tuer: Add stuff for tuergit

diff --git a/ansible/files/tuer/authorized_keys.sh b/ansible/files/tuer/authorized_keys.sh
index 359f9d6..79ed2b5 100755 (executable)
--- a/ansible/files/tuer/authorized_keys.sh
+++ b/ansible/files/tuer/authorized_keys.sh
@@ -22,7 +22,7 @@
 
 set -e
 
-KEYS_DIR=${KEYS_DIR:-'/var/tuer/keys.git'}
+KEYS_DIR=${KEYS_DIR:-'/home/tuergit/keys.git'}
 KEYS_OPTIONS='no-port-forwarding'
 
 cd "${KEYS_DIR}"

diff --git a/ansible/files/tuer/post-receive b/ansible/files/tuer/post-receive
new file mode 100755 (executable)
index 0000000..57f7b2c
--- /dev/null
+++ b/ansible/files/tuer/post-receive
@@ -0,0 +1,28 @@
+#!/bin/sh
+## (c) Bernhard Tittelbach 2017-10-28, Tschunk-License
+## (c) nicoo               2018-05-20, Tschunk-License
+## this is the post-recieve hook installed in /home/tuergit/keys.git/hooks/
+
+set -eu
+
+keys_branch=$(git config hooks.keys_branch 2>/dev/null)
+keys_file=$(git config hooks.keys_file 2>/dev/null)
+keys_pipe_to=$(git config hooks.keys_pipe_to 2>/dev/null)
+
+keys_branch=${keys_branch:-master}
+keys_file=${keys_file:-keys}
+keys_pipe_to=${keys_pipe_to:-/usr/local/bin/update-keys-from-stdin.sh}
+
+changedcommits=$( grep "refs/heads/${keys_branch}" | sed 's/\([0-9a-f]\+\)\s\+\([0-9a-f]\+\)\s\+.*/\1..\2/;' )
+
+catgitkeyfile() {
+       git show "${keys_branch}:${keys_file}"
+}
+
+if git whatchanged --oneline $changedcommits | grep -qe "^:.*${keys_file}\$"; then
+  echo "./$keys_file changed in pushed commits. Updating keys in firmware!"
+  ## update door
+  catgitkeyfile | ${keys_pipe_to}
+else
+  echo "./$keys_file not changed, not updating keys in firmware"
+fi

diff --git a/ansible/files/tuer/update-keys-from-stdin.sh b/ansible/files/tuer/update-keys-from-stdin.sh
new file mode 100644 (file)
index 0000000..2a11eff
--- /dev/null
+++ b/ansible/files/tuer/update-keys-from-stdin.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+set -eu
+
+## this script takes keys on STDIN and programs teenstep eeprom
+
+MONIT_STOP="/etc/init.d/monit stop"
+MONIT_START="/etc/init.d/monit start"
+TUERDAEMON_STOP="/etc/init.d/tuer_core stop"
+TUERDAEMON_START="/etc/init.d/tuer_core start"
+UPDATE_KEYS_TOOL="/flash/tuer/update-keys /dev/door"
+
+## stop monit. it monit not installed or error. don't start monit again later
+${MONIT_STOP} || MONIT_START=""
+## stop door daemon.
+${TUERDAEMON_STOP}
+## give daemons time to stop
+sleep 1
+# pipe me keys to program plz
+${UPDATE_KEYS_TOOL}
+## start daemon again
+${TUERDAEMON_START}
+${MONIT_START}
+

diff --git a/ansible/tuer.yml b/ansible/tuer.yml
index 4b3bd7a..8183e5f 100644 (file)
--- a/ansible/tuer.yml
+++ b/ansible/tuer.yml
@@ -65,6 +65,7 @@
           - "-dropbear"
           - openssh-server
           - git
+          - sudo
 
         openwrt_mixin:
           # Go binaries
@@ -82,6 +83,10 @@
             mode: '0755'
             file: "{{ playbook_dir }}/files/tuer/authorized_keys.sh"
 
+          /usr/local/bin/update-keys-from-stdin.sh:
+            mode: '0755'
+            file: "{{ playbook_dir }}/files/tuer/update-keys-from-stdin.sh"
+
           /etc/ssh/sshd_config:
             content: |-
               Port 22000
@@ -107,6 +112,12 @@
               {{ key }}
               {% endfor %}
 
+          /etc/ssh/authorized_keys.d/tuergit:
+            content: |-
+              {% for key in noc_ssh_keys %}
+              {{ key }}
+              {% endfor %}
+
         openwrt_uci:
           network:
             - name: globals 'globals'
@@ -141,7 +152,7 @@
         openwrt_users:
           tuerd: {}
           tuergit:
-            home:  /var/tuer
+            home:  /home/tuergit
             shell: /usr/bin/git-shell
           tuerctl:
             shell: /bin/false # TODO fixme