Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dependabot/pip/ansible-9.4.0
dependabot/github_actions/actions/setup-python-5.1.0
fix/14704
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f0d0e91be0'
${ noResults }
algo/files/cloud-init/base.sh

42 lines
1.0 KiB
Bash
Raw Normal View History Unescape Escape

Change default SSH port and introduce cloud-init support (#1636) * Change default SSH port * Iptables to ansible_ssh_port * Add Scaleway * permissions and groups fixes * update firewall docs * SSH fixes * add missing cloudinit to cloud-azure * remove ansible_ssh_user from the tests * congrats message fix
4 years ago
#!/bin/bash
Refactor cloud-init/base.sh (#1797) * Refactor cloud-init/base.sh * Pass shellcheck * Use variable for username * Fix issues with umask and sudo * Simplify until loops * Use literal algo for filename in /etc/sudoers.d/10-algo-user
4 years ago
set -euxo pipefail
Change default SSH port and introduce cloud-init support (#1636) * Change default SSH port * Iptables to ansible_ssh_port * Add Scaleway * permissions and groups fixes * update firewall docs * SSH fixes * add missing cloudinit to cloud-azure * remove ansible_ssh_user from the tests * congrats message fix
4 years ago
Refactor cloud-init/base.sh (#1797) * Refactor cloud-init/base.sh * Pass shellcheck * Use variable for username * Fix issues with umask and sudo * Simplify until loops * Use literal algo for filename in /etc/sudoers.d/10-algo-user
4 years ago
readonly user='algo'
export DEBIAN_FRONTEND='noninteractive'
until which sudo; do
apt-get update -qq
apt-get install -qqf --install-suggests sudo
sleep 3
apt locking fixes (#1685)
4 years ago
done
Change default SSH port and introduce cloud-init support (#1636) * Change default SSH port * Iptables to ansible_ssh_port * Add Scaleway * permissions and groups fixes * update firewall docs * SSH fixes * add missing cloudinit to cloud-azure * remove ansible_ssh_user from the tests * congrats message fix
4 years ago
Refactor cloud-init/base.sh (#1797) * Refactor cloud-init/base.sh * Pass shellcheck * Use variable for username * Fix issues with umask and sudo * Simplify until loops * Use literal algo for filename in /etc/sudoers.d/10-algo-user
4 years ago
getent passwd "${user}" \
|| useradd -m -d "/home/${user}" -s /bin/bash -G adm -p '!' "${user}"
(
umask 0337 \
&& printf '%s\n' "${user} ALL=(ALL) NOPASSWD:ALL" \
>"/etc/sudoers.d/10-algo-user"
)
printf "{{ lookup('template', 'files/cloud-init/sshd_config') }}\n" \
>/etc/ssh/sshd_config
Change default SSH port and introduce cloud-init support (#1636) * Change default SSH port * Iptables to ansible_ssh_port * Add Scaleway * permissions and groups fixes * update firewall docs * SSH fixes * add missing cloudinit to cloud-azure * remove ansible_ssh_user from the tests * congrats message fix
4 years ago
Refactor cloud-init/base.sh (#1797) * Refactor cloud-init/base.sh * Pass shellcheck * Use variable for username * Fix issues with umask and sudo * Simplify until loops * Use literal algo for filename in /etc/sudoers.d/10-algo-user
4 years ago
# This should be idempotent; correct permsission on .ssh dir if exists
install -o "${user}" -g "${user}" -m 0700 -d "/home/${user}/.ssh"
Change default SSH port and introduce cloud-init support (#1636) * Change default SSH port * Iptables to ansible_ssh_port * Add Scaleway * permissions and groups fixes * update firewall docs * SSH fixes * add missing cloudinit to cloud-azure * remove ansible_ssh_user from the tests * congrats message fix
4 years ago
Refactor cloud-init/base.sh (#1797) * Refactor cloud-init/base.sh * Pass shellcheck * Use variable for username * Fix issues with umask and sudo * Simplify until loops * Use literal algo for filename in /etc/sudoers.d/10-algo-user
4 years ago
# umask does not reliably work with sudo
install -o "${user}" -g "${user}" -m 0600 \
/dev/null "/home/${user}/.ssh/authorized_keys"
Change default SSH port and introduce cloud-init support (#1636) * Change default SSH port * Iptables to ansible_ssh_port * Add Scaleway * permissions and groups fixes * update firewall docs * SSH fixes * add missing cloudinit to cloud-azure * remove ansible_ssh_user from the tests * congrats message fix
4 years ago
Refactor cloud-init/base.sh (#1797) * Refactor cloud-init/base.sh * Pass shellcheck * Use variable for username * Fix issues with umask and sudo * Simplify until loops * Use literal algo for filename in /etc/sudoers.d/10-algo-user
4 years ago
printf "{{ lookup('file', '{{ SSH_keys.public }}') }}\n" \
>"/home/${user}/.ssh/authorized_keys"
Change default SSH port and introduce cloud-init support (#1636) * Change default SSH port * Iptables to ansible_ssh_port * Add Scaleway * permissions and groups fixes * update firewall docs * SSH fixes * add missing cloudinit to cloud-azure * remove ansible_ssh_user from the tests * congrats message fix
4 years ago
Refactor cloud-init/base.sh (#1797) * Refactor cloud-init/base.sh * Pass shellcheck * Use variable for username * Fix issues with umask and sudo * Simplify until loops * Use literal algo for filename in /etc/sudoers.d/10-algo-user
4 years ago
until ! dpkg -l sshguard; do
apt-get remove -qq --purge sshguard
sleep 3
done || :
apt locking fixes (#1685)
4 years ago
Change default SSH port and introduce cloud-init support (#1636) * Change default SSH port * Iptables to ansible_ssh_port * Add Scaleway * permissions and groups fixes * update firewall docs * SSH fixes * add missing cloudinit to cloud-azure * remove ansible_ssh_user from the tests * congrats message fix
4 years ago
systemctl restart sshd.service