#!/bin/bash function check_container_exists() { if ! container_exists "$CONTAINER"; then echoerr "container <$CONTAINER> does not exist!" exit 1 fi } function check() { check_container_exists || return 1 return 0 } function enable_ssh() { echo "lxc: enable ssh in container <$CONTAINER> for user <$SSH_USER>" if ! container_running "$CONTAINER"; then echowarn "container <$CONTAINER> seems to be asleep, starting ..." lxc start "$CONTAINER" echowarn DONE fi lxc exec "$CONTAINER" -- bash <<EOF set -Eeuo pipefail if ! id "$SSH_USER" &>/dev/null; then echo "adding new user <$SSH_USER>" useradd -ms /bin/bash -G sudo "$SSH_USER" else echo "bash: $SSH_USER exists already!" fi EOF miaou_user=$(whoami) shadow_passwd=$(load_yaml_from_expanded credential.shadow) shadow_remainder=$(lxc exec "$CONTAINER" -- bash -c "grep $SSH_USER /etc/shadow | cut -d':' -f3-") lxc exec "$CONTAINER" -- /opt/miaou-bash/tools/append_or_replace "^$SSH_USER:.*:" "$SSH_USER:$shadow_passwd:$shadow_remainder" /etc/shadow >/dev/null lxc exec "$CONTAINER" -- /opt/miaou-bash/tools/idem_apt_install openssh-server previous_users=($( lxc exec "$CONTAINER" -- bash <<EOF set -Eeuo pipefail if [[ -f /etc/ssh/sshd_config ]] && grep -q AllowUsers /etc/ssh/sshd_config ; then cat /etc/ssh/sshd_config | grep AllowUsers | cut -d' ' -f 2- fi EOF )) if containsElement previous_users "$SSH_USER"; then echo "sshd_config: AllowUsers $SSH_USER already done!" else echo "previous_users ${previous_users[*]}" previous_users+=("$SSH_USER") echo -n "building template for sshd_config..." USERS=${previous_users[*]} tera -e --env-key env -t "$MIAOU_BASEDIR/templates/dev-container-ssh/sshd_config.j2" -o "/tmp/sshd_config" "$MIAOU_CONFIGDIR/miaou.expanded.yaml" >/dev/null echo 'OK' echo -n "copying sshd_config to container <$CONTAINER> ... " lxc file push --uid 0 --gid 0 "/tmp/sshd_config" "$CONTAINER/etc/ssh/sshd_config" &>/dev/null echo 'OK' lxc exec "$CONTAINER" -- systemctl reload sshd.service fi lxc exec "$CONTAINER" -- mkdir -p "/home/$SSH_USER/.ssh" lxc exec "$CONTAINER" -- chown "$SSH_USER:$SSH_USER" "/home/$SSH_USER/.ssh" lxc exec "$CONTAINER" -- chmod 760 "/home/$SSH_USER/.ssh" if [[ -f "/home/$miaou_user/.ssh/authorized_keys" ]]; then lxc file push --uid 0 --gid 0 "/home/$miaou_user/.ssh/authorized_keys" "$CONTAINER/home/$SSH_USER/.ssh/authorized_keys" &>/dev/null lxc exec "$CONTAINER" -- chown "$SSH_USER:$SSH_USER" "/home/$SSH_USER/.ssh/authorized_keys" lxc exec "$CONTAINER" -- chmod 600 "/home/$SSH_USER/.ssh/authorized_keys" fi echo "create symbolic link for curl from TOOLBOX as required for Codium remote-ssh" lxc exec "$CONTAINER" -- ln -sf /TOOLBOX/curl /usr/bin/ echo "SUCCESS: container $CONTAINER listening on port 22" } ## MAIN . "$MIAOU_BASEDIR/lib/init.sh" arg1_required "$@" readonly CONTAINER=$1 if [[ -z "${2:-}" ]]; then readonly SSH_USER=$(id -un) else readonly SSH_USER="$2" fi check enable_ssh