You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
88 lines
3.1 KiB
88 lines
3.1 KiB
#!/bin/bash
|
|
|
|
function check_container_exists() {
|
|
if ! container_exists "$CONTAINER"; then
|
|
echoerr "container <$CONTAINER> does not exist!"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
function check() {
|
|
check_container_exists || return 1
|
|
return 0
|
|
}
|
|
|
|
function enable_ssh() {
|
|
echo "lxc: enable ssh in container <$CONTAINER> for user <$SSH_USER>"
|
|
|
|
if ! container_running "$CONTAINER"; then
|
|
echowarn "container <$CONTAINER> seems to be asleep, starting ..."
|
|
lxc start "$CONTAINER"
|
|
echowarn DONE
|
|
fi
|
|
|
|
lxc exec "$CONTAINER" -- bash <<EOF
|
|
set -Eeuo pipefail
|
|
if ! id "$SSH_USER" &>/dev/null; then
|
|
echo "adding new user <$SSH_USER>"
|
|
useradd -ms /bin/bash -G sudo "$SSH_USER"
|
|
else
|
|
echo "bash: $SSH_USER exists already!"
|
|
fi
|
|
EOF
|
|
|
|
miaou_user=$(whoami)
|
|
shadow_passwd=$(load_yaml_from_expanded credential.shadow)
|
|
shadow_remainder=$(lxc exec "$CONTAINER" -- bash -c "grep $SSH_USER /etc/shadow | cut -d':' -f3-")
|
|
lxc exec "$CONTAINER" -- /opt/miaou-bash/tools/append_or_replace "^$SSH_USER:.*:" "$SSH_USER:$shadow_passwd:$shadow_remainder" /etc/shadow >/dev/null
|
|
|
|
lxc exec "$CONTAINER" -- /opt/miaou-bash/tools/idem_apt_install openssh-server
|
|
previous_users=($(
|
|
lxc exec "$CONTAINER" -- bash <<EOF
|
|
set -Eeuo pipefail
|
|
if [[ -f /etc/ssh/sshd_config ]] && grep -q AllowUsers /etc/ssh/sshd_config ; then
|
|
cat /etc/ssh/sshd_config | grep AllowUsers | cut -d' ' -f 2-
|
|
fi
|
|
EOF
|
|
))
|
|
|
|
if containsElement previous_users "$SSH_USER"; then
|
|
echo "sshd_config: AllowUsers $SSH_USER already done!"
|
|
else
|
|
echo "previous_users ${previous_users[*]}"
|
|
previous_users+=("$SSH_USER")
|
|
echo -n "building template for sshd_config..."
|
|
USERS=${previous_users[*]} tera -e --env-key env -t "$MIAOU_BASEDIR/templates/dev-container-ssh/sshd_config.j2" -o "/tmp/sshd_config" "$MIAOU_CONFIGDIR/miaou.expanded.yaml" >/dev/null
|
|
echo 'OK'
|
|
echo -n "copying sshd_config over container <$CONTAINER> ... "
|
|
lxc file push --uid 0 --gid 0 "/tmp/sshd_config" "$CONTAINER/etc/ssh/sshd_config" &>/dev/null
|
|
echo 'OK'
|
|
lxc exec "$CONTAINER" -- systemctl reload sshd.service
|
|
fi
|
|
|
|
lxc exec "$CONTAINER" -- mkdir -p "/home/$SSH_USER/.ssh"
|
|
lxc exec "$CONTAINER" -- chown "$SSH_USER:$SSH_USER" "/home/$SSH_USER/.ssh"
|
|
lxc exec "$CONTAINER" -- chmod 760 "/home/$SSH_USER/.ssh"
|
|
lxc file push --uid 0 --gid 0 "/home/$miaou_user/.ssh/id_ed25519.pub" "$CONTAINER/home/$SSH_USER/.ssh/authorized_keys" &>/dev/null
|
|
lxc exec "$CONTAINER" -- chown "$SSH_USER:$SSH_USER" "/home/$SSH_USER/.ssh/authorized_keys"
|
|
lxc exec "$CONTAINER" -- chmod 600 "/home/$SSH_USER/.ssh/authorized_keys"
|
|
|
|
echo "create symbolic link for curl from TOOLBOX as required for Codium remote-ssh"
|
|
lxc exec "$CONTAINER" -- ln -sf /TOOLBOX/curl /usr/bin/
|
|
|
|
echo "SUCCESS: container $CONTAINER listening on port 22"
|
|
}
|
|
|
|
## MAIN
|
|
. "$MIAOU_BASEDIR/lib/init.sh"
|
|
|
|
arg1_required "$@"
|
|
readonly CONTAINER=$1
|
|
if [[ -z "${2:-}" ]]; then
|
|
readonly SSH_USER=$(id -un)
|
|
else
|
|
readonly SSH_USER="$2"
|
|
fi
|
|
|
|
check
|
|
enable_ssh
|