streamline building, proper makefile help
This commit is contained in:
29
Makefile
29
Makefile
@@ -1,21 +1,34 @@
|
|||||||
|
.PHONY: help
|
||||||
|
|
||||||
|
help: ## *:・゚✧*:・゚✧ This help *:・゚✧*:・゚✧
|
||||||
|
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[33m[ \033[36m%-15s \033[33m]\033[0m %s\n", $$1, $$2}'
|
||||||
|
|
||||||
|
|
||||||
service-up:
|
|
||||||
|
service-up: ## Build and start SSH BOX service
|
||||||
docker-compose up --build -d -t 1
|
docker-compose up --build -d -t 1
|
||||||
|
|
||||||
service-logs:
|
service-logs: ## View logs
|
||||||
docker-compose logs -f -t
|
docker-compose logs -f -t
|
||||||
|
|
||||||
service-force-restart:
|
service-dev: ## Build and start service, foreground
|
||||||
docker-compose build
|
docker-compose build
|
||||||
docker-compose up -d --force-recreate -t 1
|
docker-compose up --force-recreate -t 0
|
||||||
docker-compose logs -f -t
|
#docker-compose logs -f -t
|
||||||
|
|
||||||
service-down:
|
service-down: ## Shutdown
|
||||||
docker-compose down -t 1
|
docker-compose down -t 1
|
||||||
|
|
||||||
service-bash:
|
service-bash: ## Enter shell
|
||||||
docker-compose exec ssh-ftp-server bash
|
docker-compose exec ssh-ftp-server bash
|
||||||
|
|
||||||
update-users:
|
service-update: ## Pull never image
|
||||||
|
docker pull alpine:latest
|
||||||
|
|
||||||
|
user-update: ## Run user creation scripts
|
||||||
docker-compose exec ssh-ftp-server update_users.sh
|
docker-compose exec ssh-ftp-server update_users.sh
|
||||||
|
|
||||||
|
user-add:
|
||||||
|
bash user-add
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -8,8 +8,10 @@ First start:
|
|||||||
- modify your user ID number as USR
|
- modify your user ID number as USR
|
||||||
- EXPOSE to port exposed outside
|
- EXPOSE to port exposed outside
|
||||||
|
|
||||||
- start with docker-compose
|
- start with docker-compose, or by using `make`
|
||||||
- data/ and home/ folders appear
|
- data/ folder appears. It contains users definitions, and home folders
|
||||||
- create user by adding authorized_keys contents to data/users/[UID]-[username] file
|
- create user by adding authorized_keys contents to data/users/[UID]-[username] file
|
||||||
- example: `vim users/2000-user1` <- copy id_rsa.pub contents there
|
- example: `vim users/2000-user1` <- copy id_rsa.pub contents there
|
||||||
|
- use UID >=2000
|
||||||
|
- you can also use the `user-add` script
|
||||||
|
|
||||||
|
|||||||
@@ -6,8 +6,6 @@ RUN apk add --no-cache \
|
|||||||
rsync \
|
rsync \
|
||||||
shadow
|
shadow
|
||||||
|
|
||||||
ADD get_pub_keys.sh /usr/local/sbin/get_pub_keys.sh
|
COPY get_pub_keys.sh update_users.sh run_ssh_box.sh /usr/local/sbin/
|
||||||
ADD update_users.sh /usr/local/sbin/update_users.sh
|
|
||||||
ADD run.sh /usr/local/sbin/run_ssh_box.sh
|
|
||||||
CMD bash /usr/local/sbin/run_ssh_box.sh
|
CMD bash /usr/local/sbin/run_ssh_box.sh
|
||||||
|
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/bin/sh
|
||||||
set -e
|
set -e
|
||||||
idnr=$( id -u "$1" )
|
idnr=$( id -u "$1" )
|
||||||
|
|
||||||
|
|||||||
@@ -33,10 +33,16 @@ if getent group box; then
|
|||||||
else
|
else
|
||||||
groupadd -g $GRP box
|
groupadd -g $GRP box
|
||||||
fi
|
fi
|
||||||
|
if getent group trusted; then
|
||||||
|
echo Trusted already added
|
||||||
|
else
|
||||||
|
groupadd trusted
|
||||||
|
fi
|
||||||
|
|
||||||
rmdir /home
|
|
||||||
chown root:root "$basedir"/home
|
rmdir /home || true
|
||||||
chmod 0711 "$basedir"/home
|
chown root:trusted "$basedir"/home
|
||||||
|
chmod 0751 "$basedir"/home
|
||||||
ln -sfT "$basedir"/home /home
|
ln -sfT "$basedir"/home /home
|
||||||
|
|
||||||
touch /tmp/empty_keys
|
touch /tmp/empty_keys
|
||||||
@@ -49,8 +55,7 @@ cat <<EOF > /etc/profile
|
|||||||
alias ll='ls -al'
|
alias ll='ls -al'
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
echo "-~''~- SSH-Box ~-..-~" > /etc/motd
|
echo "$NAME" > /etc/motd
|
||||||
echo "$NAME" >> /etc/motd
|
|
||||||
|
|
||||||
update_users.sh
|
update_users.sh
|
||||||
|
|
||||||
@@ -1,10 +1,10 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -e
|
set -eu
|
||||||
shopt -s nullglob
|
shopt -s nullglob
|
||||||
|
|
||||||
echo updating users >&2
|
echo updating users >&2
|
||||||
|
|
||||||
function getpass() {
|
function get_pass() {
|
||||||
# Technically possible to set password from key file
|
# Technically possible to set password from key file
|
||||||
#set +e
|
#set +e
|
||||||
#grep -q ^'#passwd=' "$1" && {
|
#grep -q ^'#passwd=' "$1" && {
|
||||||
@@ -14,32 +14,78 @@ function getpass() {
|
|||||||
# sed -i 's/^#passwd=.*/#passwd-is-set/' "$1"
|
# sed -i 's/^#passwd=.*/#passwd-is-set/' "$1"
|
||||||
# return
|
# return
|
||||||
#}
|
#}
|
||||||
set -e
|
# set -e
|
||||||
local LENGTH=64
|
local LENGTH=64
|
||||||
LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c $LENGTH
|
LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c $LENGTH
|
||||||
}
|
}
|
||||||
|
|
||||||
cd /var/ssh-box/users
|
function get_readme() {
|
||||||
for file in *; do
|
cat <<EOF
|
||||||
echo $file
|
# SSH Box home
|
||||||
line=$file
|
|
||||||
if [[ "$line" = *".sh" ]]; then
|
- data/ folder is shared to all users, group access is forced.
