From d3ec864c134ebcf05ea82bad7f565a61bb418feb Mon Sep 17 00:00:00 2001
From: steering7253
Date: Wed, 8 Apr 2026 03:50:25 +0200
Subject: init

---
 .gitignore          |  2 ++
 authorized_keys.sh  | 17 +++++++++++++++++
 autopeer_shell.py   |  3 +++
 dn42-registry       |  1 +
 install.sh          |  7 +++++++
 new_user_created.sh | 11 +++++++++++
 sshd_config         | 25 +++++++++++++++++++++++++
 7 files changed, 66 insertions(+)
 create mode 100644 .gitignore
 create mode 100755 authorized_keys.sh
 create mode 100755 autopeer_shell.py
 create mode 160000 dn42-registry
 create mode 100644 install.sh
 create mode 100755 new_user_created.sh
 create mode 100644 sshd_config

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..ea19357
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+id_autopeer
+id_autopeer.pub
diff --git a/authorized_keys.sh b/authorized_keys.sh
new file mode 100755
index 0000000..75c2704
--- /dev/null
+++ b/authorized_keys.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -o pipefail
+
+user="$1"
+if [ "$1" = "new" ]; then
+	type="$2"
+	key="$3"
+	if user="$(grep -l -s -r -P '^\s*auth:\s*\Q'"$type"'\E\s+\Q'"$key"'\E$' /opt/autopeer/dn42-registry/data/mntner/ | perl -ne 's@^.*/@@; s@-MNT$@@; print lc;' | head -1)"; then
+		perl -ne 'print if s@^\s*auth:\s*ssh-@ssh-@' </opt/autopeer/dn42-registry/data/mntner/"$(echo "$user" | perl -ne 's@$@-MNT@; print uc;')"
+		/usr/sbin/adduser --disabled-password --quiet --comment "created at $(date +%s) by $key" --ingroup autopeer "$user"
+	fi
+else # not new user
+	perl -ne 'print if s@^\s*auth:\s*@@' </opt/autopeer/dn42-registry/data/mntner/"$(echo "$user" | perl -ne 's@$@-MNT@; print uc;')"
+fi
+
+exit 0
diff --git a/autopeer_shell.py b/autopeer_shell.py
new file mode 100755
index 0000000..c7e6f7d
--- /dev/null
+++ b/autopeer_shell.py
@@ -0,0 +1,3 @@
+#!/usr/bin/python3
+
+print("Hello")
diff --git a/dn42-registry b/dn42-registry
new file mode 160000
index 0000000..9f8932d
--- /dev/null
+++ b/dn42-registry
@@ -0,0 +1 @@
+Subproject commit 9f8932d45b6f7623aefc28005103d511e4ef6ee3
diff --git a/install.sh b/install.sh
new file mode 100644
index 0000000..2315fd7
--- /dev/null
+++ b/install.sh
@@ -0,0 +1,7 @@
+apt install git
+ln -s /opt/autopeer/sshd_config /etc/ssh/sshd_config.d/autopeer.conf
+addgroup autopeer
+adduser --disabled-password --comment '' new
+git -c core.sshcommand="ssh -i /opt/autopeer/id_autopeer" git clone git@git.dn42.dev:dn42/registry.git dn42-registry
+
+echo '47 * * * * root git -c core.sshcommand="ssh -i /opt/autopeer/id_autopeer" -C /opt/autopeer/dn42-registry pull' >>/etc/cron.d/autopeer
diff --git a/new_user_created.sh b/new_user_created.sh
new file mode 100755
index 0000000..4328d47
--- /dev/null
+++ b/new_user_created.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+read method type key <$SSH_USER_AUTH
+user="$(grep -l -s -r -P '^\s*auth:\s*\Q'"$type"'\E\s+\Q'"$key"'\E$' /opt/autopeer/dn42-registry/data/mntner/ | perl -ne 's@^.*/@@; s@-MNT$@@; print lc;' | head -1)"
+
+if getent passwd "$user" >/dev/null 2>&1; then
+	echo "Your account has been created, go ahead and log in: shh $user@$(hostname -f)"
+else
+	echo "An error occurred, the account $user didn't get created, please go ask steering" >&2
+	exit 1
+fi
diff --git a/sshd_config b/sshd_config
new file mode 100644
index 0000000..a6bf121
--- /dev/null
+++ b/sshd_config
@@ -0,0 +1,25 @@
+Match user new
+	AuthorizedKeysCommand /opt/autopeer/authorized_keys.sh %u %t %k
+	AuthorizedKeysCommandUser root
+	AuthenticationMethods publickey
+	AllowAgentForwarding no
+	AllowStreamLocalForwarding no
+	AllowTcpForwarding no
+	ExposeAuthInfo yes
+	PermitOpen none
+	PermitTunnel no
+	PermitUserRC no
+	ForceCommand /opt/autopeer/new_user_created.sh
+
+Match group autopeer
+	AuthorizedKeysCommand /opt/autopeer/authorized_keys.sh %u %t %k
+	AuthorizedKeysCommandUser root
+	AuthenticationMethods publickey
+	AllowAgentForwarding no
+	AllowStreamLocalForwarding no
+	AllowTcpForwarding no
+	ExposeAuthInfo yes
+	PermitOpen none
+	PermitTunnel no
+	PermitUserRC no
+	ForceCommand /opt/autopeer/autopeer_shell.py
-- 
cgit v1.3.1-10-gc9f91