deuill/coreos-home-server
1
0
Fork 0
mirror of https://github.com/deuill/coreos-home-server.git synced 2024-09-21 05:30:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

git: Verify SSH keys when added

Browse Source
This commit is contained in:
Alex Palaistras 2021-08-01 23:37:30 +01:00
parent 75765576dc
commit 010e9ba14c
4 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/service/git/spec.bu
View File

@ -14,7 +14,7 @@ systemd:
enabled: true
- name: git-ssh-github@.service
enabled: true
- name: git-ssh-pubkey@-etc-ssh-ssh_host_rsa_key.pub.service
- name: git-ssh-pubkey@etc-ssh-ssh_host_rsa_key.pub.service
enabled: true
dropins:
- name: wait-for-key.conf

1
config/service/git/systemd/git-ssh-ed25519@.service
View File

@ -9,6 +9,7 @@ RemainAfterExit=true
ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
ExecStart=/bin/podman exec git sh -c "echo 'ssh-ed25519 %I' > /var/lib/git/.ssh/authorized_keys.d/%i"
ExecStartPost=/bin/podman exec git ssh-keygen -l -f /var/lib/git/.ssh/authorized_keys.d/%i
ExecStartPost=/bin/podman exec git sh -c "cat /var/lib/git/.ssh/authorized_keys.d/* > /tmp/authorized_keys"
ExecStartPost=/bin/podman exec git install --owner 10000 --group 10000 --mode 0600 /tmp/authorized_keys /var/lib/git/.ssh/authorized_keys
ExecStop=/bin/podman exec git rm -f /var/lib/git/.ssh/authorized_keys.d/%i

1
config/service/git/systemd/git-ssh-github@.service
View File

@ -10,6 +10,7 @@ ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 070
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
ExecStartPre=/usr/bin/curl --silent --fail -o /tmp/%N.key https://github.com/%i.keys
ExecStart=/bin/sh -c 'podman cp /tmp/%N.key git:/var/lib/git/.ssh/authorized_keys.d/github-%i && rm -f /tmp/%N.key'
ExecStartPost=/bin/podman exec git ssh-keygen -l -f /var/lib/git/.ssh/authorized_keys.d/github-%i
ExecStartPost=/bin/podman exec git sh -c "cat /var/lib/git/.ssh/authorized_keys.d/* > /tmp/authorized_keys"
ExecStartPost=/bin/podman exec git install --owner 10000 --group 10000 --mode 0600 /tmp/authorized_keys /var/lib/git/.ssh/authorized_keys
ExecStop=/bin/podman exec git rm -f /var/lib/git/.ssh/authorized_keys.d/github-%i

7
config/service/git/systemd/git-ssh-pubkey@.service
View File

@ -1,15 +1,16 @@
[Unit]
Description=Git SSH authentication via public key file %I
Description=Git SSH authentication via public key file /%I
Wants=git.service
After=git.service
ConditionPathExists=%I
ConditionFileNotEmpty=/%I
[Service]
Type=oneshot
RemainAfterExit=true
ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
ExecStart=/bin/podman cp %I git:/var/lib/git/.ssh/authorized_keys.d/%i
ExecStart=/bin/podman cp /%I git:/var/lib/git/.ssh/authorized_keys.d/%i
ExecStartPost=/bin/podman exec git ssh-keygen -l -f /var/lib/git/.ssh/authorized_keys.d/%i
ExecStartPost=/bin/podman exec git sh -c "cat /var/lib/git/.ssh/authorized_keys.d/* > /tmp/authorized_keys"
ExecStartPost=/bin/podman exec git install --owner 10000 --group 10000 --mode 0600 /tmp/authorized_keys /var/lib/git/.ssh/authorized_keys
ExecStop=/bin/podman exec git rm -f /var/lib/git/.ssh/authorized_keys.d/%i