mirror of
https://github.com/Ravinou/borgwarehouse
synced 2024-05-15 20:16:50 +02:00
feat: updateRepo with single Unix user and unique SSH pubkey
This commit is contained in:
parent
a735144a55
commit
eace07ed9a
67
helpers/shells/updateRepo.sh
Executable file → Normal file
67
helpers/shells/updateRepo.sh
Executable file → Normal file
|
@ -1,20 +1,25 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# Shell created by Raven for BorgWarehouse.
|
||||
# This shell takes 2 args : [user] [new SSH pub key] [quota]
|
||||
# This shell updates the ssh key for a repository.
|
||||
# This shell takes 3 args: [repositoryName] [new SSH pub key] [quota]
|
||||
# This shell updates the SSH key and the quota for a repository.
|
||||
|
||||
# Exit when any command fails
|
||||
set -e
|
||||
|
||||
# Check args
|
||||
if [ "$1" == "" ] || [ "$2" == "" ] || [ "$3" == "" ];then
|
||||
echo "This shell takes 3 args : [user] [new SSH pub key] [quota]"
|
||||
exit 1
|
||||
# Load .env if exists
|
||||
if [[ -f .env ]]; then
|
||||
source .env
|
||||
fi
|
||||
|
||||
# Some variables
|
||||
home="/var/borgwarehouse/$1"
|
||||
# Default value if .env not exists
|
||||
: "${home:=/home/borgwarehouse}"
|
||||
|
||||
# Check args
|
||||
if [ "$1" == "" ] || [ "$2" == "" ] || [ "$3" == "" ]; then
|
||||
echo "This shell takes 3 args: [repositoryName] [new SSH pub key] [quota]"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Check if the SSH public key is a valid format
|
||||
# This pattern validates SSH public keys for : rsa, ed25519, ed25519-sk
|
||||
|
@ -25,23 +30,43 @@ then
|
|||
exit 2
|
||||
fi
|
||||
|
||||
# Check if username length is 8 char. With createRepo.sh our randoms have a length of 8 characters.
|
||||
# If we receive another length there is necessarily a problem.
|
||||
username=$1
|
||||
if [ ${#username} != 8 ]
|
||||
then
|
||||
echo "Error with the length of the username."
|
||||
# Check if repositoryName length is 8 char. With createRepo.sh our randoms have a length of 8 characters.
|
||||
# If we receive another length, there is necessarily a problem.
|
||||
repositoryName=$1
|
||||
if [ ${#repositoryName} != 8 ]; then
|
||||
echo "Error with the length of the repositoryName."
|
||||
exit 3
|
||||
fi
|
||||
|
||||
# Check if the user exists
|
||||
if ! id "$1" &>/dev/null; then
|
||||
echo "The user $1 does not exist"
|
||||
# Check if a line in authorized_keys contains repository_name
|
||||
if ! grep -q "command=\".*${repositoryName}.*\",restrict" "$home/.ssh/authorized_keys"; then
|
||||
echo "No line containing $repositoryName found in authorized_keys"
|
||||
exit 4
|
||||
fi
|
||||
|
||||
# Modify authorized_keys for the user : only the ssh key is modify with this regex
|
||||
sudo sed -ri "s|(command=\".*\",restrict ).*|\1$2|g" "$home/.ssh/authorized_keys"
|
||||
# Check if the new SSH pub key is already present on a line OTHER than the one corresponding to repositoryName
|
||||
found=false
|
||||
regex="command=\".*${repositoryName}.*\",restrict"
|
||||
while IFS= read -r line; do
|
||||
if [[ $line =~ $pattern ]]; then
|
||||
# Get the SSH pub key of the line (ignore the comment)
|
||||
key1=$(echo ${BASH_REMATCH[0]} | awk '{print $1 " " $2}')
|
||||
# Get the SSH pub key of the new SSH pub key (ignore the comment)
|
||||
key2=$(echo "$2" | awk '{print $1 " " $2}')
|
||||
|
||||
if [ "$key1" == "$key2" ]; then
|
||||
# If the SSH pub key is already present on a line other than the one corresponding to repositoryName
|
||||
if [[ ! $line =~ $regex ]]; then
|
||||
found=true
|
||||
break
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
done < "$home/.ssh/authorized_keys"
|
||||
if [ "$found" = true ]; then
|
||||
echo "The new SSH pub key $2 is already present in authorized_keys on a different line."
|
||||
exit 5
|
||||
fi
|
||||
|
||||
# Modify authorized_keys for the user : only the quota is modify with this regex
|
||||
sudo sed -ri "s|--storage-quota.*\"|--storage-quota $3G\"|g" "$home/.ssh/authorized_keys"
|
||||
# Modify authorized_keys for the repositoryName: update the line with the quota and the SSH pub key
|
||||
sudo sed -ri "s|(command=\".*${repositoryName}.*--storage-quota ).*G\",restrict .*|\\1$3G\",restrict $2|g" "$home/.ssh/authorized_keys"
|
Loading…
Reference in a new issue