mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 05:30:45 +00:00
git: Verify SSH keys when added
This commit is contained in:
parent
75765576dc
commit
010e9ba14c
@ -14,7 +14,7 @@ systemd:
|
||||
enabled: true
|
||||
- name: git-ssh-github@.service
|
||||
enabled: true
|
||||
- name: git-ssh-pubkey@-etc-ssh-ssh_host_rsa_key.pub.service
|
||||
- name: git-ssh-pubkey@etc-ssh-ssh_host_rsa_key.pub.service
|
||||
enabled: true
|
||||
dropins:
|
||||
- name: wait-for-key.conf
|
||||
|
@ -9,6 +9,7 @@ RemainAfterExit=true
|
||||
ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh
|
||||
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
|
||||
ExecStart=/bin/podman exec git sh -c "echo 'ssh-ed25519 %I' > /var/lib/git/.ssh/authorized_keys.d/%i"
|
||||
ExecStartPost=/bin/podman exec git ssh-keygen -l -f /var/lib/git/.ssh/authorized_keys.d/%i
|
||||
ExecStartPost=/bin/podman exec git sh -c "cat /var/lib/git/.ssh/authorized_keys.d/* > /tmp/authorized_keys"
|
||||
ExecStartPost=/bin/podman exec git install --owner 10000 --group 10000 --mode 0600 /tmp/authorized_keys /var/lib/git/.ssh/authorized_keys
|
||||
ExecStop=/bin/podman exec git rm -f /var/lib/git/.ssh/authorized_keys.d/%i
|
||||
|
@ -10,6 +10,7 @@ ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 070
|
||||
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
|
||||
ExecStartPre=/usr/bin/curl --silent --fail -o /tmp/%N.key https://github.com/%i.keys
|
||||
ExecStart=/bin/sh -c 'podman cp /tmp/%N.key git:/var/lib/git/.ssh/authorized_keys.d/github-%i && rm -f /tmp/%N.key'
|
||||
ExecStartPost=/bin/podman exec git ssh-keygen -l -f /var/lib/git/.ssh/authorized_keys.d/github-%i
|
||||
ExecStartPost=/bin/podman exec git sh -c "cat /var/lib/git/.ssh/authorized_keys.d/* > /tmp/authorized_keys"
|
||||
ExecStartPost=/bin/podman exec git install --owner 10000 --group 10000 --mode 0600 /tmp/authorized_keys /var/lib/git/.ssh/authorized_keys
|
||||
ExecStop=/bin/podman exec git rm -f /var/lib/git/.ssh/authorized_keys.d/github-%i
|
||||
|
@ -1,15 +1,16 @@
|
||||
[Unit]
|
||||
Description=Git SSH authentication via public key file %I
|
||||
Description=Git SSH authentication via public key file /%I
|
||||
Wants=git.service
|
||||
After=git.service
|
||||
ConditionPathExists=%I
|
||||
ConditionFileNotEmpty=/%I
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=true
|
||||
ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh
|
||||
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
|
||||
ExecStart=/bin/podman cp %I git:/var/lib/git/.ssh/authorized_keys.d/%i
|
||||
ExecStart=/bin/podman cp /%I git:/var/lib/git/.ssh/authorized_keys.d/%i
|
||||
ExecStartPost=/bin/podman exec git ssh-keygen -l -f /var/lib/git/.ssh/authorized_keys.d/%i
|
||||
ExecStartPost=/bin/podman exec git sh -c "cat /var/lib/git/.ssh/authorized_keys.d/* > /tmp/authorized_keys"
|
||||
ExecStartPost=/bin/podman exec git install --owner 10000 --group 10000 --mode 0600 /tmp/authorized_keys /var/lib/git/.ssh/authorized_keys
|
||||
ExecStop=/bin/podman exec git rm -f /var/lib/git/.ssh/authorized_keys.d/%i
|
||||
|
Loading…
Reference in New Issue
Block a user