provisioning tool for building opinionated architecture
 
 

88 lines
3.1 KiB

#!/bin/bash
function check_container_exists() {
if ! container_exists "$CONTAINER"; then
echoerr "container <$CONTAINER> does not exist!"
exit 1
fi
}
function check() {
check_container_exists || return 1
return 0
}
function enable_ssh() {
echo "lxc: enable ssh in container <$CONTAINER> for user <$SSH_USER>"
if ! container_running "$CONTAINER"; then
echowarn "container <$CONTAINER> seems to be asleep, starting ..."
lxc start "$CONTAINER"
echowarn DONE
fi
lxc exec "$CONTAINER" -- bash <<EOF
set -Eeuo pipefail
if ! id "$SSH_USER" &>/dev/null; then
echo "adding new user <$SSH_USER>"
useradd -ms /bin/bash -G sudo "$SSH_USER"
else
echo "bash: $SSH_USER exists already!"
fi
EOF
miaou_user=$(whoami)
shadow_passwd=$(load_yaml_from_expanded credential.shadow)
shadow_remainder=$(lxc exec "$CONTAINER" -- bash -c "grep $SSH_USER /etc/shadow | cut -d':' -f3-")
lxc exec "$CONTAINER" -- /opt/debian-bash/tools/append_or_replace "^$SSH_USER:.*:" "$SSH_USER:$shadow_passwd:$shadow_remainder" /etc/shadow >/dev/null
lxc exec "$CONTAINER" -- /opt/debian-bash/tools/idem_apt_install openssh-server
previous_users=($(
lxc exec "$CONTAINER" -- bash <<EOF
set -Eeuo pipefail
if [[ -f /etc/ssh/sshd_config ]] && grep -q AllowUsers /etc/ssh/sshd_config ; then
cat /etc/ssh/sshd_config | grep AllowUsers | cut -d' ' -f 2-
fi
EOF
))
if containsElement previous_users "$SSH_USER"; then
echo "sshd_config: AllowUsers $SSH_USER already done!"
else
echo "previous_users ${previous_users[*]}"
previous_users+=("$SSH_USER")
echo -n "building template for sshd_config..."
USERS=${previous_users[*]} tera -e --env-key env -t "$MIAOU_BASEDIR/templates/dev-container-ssh/sshd_config.j2" -o "/tmp/sshd_config" "$MIAOU_CONFIGDIR/miaou.expanded.yaml" >/dev/null
echo 'OK'
echo -n "copying sshd_config over container <$CONTAINER> ... "
lxc file push --uid 0 --gid 0 "/tmp/sshd_config" "$CONTAINER/etc/ssh/sshd_config" &>/dev/null
echo 'OK'
lxc exec "$CONTAINER" -- systemctl reload sshd.service
fi
lxc exec "$CONTAINER" -- mkdir -p "/home/$SSH_USER/.ssh"
lxc exec "$CONTAINER" -- chown "$SSH_USER:$SSH_USER" "/home/$SSH_USER/.ssh"
lxc exec "$CONTAINER" -- chmod 760 "/home/$SSH_USER/.ssh"
lxc file push --uid 0 --gid 0 "/home/$miaou_user/.ssh/id_rsa.pub" "$CONTAINER/home/$SSH_USER/.ssh/authorized_keys" &>/dev/null
lxc exec "$CONTAINER" -- chown "$SSH_USER:$SSH_USER" "/home/$SSH_USER/.ssh/authorized_keys"
lxc exec "$CONTAINER" -- chmod 600 "/home/$SSH_USER/.ssh/authorized_keys"
echo "create symbolic link for curl from TOOLBOX as required for Codium remote-ssh"
lxc exec "$CONTAINER" -- ln -sf /TOOLBOX/curl /usr/bin/
echo "SUCCESS: container $CONTAINER listening on port 22"
}
## MAIN
. "$MIAOU_BASEDIR/lib/init.sh"
arg1_required "$@"
readonly CONTAINER=$1
if [[ -z "${2:-}" ]]; then
readonly SSH_USER=$(id -un)
else
readonly SSH_USER="$2"
fi
check
enable_ssh