provisioning tool for building opinionated architecture
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

88 lines
3.1 KiB

9 months ago
9 months ago
9 months ago
  1. #!/bin/bash
  2. function check_container_exists() {
  3. if ! container_exists "$CONTAINER"; then
  4. echoerr "container <$CONTAINER> does not exist!"
  5. exit 1
  6. fi
  7. }
  8. function check() {
  9. check_container_exists || return 1
  10. return 0
  11. }
  12. function enable_ssh() {
  13. echo "lxc: enable ssh in container <$CONTAINER> for user <$SSH_USER>"
  14. if ! container_running "$CONTAINER"; then
  15. echowarn "container <$CONTAINER> seems to be asleep, starting ..."
  16. lxc start "$CONTAINER"
  17. echowarn DONE
  18. fi
  19. lxc exec "$CONTAINER" -- bash <<EOF
  20. set -Eeuo pipefail
  21. if ! id "$SSH_USER" &>/dev/null; then
  22. echo "adding new user <$SSH_USER>"
  23. useradd -ms /bin/bash -G sudo "$SSH_USER"
  24. else
  25. echo "bash: $SSH_USER exists already!"
  26. fi
  27. EOF
  28. miaou_user=$(whoami)
  29. shadow_passwd=$(load_yaml_from_expanded credential.shadow)
  30. shadow_remainder=$(lxc exec "$CONTAINER" -- bash -c "grep $SSH_USER /etc/shadow | cut -d':' -f3-")
  31. lxc exec "$CONTAINER" -- /opt/miaou-bash/tools/append_or_replace "^$SSH_USER:.*:" "$SSH_USER:$shadow_passwd:$shadow_remainder" /etc/shadow >/dev/null
  32. lxc exec "$CONTAINER" -- /opt/miaou-bash/tools/idem_apt_install openssh-server
  33. previous_users=($(
  34. lxc exec "$CONTAINER" -- bash <<EOF
  35. set -Eeuo pipefail
  36. if [[ -f /etc/ssh/sshd_config ]] && grep -q AllowUsers /etc/ssh/sshd_config ; then
  37. cat /etc/ssh/sshd_config | grep AllowUsers | cut -d' ' -f 2-
  38. fi
  39. EOF
  40. ))
  41. if containsElement previous_users "$SSH_USER"; then
  42. echo "sshd_config: AllowUsers $SSH_USER already done!"
  43. else
  44. echo "previous_users ${previous_users[*]}"
  45. previous_users+=("$SSH_USER")
  46. echo -n "building template for sshd_config..."
  47. USERS=${previous_users[*]} tera -e --env-key env -t "$MIAOU_BASEDIR/templates/dev-container-ssh/sshd_config.j2" -o "/tmp/sshd_config" "$MIAOU_CONFIGDIR/miaou.expanded.yaml" >/dev/null
  48. echo 'OK'
  49. echo -n "copying sshd_config over container <$CONTAINER> ... "
  50. lxc file push --uid 0 --gid 0 "/tmp/sshd_config" "$CONTAINER/etc/ssh/sshd_config" &>/dev/null
  51. echo 'OK'
  52. lxc exec "$CONTAINER" -- systemctl reload sshd.service
  53. fi
  54. lxc exec "$CONTAINER" -- mkdir -p "/home/$SSH_USER/.ssh"
  55. lxc exec "$CONTAINER" -- chown "$SSH_USER:$SSH_USER" "/home/$SSH_USER/.ssh"
  56. lxc exec "$CONTAINER" -- chmod 760 "/home/$SSH_USER/.ssh"
  57. lxc file push --uid 0 --gid 0 "/home/$miaou_user/.ssh/id_rsa.pub" "$CONTAINER/home/$SSH_USER/.ssh/authorized_keys" &>/dev/null
  58. lxc exec "$CONTAINER" -- chown "$SSH_USER:$SSH_USER" "/home/$SSH_USER/.ssh/authorized_keys"
  59. lxc exec "$CONTAINER" -- chmod 600 "/home/$SSH_USER/.ssh/authorized_keys"
  60. echo "create symbolic link for curl from TOOLBOX as required for Codium remote-ssh"
  61. lxc exec "$CONTAINER" -- ln -sf /TOOLBOX/curl /usr/bin/
  62. echo "SUCCESS: container $CONTAINER listening on port 22"
  63. }
  64. ## MAIN
  65. . "$MIAOU_BASEDIR/lib/init.sh"
  66. arg1_required "$@"
  67. readonly CONTAINER=$1
  68. if [[ -z "${2:-}" ]]; then
  69. readonly SSH_USER=$(id -un)
  70. else
  71. readonly SSH_USER="$2"
  72. fi
  73. check
  74. enable_ssh