pages/setup-key.sh

54 lines
1.3 KiB
Bash
Raw Normal View History

2023-10-17 17:28:19 +02:00
#! /bin/bash
# This script creates a new ssh key-pair and sets it up to be able to deploy to a specific directory only
# Abort on any mistake
set -e
# configurable constants for this script
KEY_DIR=/var/lib/pages-manager/keys/
PAGES_USER=pages
DEPLOY_SCRIPT=/home/${PAGES_USER}/deploy.sh
mkdir -p "${KEY_DIR}"
if [ "$#" -ne 2 ]; then
echo "Usage: $0 OWNER REPOSITORY"
2023-10-17 17:28:19 +02:00
fi
OWNER=$1
REPOSITORY=$2
2023-10-17 17:28:19 +02:00
KEYFILE="${KEY_DIR}/id_${OWNER}.${REPOSITORY}"
2023-10-17 17:28:19 +02:00
if [ -e "${KEYFILE}" ]; then
echo "Found existing key in ${KEYFILE}, aborting."
echo "Printing private key:"
cat "${KEYFILE}"
exit 1
fi
2023-10-19 13:50:47 +02:00
URL="https://git.abstractnonsen.se/${OWNER}/${REPOSITORY}"
if curl --output /dev/null --silent --head --fail "${URL}"; then
read -p -n 1 -r "Url ${URL} is not (publicly) accessible, are you sure you want to continue? [y/N] "
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
exit 1
fi
fi
2023-10-17 17:28:19 +02:00
mkdir -p "${KEY_DIR}"
chmod 700 "${KEY_DIR}"
# generate key
ssh-keygen -t ed25519 -f "${KEYFILE}" -N "" -C "deployment key for ${OWNER}/${REPOSITORY}" > /dev/null
2023-10-17 17:28:19 +02:00
# add public key
echo "command=\"${DEPLOY_SCRIPT} ${OWNER} ${REPOSITORY}\",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty,no-user-rc,restrict $(cat ${KEYFILE}.pub)" >> "/home/${PAGES_USER}/.ssh/authorized_keys"
2023-10-17 17:28:19 +02:00
echo "Generate and configured new key in ${KEYFILE}"
echo "Printing private key:"
cat "${KEYFILE}"
exit 0