moonq/ssh-box
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

streamline building, proper makefile help

Browse Source
This commit is contained in:
Ville Rantanen
2022-08-24 17:42:06 +03:00
parent 97d62d8032
commit 7176e41edc
6 changed files with 123 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Makefile
View File

@@ -1,21 +1,34 @@
.PHONY: help
help: ## *:・゚✧*:・゚✧ This help *:・゚✧*:・゚✧
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[33m[ \033[36m%-15s \033[33m]\033[0m %s\n", $$1, $$2}'
service-up:
service-up: ## Build and start SSH BOX service
docker-compose up --build -d -t 1 docker-compose up --build -d -t 1
service-logs: service-logs: ## View logs
docker-compose logs -f -t docker-compose logs -f -t
service-force-restart: service-dev: ## Build and start service, foreground
docker-compose build docker-compose build
docker-compose up -d --force-recreate -t 1 docker-compose up --force-recreate -t 0
docker-compose logs -f -t #docker-compose logs -f -t
service-down: service-down: ## Shutdown
docker-compose down -t 1 docker-compose down -t 1
service-bash: service-bash: ## Enter shell
docker-compose exec ssh-ftp-server bash docker-compose exec ssh-ftp-server bash
update-users: service-update: ## Pull never image
docker pull alpine:latest
user-update: ## Run user creation scripts
docker-compose exec ssh-ftp-server update_users.sh docker-compose exec ssh-ftp-server update_users.sh
user-add:
bash user-add

6
README.md
View File

@@ -8,8 +8,10 @@ First start:
- modify your user ID number as USR - modify your user ID number as USR
- EXPOSE to port exposed outside - EXPOSE to port exposed outside
- start with docker-compose - start with docker-compose, or by using `make`
- data/ and home/ folders appear - data/ folder appears. It contains users definitions, and home folders
- create user by adding authorized_keys contents to data/users/[UID]-[username] file - create user by adding authorized_keys contents to data/users/[UID]-[username] file
- example: `vim users/2000-user1` <- copy id_rsa.pub contents there - example: `vim users/2000-user1` <- copy id_rsa.pub contents there
- use UID >=2000
- you can also use the `user-add` script

4
build/Dockerfile
View File

@@ -6,8 +6,6 @@ RUN apk add --no-cache \
rsync \ rsync \
shadow shadow
ADD get_pub_keys.sh /usr/local/sbin/get_pub_keys.sh COPY get_pub_keys.sh update_users.sh run_ssh_box.sh /usr/local/sbin/
ADD update_users.sh /usr/local/sbin/update_users.sh
ADD run.sh /usr/local/sbin/run_ssh_box.sh
CMD bash /usr/local/sbin/run_ssh_box.sh CMD bash /usr/local/sbin/run_ssh_box.sh

2
build/get_pub_keys.sh
View File

@@ -1,4 +1,4 @@
#!/bin/bash #!/bin/sh
set -e set -e
idnr=$( id -u "$1" ) idnr=$( id -u "$1" )

15
build/run.sh → build/run_ssh_box.sh
View File

@@ -33,10 +33,16 @@ if getent group box; then
else else
groupadd -g $GRP box groupadd -g $GRP box
fi fi
if getent group trusted; then
echo Trusted already added
else
groupadd trusted
fi
rmdir /home
chown root:root "$basedir"/home rmdir /home || true
chmod 0711 "$basedir"/home chown root:trusted "$basedir"/home
chmod 0751 "$basedir"/home
ln -sfT "$basedir"/home /home ln -sfT "$basedir"/home /home
touch /tmp/empty_keys touch /tmp/empty_keys
@@ -49,8 +55,7 @@ cat <<EOF > /etc/profile
alias ll='ls -al' alias ll='ls -al'
EOF EOF
echo "-~''~- SSH-Box ~-..-~" > /etc/motd echo "$NAME" > /etc/motd
echo "$NAME" >> /etc/motd
update_users.sh update_users.sh

70
build/update_users.sh
View File

@@ -1,10 +1,10 @@
#!/bin/bash #!/bin/bash
set -e set -eu
shopt -s nullglob shopt -s nullglob
echo updating users >&2 echo updating users >&2
function getpass() { function get_pass() {
# Technically possible to set password from key file # Technically possible to set password from key file
#set +e #set +e
#grep -q ^'#passwd=' "$1" && { #grep -q ^'#passwd=' "$1" && {
@@ -14,32 +14,78 @@ function getpass() {
# sed -i 's/^#passwd=.*/#passwd-is-set/' "$1" # sed -i 's/^#passwd=.*/#passwd-is-set/' "$1"
# return # return
#} #}
set -e # set -e
local LENGTH=64 local LENGTH=64
LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c $LENGTH LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c $LENGTH
} }
cd /var/ssh-box/users function get_readme() {
cat <<EOF
# SSH Box home
- data/ folder is shared to all users, group access is forced.
- create any other folder to keep files to yourself.
- don't mess things up.
EOF
}
function validate_users() {
# users uid must be >=2000
# uid must be unique
# must be format [number]-[alphanumeric]
for file in *; do for file in *; do
echo $file if [[ "$file" =~ ^([0-9]+)-([a-z][a-z0-9_]*)$ ]]; then
line=$file if [[ "${BASH_REMATCH[1]}" -lt 2000 ]]; then
if [[ "$line" = *".sh" ]]; then echo "$file" has UID under 2000 >&2
continue exit 1
fi fi
user=${line##*-} else
uid=${line%%-*} echo files must be formatted " [number]-[alphanumeric]"
echo "$file" is not valid user definition >&2
exit 1
fi
done
duplicate_uid=$(
for file in *; do
if [[ "$file" =~ ^([0-9]+)-([a-z][a-z0-9_]*)$ ]]; then
echo "${BASH_REMATCH[1]}"
fi
done | sort | uniq -d
)
if [[ -n "$duplicate_uid" ]]; then
echo user definitions contain duplicate UID >&2
echo "$duplicate_uid" >&2
exit 1
fi
}
cd /var/ssh-box/users
validate_users
for file in *; do
if [[ "$file" =~ ^([0-9]+)-([a-z][a-z0-9_]*)$ ]]; then
uid=${BASH_REMATCH[1]}
user=${BASH_REMATCH[2]}
echo UID: "${BASH_REMATCH[1]}" username: "${BASH_REMATCH[2]}" >&2
id $user > /dev/null 2>&1 || { id $user > /dev/null 2>&1 || {
adduser -D -u $uid $user adduser -D -u $uid $user
pw=$( getpass "$file" ) pw=$( get_pass "$file" )
echo -e "$pw\n$pw" | passwd $user echo -e "$pw\n$pw" | passwd $user 2> /dev/null
mkdir -p "/home/$user/data" mkdir -p "/home/$user/data"
chmod 0711 "/home/$user" chmod 0711 "/home/$user"
usermod -a -G box $user usermod -a -G box $user
if grep -q '^# .*trusted.*' "$file"; then
usermod -a -G trusted $user
fi
} }
rm -f "/home/$user/.ssh/authorized_keys" rm -f "/home/$user/.ssh/authorized_keys"
get_readme > "/home/$user/README.md"
chown -R "$user":box "/home/$user/data" chown -R "$user":box "/home/$user/data"
chmod -R u+rwX,g+rwX,o+X "/home/$user/data" chmod -R u+rwX,g+rwX,o+X "/home/$user/data"
chmod 0600 "$file" chmod 0600 "$file"
chown $USR "$file" chown $USR "$file"
fi
done done
chmod 0700 /var/ssh-box/users chmod 0700 /var/ssh-box/users