diff options
| author | 2025-10-20 10:20:42 +0200 | |
|---|---|---|
| committer | 2025-10-20 10:20:42 +0200 | |
| commit | 9d9355a379f8a9922645ecd87b66f68acbb6bc89 (patch) | |
| tree | 3491b69ae5d327556f0e5d4bd732ec6208746ece /src/init | |
| parent | baaa4d83c98b42a1df98e70b972774ad8f5b8ead (diff) | |
Moved files to src and renamed variables
Diffstat (limited to 'src/init')
| -rwxr-xr-x | src/init | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/src/init b/src/init new file mode 100755 index 0000000..61ab8a1 --- /dev/null +++ b/src/init @@ -0,0 +1,119 @@ +#!/usr/bin/env fish + +# +# +# function definitions +# +# + +set REPO_PERMISSIONS_FILE /etc/repo-permissions +set REPO_VALIDATION_REGEX "^((?:\/[a-zA-Z-]+)+.git)\$" + +function createUser + set -l userConfig (string split ':' $argv[1]) + set -l user $userConfig[1] + set -l key $userConfig[2] + echo "Setting up user: $user" + if [ "$user" = git ] + echo "Error: User git is reserved" + return 1 + end + + set -l HOME "/home/$user" + # user is not restricted, this is done in ssh config with forceCommand + # we need to be able to run a fish script to check for permissions + adduser --home $HOME -D "$user" + # unlock account to allow ssh logins + passwd -u "$user" + mkdir "$HOME/.ssh" + echo "$key" > "$HOME/.ssh/authorized_keys" + chown -R $user "$HOME" + chmod -R 700 "$HOME" +end + +function setupRepo + set -l repoConfig $argv[1] + set -l parsedConfig (string split ':' $repoConfig) + set -l repo $parsedConfig[1] + + # check repo name + set -l matcher (string match -r -g $REPO_VALIDATION_REGEX $repo) + if test -z $matcher[1] + echo "Invalid repo name $repo" + return 1 + end + + # we assume all repos to be in /srv/repos + set -l repoDir srv repos + set repoDir /(string join -n '/' $repoDir (string split '/' $repo)) + echo "Setting up repo: $repo" + + # write user as allowed into permission file + for user in $parsedConfig[2..] + echo "$repoDir:$user" >> $REPO_PERMISSIONS_FILE + end + + # setup repo dir + if not test -d $repoDir + mkdir -p $repoDir + git init --bare $repoDir -b trunk + end + chown -R git:git "$repoDir" + chmod -R 700 "$repoDir" +end + +# +# +# main +# +# + +argparse 'g/git-uid=?' 'u/user=+' 'r/repo=+' 'h/help' -- $argv +or exit 1; + +if set -q _flag_h + echo "Usage: $(status filename) [ OPTIONS ]..." + echo -e "" + echo -e "OPTIONS" + echo -e "\t -h, --help \t\t Display this page" + echo -e "\t -g, --git-uid \t\t UID of the git user that is used also as ownership for all repos" + echo -e "\t -u, --user \t\t User setting in form of <user-name>:<public-key>" + echo -e "\t -r, --repo \t\t Repo setting in form of <repo-path>:<allowed-user1>. You can add as many users as you want. Currently if a user is allowed he has all permissions read/write" + echo -e "" + return +end + +# read environment variables +set -l users $_flag_u +for user in (set -n | string match -r "^USER_\S+") + set users $users (eval echo \$$user) +end + +set -l repos $_flag_r +for repo in (set -n | string match -r "^REPO_\S+") + set repos $repos (eval echo \$$repo) +end + +if set -q $_flag_g + set GIT_UID $_flag_g +end + +# Setup users +# git user has read/write access to all repos, set git-shell +# and no password login allowed -> no ssh login possible +adduser git -u $GIT_UID -D --shell "/usr/bin/git-shell" +for userConfig in $users + createUser "$userConfig" +end + +# Setup repos +echo > $REPO_PERMISSIONS_FILE +for repoConfig in $repos + setupRepo "$repoConfig" +end + +echo "Setting up server" +# generate host keys in case +mkdir -p /var/ssh/etc/ssh/ && ssh-keygen -A -f /var/ssh +# run ssh daemon +/usr/sbin/sshd -D -e |
