\Q'"$key"'\E$' /opt/autopeer/dn42-registry/data/mntner/ | perl -ne 's@^.*/@@; s@-MNT$@@; print lc;' | head -1)"; then perl -ne 'print if s@^\s*auth:\s*ssh-@restrict,pty ssh-@' </opt/autopeer/dn42-registry/data/mntner/"$(echo "$user" | perl -ne 's@$@-MNT@; print uc;')" - /usr/sbin/adduser --disabled-password --quiet --comment "created at $(date +%s) by $key $connection" --ingroup autopeer "$user" - /usr/sbin/adduser "$user" bird + if getent passwd "$user"; then + exit 0 + else + echo "[autopeer $(hostname)] New user being created: $user from $key $connection" | socat stdio "$NOTIFY_TO" + /usr/sbin/adduser --disabled-password --quiet --comment "created at $(date +%s) by $key ${connection//:/_}" --ingroup autopeer "$user" + /usr/sbin/adduser "$user" bird + fi fi else # not new user perl -ne 'print if s@^\s*auth:\s*ssh-@restrict,pty ssh-@' </opt/autopeer/dn42-registry/data/mntner/"$(echo "$user" | perl -ne 's@$@-MNT@; print uc;')" diff --git a/autopeer_shell.py b/autopeer_shell.py index f7b2cdd..2c6eac4 100755 --- a/autopeer_shell.py +++ b/autopeer_shell.py @@ -114,6 +114,8 @@ class AutopeerShell(cmd.Cmd): print(f'Error: ipv6 link local must match {IPLL_REGEX}', file=sys.stderr) return + sp = subprocess.run(['socat', 'stdio', NOTIFY_TO], input=f"[autopeer {socket.gethostname()}] Created new peering {name!r} for AS{SELECTED_ASN} by {USER}", text=True) + try: curs = DB.execute( 'INSERT INTO peers (name, asn, pubkey, endpoint, port, ipll, creator_ip, creator_name, creator_date) VALUES (:name, :asn, :pubkey, :endpoint, :port, :ipll, :creator_ip, :creator_name, :creator_date)', @@ -137,6 +139,7 @@ class AutopeerShell(cmd.Cmd): def do_delpeer(self, name): '''<name> Delete your peering''' + sp = subprocess.run(['socat', 'stdio', NOTIFY_TO], input=f"[autopeer {socket.gethostname()}] Deleted peering {name!r} for AS{SELECTED_ASN} by {USER}", text=True) curs = DB.execute( 'DELETE FROM peers WHERE name = :name AND asn = :asn', dict(name=name, asn=SELECTED_ASN) @@ -218,7 +221,10 @@ Your Tunnel IPv6LL: {you.ipll} if __name__ == '__main__': shell = AutopeerShell() - if len(os.getenv('SSH_ORIGINAL_COMMAND', '')): - shell.onecmd(os.getenv('SSH_ORIGINAL_COMMAND')) + command = os.getenv('SSH_ORIGINAL_COMMAND', '') + if len(command): + sp = subprocess.run(['socat', 'stdio', NOTIFY_TO], input=f"[autopeer {socket.gethostname()}] {USER} ran {command}", text=True) + shell.onecmd(command) else: + sp = subprocess.run(['socat', 'stdio', NOTIFY_TO], input=f"[autopeer {socket.gethostname()}] {USER} logged in", text=True) shell.cmdloop() @@ -11,3 +11,5 @@ try: MY_PRIVKEY = open('/etc/wireguard/privkey', 'r').read().strip() except: # open will fail due to perms as user MY_PRIVKEY = None + +NOTIFY_TO = 'tcp:chaos.1459.dn42:13336' @@ -5,15 +5,16 @@ echo read -p "Press enter once you've done that..." -apt install git wireguard-tools +apt install git wireguard-tools cron socat ln -s /opt/autopeer/sshd_config /etc/ssh/sshd_config.d/autopeer.conf systemctl reload ssh addgroup autopeer adduser --disabled-password --comment '' new git -c core.sshcommand="ssh -i /opt/autopeer/id_autopeer" clone git@git.dn42.dev:dn42/registry.git /opt/autopeer/dn42-registry -echo '47 * * * * root git -c merge.verifysignatures=false -c core.sshcommand="ssh -i /opt/autopeer/id_autopeer" -C /opt/autopeer/dn42-registry pull' >>/etc/cron.d/autopeer +echo '47 * * * * root git -c merge.verifysignatures=false -c core.sshcommand="ssh -i /opt/autopeer/id_autopeer" -C /opt/autopeer/dn42-registry pull' >>/etc/cron.d/autopeer echo '*/5 * * * * root /opt/autopeer/cronjob.py' >>/etc/cron.d/autopeer +echo '0 * * * * root git -C /opt/autopeer pull' >>/etc/cron.d/autopeer umask 0007 mkdir /opt/autopeer/db |