- "-dropbear"
- openssh-server
- git
+ - sudo
openwrt_mixin:
# Go binaries
/usr/local/bin/door_client:
- mode: 0755
+ mode: '0755'
file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/door_client/door_client"
/usr/local/bin/door_daemon:
- mode: 0755
+ mode: '0755'
file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/door_daemon/door_daemon"
/usr/local/bin/update-keys:
- mode: 0755
+ mode: '0755'
file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/update-keys/update-keys"
+ /usr/local/bin/authorized_keys.sh:
+ mode: '0755'
+ file: "{{ playbook_dir }}/files/tuer/authorized_keys.sh"
+
+ /usr/local/bin/update-keys-from-stdin.sh:
+ mode: '0755'
+ file: "{{ playbook_dir }}/files/tuer/update-keys-from-stdin.sh"
+
/etc/ssh/sshd_config:
content: |-
Port 22000
X11Forwarding no
UsePrivilegeSeparation sandbox
+ Match User tuerctl
+ AuthorizedKeysFile /dev/null
+ AuthorizedKeysCommand /usr/local/bin/authorized_keys.sh
+ AuthorizedKeysCommandUser tuergit
+
+
/etc/ssh/authorized_keys.d/root:
content: |-
{% for key in noc_ssh_keys %}
{{ key }}
{% endfor %}
+ /etc/ssh/authorized_keys.d/tuergit:
+ content: |-
+ {% for key in noc_ssh_keys %}
+ {{ key }}
+ {% endfor %}
+
openwrt_uci:
network:
- name: globals 'globals'
openwrt_users:
tuerd: {}
tuergit:
- home: /var/tuer
+ home: /home/tuergit
shell: /usr/bin/git-shell
tuerctl:
shell: /bin/false # TODO fixme