From ac8dd6f517b3e695ce8c508e054f5234cd57cba1 Mon Sep 17 00:00:00 2001 From: nicoo Date: Mon, 21 May 2018 00:22:56 +0200 Subject: [PATCH] tuer: Add stuff for tuergit --- ansible/files/tuer/authorized_keys.sh | 2 +- ansible/files/tuer/post-receive | 28 ++++++++++++++++++++++++++ ansible/files/tuer/update-keys-from-stdin.sh | 23 +++++++++++++++++++++ ansible/tuer.yml | 13 +++++++++++- 4 files changed, 64 insertions(+), 2 deletions(-) create mode 100755 ansible/files/tuer/post-receive create mode 100644 ansible/files/tuer/update-keys-from-stdin.sh diff --git a/ansible/files/tuer/authorized_keys.sh b/ansible/files/tuer/authorized_keys.sh index 359f9d6..79ed2b5 100755 --- a/ansible/files/tuer/authorized_keys.sh +++ b/ansible/files/tuer/authorized_keys.sh @@ -22,7 +22,7 @@ set -e -KEYS_DIR=${KEYS_DIR:-'/var/tuer/keys.git'} +KEYS_DIR=${KEYS_DIR:-'/home/tuergit/keys.git'} KEYS_OPTIONS='no-port-forwarding' cd "${KEYS_DIR}" diff --git a/ansible/files/tuer/post-receive b/ansible/files/tuer/post-receive new file mode 100755 index 0000000..57f7b2c --- /dev/null +++ b/ansible/files/tuer/post-receive @@ -0,0 +1,28 @@ +#!/bin/sh +## (c) Bernhard Tittelbach 2017-10-28, Tschunk-License +## (c) nicoo 2018-05-20, Tschunk-License +## this is the post-recieve hook installed in /home/tuergit/keys.git/hooks/ + +set -eu + +keys_branch=$(git config hooks.keys_branch 2>/dev/null) +keys_file=$(git config hooks.keys_file 2>/dev/null) +keys_pipe_to=$(git config hooks.keys_pipe_to 2>/dev/null) + +keys_branch=${keys_branch:-master} +keys_file=${keys_file:-keys} +keys_pipe_to=${keys_pipe_to:-/usr/local/bin/update-keys-from-stdin.sh} + +changedcommits=$( grep "refs/heads/${keys_branch}" | sed 's/\([0-9a-f]\+\)\s\+\([0-9a-f]\+\)\s\+.*/\1..\2/;' ) + +catgitkeyfile() { + git show "${keys_branch}:${keys_file}" +} + +if git whatchanged --oneline $changedcommits | grep -qe "^:.*${keys_file}\$"; then + echo "./$keys_file changed in pushed commits. Updating keys in firmware!" + ## update door + catgitkeyfile | ${keys_pipe_to} +else + echo "./$keys_file not changed, not updating keys in firmware" +fi diff --git a/ansible/files/tuer/update-keys-from-stdin.sh b/ansible/files/tuer/update-keys-from-stdin.sh new file mode 100644 index 0000000..2a11eff --- /dev/null +++ b/ansible/files/tuer/update-keys-from-stdin.sh @@ -0,0 +1,23 @@ +#!/bin/sh +set -eu + +## this script takes keys on STDIN and programs teenstep eeprom + +MONIT_STOP="/etc/init.d/monit stop" +MONIT_START="/etc/init.d/monit start" +TUERDAEMON_STOP="/etc/init.d/tuer_core stop" +TUERDAEMON_START="/etc/init.d/tuer_core start" +UPDATE_KEYS_TOOL="/flash/tuer/update-keys /dev/door" + +## stop monit. it monit not installed or error. don't start monit again later +${MONIT_STOP} || MONIT_START="" +## stop door daemon. +${TUERDAEMON_STOP} +## give daemons time to stop +sleep 1 +# pipe me keys to program plz +${UPDATE_KEYS_TOOL} +## start daemon again +${TUERDAEMON_START} +${MONIT_START} + diff --git a/ansible/tuer.yml b/ansible/tuer.yml index 4b3bd7a..8183e5f 100644 --- a/ansible/tuer.yml +++ b/ansible/tuer.yml @@ -65,6 +65,7 @@ - "-dropbear" - openssh-server - git + - sudo openwrt_mixin: # Go binaries @@ -82,6 +83,10 @@ mode: '0755' file: "{{ playbook_dir }}/files/tuer/authorized_keys.sh" + /usr/local/bin/update-keys-from-stdin.sh: + mode: '0755' + file: "{{ playbook_dir }}/files/tuer/update-keys-from-stdin.sh" + /etc/ssh/sshd_config: content: |- Port 22000 @@ -107,6 +112,12 @@ {{ key }} {% endfor %} + /etc/ssh/authorized_keys.d/tuergit: + content: |- + {% for key in noc_ssh_keys %} + {{ key }} + {% endfor %} + openwrt_uci: network: - name: globals 'globals' @@ -141,7 +152,7 @@ openwrt_users: tuerd: {} tuergit: - home: /var/tuer + home: /home/tuergit shell: /usr/bin/git-shell tuerctl: shell: /bin/false # TODO fixme -- 1.7.10.4