diff --git a/.gitignore b/.gitignore index 73d8e5b..52cdf55 100644 --- a/.gitignore +++ b/.gitignore @@ -105,6 +105,6 @@ dist # local env files - .env*.local - config/repo.json - config/users.json +.env*.local +config/repo.json +config/users.json diff --git a/config/repo.json b/config/repo.json deleted file mode 100644 index fe51488..0000000 --- a/config/repo.json +++ /dev/null @@ -1 +0,0 @@ -[] diff --git a/config/users.json b/config/users.json deleted file mode 100644 index 49ee0e8..0000000 --- a/config/users.json +++ /dev/null @@ -1 +0,0 @@ -[{"id":0,"email":"admin@demo.fr","username":"admin","password":"$2a$12$20yqRnuaDBH6AE0EvIUcEOzqkuBtn1wDzJdw2Beg8w9S.vEqdso0a","roles":["admin"]}] \ No newline at end of file diff --git a/helpers/shells/createRepo.sh b/helpers/shells/createRepo.sh old mode 100644 new mode 100755 index efead9c..81bad5c --- a/helpers/shells/createRepo.sh +++ b/helpers/shells/createRepo.sh @@ -28,7 +28,7 @@ fi # This pattern validates SSH public keys for : rsa, ed25519, ed25519-sk pattern='(ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t|ssh-rsa AAAAB3NzaC1yc2)[0-9A-Za-z+/]+[=]{0,3}(\s.*)?' if [[ ! "$2" =~ $pattern ]] -then +then echo "Invalid public SSH KEY format. Provide a key in OpenSSH format (rsa, ed25519, ed25519-sk)" exit 2 fi @@ -65,9 +65,6 @@ sudo mkdir -p ${home}/.ssh ## Create autorized_keys file sudo touch ${home}/.ssh/authorized_keys -## Create ${pool} -sudo mkdir -p ${pool} - ## Create the repo sudo mkdir -p "${pool}/$1" @@ -79,12 +76,13 @@ if [ ! -f "${authorized_keys}" ];then fi ## Change permissions -sudo chmod -R 700 ${home} +sudo chmod -R 750 ${home} sudo chmod 600 ${authorized_keys} -sudo chown -R ${user}:${user} ${home} +sudo chown -R ${user}:borgwarehouse ${home} ## Add ssh public key in authorized_keys with borg restriction for only 1 repository (:$1) and storage quota -sudo -u ${user} bash -c "echo 'command=\"cd ${pool};borg serve --restrict-to-repository ${pool}/$1 --storage-quota $3G\",restrict $2' >> ${authorized_keys}" +restricted_authkeys="command=\"cd ${pool};borg serve --restrict-to-repository ${pool}/$1 --storage-quota $3G\",restrict $2" +echo "$restricted_authkeys" | sudo tee ${authorized_keys} >/dev/null ## Return the unix user -echo ${user} \ No newline at end of file +echo ${user} diff --git a/helpers/shells/deleteRepo.sh b/helpers/shells/deleteRepo.sh old mode 100644 new mode 100755 index ed6e31e..d95babe --- a/helpers/shells/deleteRepo.sh +++ b/helpers/shells/deleteRepo.sh @@ -8,7 +8,7 @@ set -e # Check arg -if [ "$1" == "" ];then +if [[ $# -ne 1 || $1 = "" ]]; then echo "You must provide a username in argument." exit 1 fi @@ -23,11 +23,10 @@ then fi # Delete the user if it exists -if sudo grep -q $1 /etc/passwd -then +if id "$1" &>/dev/null; then sudo userdel -rf $1 echo "The user $1 and all his data have been deleted" else echo "The user $1 does not exist" exit 3 -fi \ No newline at end of file +fi diff --git a/helpers/shells/getLastSave.sh b/helpers/shells/getLastSave.sh old mode 100644 new mode 100755 index 5db9f18..42c7445 --- a/helpers/shells/getLastSave.sh +++ b/helpers/shells/getLastSave.sh @@ -22,4 +22,4 @@ # Exit when any command fails set -e -sudo bash -c 'stat -c {\"user\":\"%U\",\"lastSave\":%Y\} /var/borgwarehouse/*/repos/*/integrity* | jq -s' \ No newline at end of file +stat -c {\"user\":\"%U\",\"lastSave\":%Y\} /var/borgwarehouse/*/repos/*/integrity* | jq -s diff --git a/helpers/shells/getStorageUsed.sh b/helpers/shells/getStorageUsed.sh old mode 100644 new mode 100755 index cc6a343..4b9c095 --- a/helpers/shells/getStorageUsed.sh +++ b/helpers/shells/getStorageUsed.sh @@ -16,4 +16,4 @@ set -e # Use jc to output a JSON format with du command cd /var/borgwarehouse -sudo jc du -s * \ No newline at end of file +jc du -s * diff --git a/helpers/shells/updateRepo.sh b/helpers/shells/updateRepo.sh old mode 100644 new mode 100755 index cfda086..0e57d34 --- a/helpers/shells/updateRepo.sh +++ b/helpers/shells/updateRepo.sh @@ -20,7 +20,7 @@ home="/var/borgwarehouse/$1" # This pattern validates SSH public keys for : rsa, ed25519, ed25519-sk pattern='(ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t|ssh-rsa AAAAB3NzaC1yc2)[0-9A-Za-z+/]+[=]{0,3}(\s.*)?' if [[ ! "$2" =~ $pattern ]] -then +then echo "Invalid public SSH KEY format. Provide a key in OpenSSH format (rsa, ed25519, ed25519-sk)" exit 2 fi @@ -35,8 +35,7 @@ then fi # Check if the user exists -if ! sudo grep -q $1 /etc/passwd -then +if ! id "$1" &>/dev/null; then echo "The user $1 does not exist" exit 4 fi @@ -45,4 +44,4 @@ fi sudo sed -ri "s|(command=\".*\",restrict ).*|\1$2|g" "$home/.ssh/authorized_keys" # Modify authorized_keys for the user : only the quota is modify with this regex -sudo sed -ri "s|--storage-quota.*\"|--storage-quota $3G\"|g" "$home/.ssh/authorized_keys" \ No newline at end of file +sudo sed -ri "s|--storage-quota.*\"|--storage-quota $3G\"|g" "$home/.ssh/authorized_keys"