2023-10-17 17:28:19 +02:00
|
|
|
#! /bin/bash
|
|
|
|
# This script creates a new ssh key-pair and sets it up to be able to deploy to a specific directory only
|
|
|
|
|
|
|
|
# Abort on any mistake
|
|
|
|
set -e
|
|
|
|
|
|
|
|
# configurable constants for this script
|
|
|
|
KEY_DIR=/var/lib/pages-manager/keys/
|
|
|
|
PAGES_USER=pages
|
|
|
|
DEPLOY_SCRIPT=/home/${PAGES_USER}/deploy.sh
|
|
|
|
|
|
|
|
mkdir -p "${KEY_DIR}"
|
|
|
|
|
|
|
|
|
2023-10-17 23:35:57 +02:00
|
|
|
if [ "$#" -ne 2 ]; then
|
|
|
|
echo "Usage: $0 OWNER REPOSITORY"
|
2023-10-17 17:28:19 +02:00
|
|
|
fi
|
|
|
|
|
2023-10-17 23:35:57 +02:00
|
|
|
OWNER=$1
|
|
|
|
REPOSITORY=$2
|
2023-10-17 17:28:19 +02:00
|
|
|
|
2023-10-17 23:35:57 +02:00
|
|
|
KEYFILE="${KEY_DIR}/id_${OWNER}.${REPOSITORY}"
|
2023-10-17 17:28:19 +02:00
|
|
|
|
|
|
|
if [ -e "${KEYFILE}" ]; then
|
|
|
|
echo "Found existing key in ${KEYFILE}, aborting."
|
|
|
|
echo "Printing private key:"
|
|
|
|
cat "${KEYFILE}"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2023-10-19 13:50:47 +02:00
|
|
|
URL="https://git.abstractnonsen.se/${OWNER}/${REPOSITORY}"
|
|
|
|
if curl --output /dev/null --silent --head --fail "${URL}"; then
|
|
|
|
read -p -n 1 -r "Url ${URL} is not (publicly) accessible, are you sure you want to continue? [y/N] "
|
|
|
|
echo
|
|
|
|
if [[ ! $REPLY =~ ^[Yy]$ ]]
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2023-10-17 17:28:19 +02:00
|
|
|
mkdir -p "${KEY_DIR}"
|
|
|
|
chmod 700 "${KEY_DIR}"
|
|
|
|
|
|
|
|
# generate key
|
2023-10-17 23:35:57 +02:00
|
|
|
ssh-keygen -t ed25519 -f "${KEYFILE}" -N "" -C "deployment key for ${OWNER}/${REPOSITORY}" > /dev/null
|
2023-10-17 17:28:19 +02:00
|
|
|
|
|
|
|
# add public key
|
2023-10-17 23:35:57 +02:00
|
|
|
echo "command=\"${DEPLOY_SCRIPT} ${OWNER} ${REPOSITORY}\",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty,no-user-rc,restrict $(cat ${KEYFILE}.pub)" >> "/home/${PAGES_USER}/.ssh/authorized_keys"
|
2023-10-17 17:28:19 +02:00
|
|
|
|
|
|
|
echo "Generate and configured new key in ${KEYFILE}"
|
|
|
|
echo "Printing private key:"
|
|
|
|
cat "${KEYFILE}"
|
|
|
|
exit 0
|
|
|
|
|