diff options
| author |  steering7253 | 2026-04-08 03:50:25 +0200 |
|---|---|---|
| committer | steering7253 | 2026-04-08 03:57:04 +0200 |
| commit | d3ec864c134ebcf05ea82bad7f565a61bb418feb (patch) | |
| tree | 1e88a0a7ff59ed461cbbe3ae9793e6b9cdb7f178 | |
init
| -rw-r--r-- | .gitignore | 2 | ||||
| -rwxr-xr-x | authorized_keys.sh | 17 | ||||
| -rwxr-xr-x | autopeer_shell.py | 3 | ||||
| m--------- | dn42-registry | 0 | ||||
| -rw-r--r-- | install.sh | 7 | ||||
| -rwxr-xr-x | new_user_created.sh | 11 | ||||
| -rw-r--r-- | sshd_config | 25 |
7 files changed, 65 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ea19357 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +id_autopeer +id_autopeer.pub diff --git a/authorized_keys.sh b/authorized_keys.sh new file mode 100755 index 0000000..75c2704 --- /dev/null +++ b/authorized_keys.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -o pipefail + +user="$1" +if [ "$1" = "new" ]; then + type="$2" + key="$3" + if user="$(grep -l -s -r -P '^\s*auth:\s*\Q'"$type"'\E\s+\Q'"$key"'\E$' /opt/autopeer/dn42-registry/data/mntner/ | perl -ne 's@^.*/@@; s@-MNT$@@; print lc;' | head -1)"; then + perl -ne 'print if s@^\s*auth:\s*ssh-@ssh-@' </opt/autopeer/dn42-registry/data/mntner/"$(echo "$user" | perl -ne 's@$@-MNT@; print uc;')" + /usr/sbin/adduser --disabled-password --quiet --comment "created at $(date +%s) by $key" --ingroup autopeer "$user" + fi +else # not new user + perl -ne 'print if s@^\s*auth:\s*@@' </opt/autopeer/dn42-registry/data/mntner/"$(echo "$user" | perl -ne 's@$@-MNT@; print uc;')" +fi + +exit 0 diff --git a/autopeer_shell.py b/autopeer_shell.py new file mode 100755 index 0000000..c7e6f7d --- /dev/null +++ b/autopeer_shell.py @@ -0,0 +1,3 @@ +#!/usr/bin/python3 + +print("Hello") diff --git a/dn42-registry b/dn42-registry new file mode 160000 +Subproject 9f8932d45b6f7623aefc28005103d511e4ef6ee diff --git a/install.sh b/install.sh new file mode 100644 index 0000000..2315fd7 --- /dev/null +++ b/install.sh @@ -0,0 +1,7 @@ +apt install git +ln -s /opt/autopeer/sshd_config /etc/ssh/sshd_config.d/autopeer.conf +addgroup autopeer +adduser --disabled-password --comment '' new +git -c core.sshcommand="ssh -i /opt/autopeer/id_autopeer" git clone git@git.dn42.dev:dn42/registry.git dn42-registry + +echo '47 * * * * root git -c core.sshcommand="ssh -i /opt/autopeer/id_autopeer" -C /opt/autopeer/dn42-registry pull' >>/etc/cron.d/autopeer diff --git a/new_user_created.sh b/new_user_created.sh new file mode 100755 index 0000000..4328d47 --- /dev/null +++ b/new_user_created.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +read method type key <$SSH_USER_AUTH +user="$(grep -l -s -r -P '^\s*auth:\s*\Q'"$type"'\E\s+\Q'"$key"'\E$' /opt/autopeer/dn42-registry/data/mntner/ | perl -ne 's@^.*/@@; s@-MNT$@@; print lc;' | head -1)" + +if getent passwd "$user" >/dev/null 2>&1; then + echo "Your account has been created, go ahead and log in: shh $user@$(hostname -f)" +else + echo "An error occurred, the account $user didn't get created, please go ask steering" >&2 + exit 1 +fi diff --git a/sshd_config b/sshd_config new file mode 100644 index 0000000..a6bf121 --- /dev/null +++ b/sshd_config @@ -0,0 +1,25 @@ +Match user new + AuthorizedKeysCommand /opt/autopeer/authorized_keys.sh %u %t %k + AuthorizedKeysCommandUser root + AuthenticationMethods publickey + AllowAgentForwarding no + AllowStreamLocalForwarding no + AllowTcpForwarding no + ExposeAuthInfo yes + PermitOpen none + PermitTunnel no + PermitUserRC no + ForceCommand /opt/autopeer/new_user_created.sh + +Match group autopeer + AuthorizedKeysCommand /opt/autopeer/authorized_keys.sh %u %t %k + AuthorizedKeysCommandUser root + AuthenticationMethods publickey + AllowAgentForwarding no + AllowStreamLocalForwarding no + AllowTcpForwarding no + ExposeAuthInfo yes + PermitOpen none + PermitTunnel no + PermitUserRC no + ForceCommand /opt/autopeer/autopeer_shell.py |