mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 05:30:45 +00:00
git: Verify SSH keys when added
This commit is contained in:
parent
75765576dc
commit
010e9ba14c
@ -14,7 +14,7 @@ systemd:
|
|||||||
enabled: true
|
enabled: true
|
||||||
- name: git-ssh-github@.service
|
- name: git-ssh-github@.service
|
||||||
enabled: true
|
enabled: true
|
||||||
- name: git-ssh-pubkey@-etc-ssh-ssh_host_rsa_key.pub.service
|
- name: git-ssh-pubkey@etc-ssh-ssh_host_rsa_key.pub.service
|
||||||
enabled: true
|
enabled: true
|
||||||
dropins:
|
dropins:
|
||||||
- name: wait-for-key.conf
|
- name: wait-for-key.conf
|
||||||
|
@ -9,6 +9,7 @@ RemainAfterExit=true
|
|||||||
ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh
|
ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh
|
||||||
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
|
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
|
||||||
ExecStart=/bin/podman exec git sh -c "echo 'ssh-ed25519 %I' > /var/lib/git/.ssh/authorized_keys.d/%i"
|
ExecStart=/bin/podman exec git sh -c "echo 'ssh-ed25519 %I' > /var/lib/git/.ssh/authorized_keys.d/%i"
|
||||||
|
ExecStartPost=/bin/podman exec git ssh-keygen -l -f /var/lib/git/.ssh/authorized_keys.d/%i
|
||||||
ExecStartPost=/bin/podman exec git sh -c "cat /var/lib/git/.ssh/authorized_keys.d/* > /tmp/authorized_keys"
|
ExecStartPost=/bin/podman exec git sh -c "cat /var/lib/git/.ssh/authorized_keys.d/* > /tmp/authorized_keys"
|
||||||
ExecStartPost=/bin/podman exec git install --owner 10000 --group 10000 --mode 0600 /tmp/authorized_keys /var/lib/git/.ssh/authorized_keys
|
ExecStartPost=/bin/podman exec git install --owner 10000 --group 10000 --mode 0600 /tmp/authorized_keys /var/lib/git/.ssh/authorized_keys
|
||||||
ExecStop=/bin/podman exec git rm -f /var/lib/git/.ssh/authorized_keys.d/%i
|
ExecStop=/bin/podman exec git rm -f /var/lib/git/.ssh/authorized_keys.d/%i
|
||||||
|
@ -10,6 +10,7 @@ ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 070
|
|||||||
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
|
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
|
||||||
ExecStartPre=/usr/bin/curl --silent --fail -o /tmp/%N.key https://github.com/%i.keys
|
ExecStartPre=/usr/bin/curl --silent --fail -o /tmp/%N.key https://github.com/%i.keys
|
||||||
ExecStart=/bin/sh -c 'podman cp /tmp/%N.key git:/var/lib/git/.ssh/authorized_keys.d/github-%i && rm -f /tmp/%N.key'
|
ExecStart=/bin/sh -c 'podman cp /tmp/%N.key git:/var/lib/git/.ssh/authorized_keys.d/github-%i && rm -f /tmp/%N.key'
|
||||||
|
ExecStartPost=/bin/podman exec git ssh-keygen -l -f /var/lib/git/.ssh/authorized_keys.d/github-%i
|
||||||
ExecStartPost=/bin/podman exec git sh -c "cat /var/lib/git/.ssh/authorized_keys.d/* > /tmp/authorized_keys"
|
ExecStartPost=/bin/podman exec git sh -c "cat /var/lib/git/.ssh/authorized_keys.d/* > /tmp/authorized_keys"
|
||||||
ExecStartPost=/bin/podman exec git install --owner 10000 --group 10000 --mode 0600 /tmp/authorized_keys /var/lib/git/.ssh/authorized_keys
|
ExecStartPost=/bin/podman exec git install --owner 10000 --group 10000 --mode 0600 /tmp/authorized_keys /var/lib/git/.ssh/authorized_keys
|
||||||
ExecStop=/bin/podman exec git rm -f /var/lib/git/.ssh/authorized_keys.d/github-%i
|
ExecStop=/bin/podman exec git rm -f /var/lib/git/.ssh/authorized_keys.d/github-%i
|
||||||
|
@ -1,15 +1,16 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Git SSH authentication via public key file %I
|
Description=Git SSH authentication via public key file /%I
|
||||||
Wants=git.service
|
Wants=git.service
|
||||||
After=git.service
|
After=git.service
|
||||||
ConditionPathExists=%I
|
ConditionFileNotEmpty=/%I
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh
|
ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh
|
||||||
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
|
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
|
||||||
ExecStart=/bin/podman cp %I git:/var/lib/git/.ssh/authorized_keys.d/%i
|
ExecStart=/bin/podman cp /%I git:/var/lib/git/.ssh/authorized_keys.d/%i
|
||||||
|
ExecStartPost=/bin/podman exec git ssh-keygen -l -f /var/lib/git/.ssh/authorized_keys.d/%i
|
||||||
ExecStartPost=/bin/podman exec git sh -c "cat /var/lib/git/.ssh/authorized_keys.d/* > /tmp/authorized_keys"
|
ExecStartPost=/bin/podman exec git sh -c "cat /var/lib/git/.ssh/authorized_keys.d/* > /tmp/authorized_keys"
|
||||||
ExecStartPost=/bin/podman exec git install --owner 10000 --group 10000 --mode 0600 /tmp/authorized_keys /var/lib/git/.ssh/authorized_keys
|
ExecStartPost=/bin/podman exec git install --owner 10000 --group 10000 --mode 0600 /tmp/authorized_keys /var/lib/git/.ssh/authorized_keys
|
||||||
ExecStop=/bin/podman exec git rm -f /var/lib/git/.ssh/authorized_keys.d/%i
|
ExecStop=/bin/podman exec git rm -f /var/lib/git/.ssh/authorized_keys.d/%i
|
||||||
|
Loading…
Reference in New Issue
Block a user