|
||||||
continue
|
- create any other folder to keep files to yourself.
|
||||||
|
- don't mess things up.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function validate_users() {
|
||||||
|
# users uid must be >=2000
|
||||||
|
# uid must be unique
|
||||||
|
# must be format [number]-[alphanumeric]
|
||||||
|
for file in *; do
|
||||||
|
if [[ "$file" =~ ^([0-9]+)-([a-z][a-z0-9_]*)$ ]]; then
|
||||||
|
if [[ "${BASH_REMATCH[1]}" -lt 2000 ]]; then
|
||||||
|
echo "$file" has UID under 2000 >&2
|
||||||
|
exit 1
|
||||||
fi
|
fi
|
||||||
user=${line##*-}
|
else
|
||||||
uid=${line%%-*}
|
echo files must be formatted " [number]-[alphanumeric]"
|
||||||
|
echo "$file" is not valid user definition >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
duplicate_uid=$(
|
||||||
|
for file in *; do
|
||||||
|
if [[ "$file" =~ ^([0-9]+)-([a-z][a-z0-9_]*)$ ]]; then
|
||||||
|
echo "${BASH_REMATCH[1]}"
|
||||||
|
fi
|
||||||
|
done | sort | uniq -d
|
||||||
|
)
|
||||||
|
if [[ -n "$duplicate_uid" ]]; then
|
||||||
|
echo user definitions contain duplicate UID >&2
|
||||||
|
echo "$duplicate_uid" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
cd /var/ssh-box/users
|
||||||
|
validate_users
|
||||||
|
|
||||||
|
for file in *; do
|
||||||
|
if [[ "$file" =~ ^([0-9]+)-([a-z][a-z0-9_]*)$ ]]; then
|
||||||
|
uid=${BASH_REMATCH[1]}
|
||||||
|
user=${BASH_REMATCH[2]}
|
||||||
|
echo UID: "${BASH_REMATCH[1]}" username: "${BASH_REMATCH[2]}" >&2
|
||||||
id $user > /dev/null 2>&1 || {
|
id $user > /dev/null 2>&1 || {
|
||||||
adduser -D -u $uid $user
|
adduser -D -u $uid $user
|
||||||
pw=$( getpass "$file" )
|
pw=$( get_pass "$file" )
|
||||||
echo -e "$pw\n$pw" | passwd $user
|
echo -e "$pw\n$pw" | passwd $user 2> /dev/null
|
||||||
mkdir -p "/home/$user/data"
|
mkdir -p "/home/$user/data"
|
||||||
chmod 0711 "/home/$user"
|
chmod 0711 "/home/$user"
|
||||||
usermod -a -G box $user
|
usermod -a -G box $user
|
||||||
|
if grep -q '^# .*trusted.*' "$file"; then
|
||||||
|
usermod -a -G trusted $user
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
rm -f "/home/$user/.ssh/authorized_keys"
|
rm -f "/home/$user/.ssh/authorized_keys"
|
||||||
|
get_readme > "/home/$user/README.md"
|
||||||
chown -R "$user":box "/home/$user/data"
|
chown -R "$user":box "/home/$user/data"
|
||||||
chmod -R u+rwX,g+rwX,o+X "/home/$user/data"
|
chmod -R u+rwX,g+rwX,o+X "/home/$user/data"
|
||||||
chmod 0600 "$file"
|
chmod 0600 "$file"
|
||||||
chown $USR "$file"
|
chown $USR "$file"
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
chmod 0700 /var/ssh-box/users
|
chmod 0700 /var/ssh-box/users
|
||||||
|
|||||||
Reference in New Issue
Block a user