#!/usr/bin/env fish # load environment source (dirname (status --current-filename))/env # # # function definitions # # function checkUser set -l user $argv[1] cat /etc/passwd | grep -q -E "^$user:" return $status end function createUser set -l userConfig (string split ':' $argv[1]) set -l user $userConfig[1] set -l key $userConfig[2] checkUser "$user"; and return 0 echo "Setting up user: $user" if [ "$user" = git ] echo "Error: User git is reserved" return 1 end set -l HOME "/home/$user" # user is not restricted, this is done in ssh config with forceCommand # we need to be able to run a fish script to check for permissions adduser --home $HOME -D "$user" # add user to sudo group addgroup "$user" $_GIT_SUDO_GROUP # unlock account to allow ssh logins passwd -u "$user" mkdir "$HOME/.ssh" echo "$key" > "$HOME/.ssh/authorized_keys" chown -R $user "$HOME" chmod -R 700 "$HOME" end function setupGitUser checkUser "git"; and return 0 echo "Setting up git user" # git user has read/write access to all repos, set git-shell # and no password login allowed -> no ssh login possible adduser git -u $GIT_UID -D --shell "/usr/bin/git-shell" # group that is allowed to sudo addgroup $_GIT_SUDO_GROUP end function setupRepo set -l repoConfig $argv[1] set -l parsedConfig (string split ':' $repoConfig) set -l repo $parsedConfig[1] # check repo name set -l matcher (string match -r -g "^$_REPO_VALIDATION_REGEX\$" $repo) if test -z $matcher[1] echo "Failed to setup repo, invalid path/name: $repo" return 1 end # we assume all repos to be in /srv/repos set -l repoDir srv repos set repoDir /(string join -n '/' $repoDir (string split '/' $repo)) echo "Setting up repo: $repo" # write user as allowed into permission file for user in $parsedConfig[2..] echo "$repoDir:$user" >> $_REPO_PERMISSIONS_FILE end # setup repo dir if not test -d $repoDir mkdir -p $repoDir git init --bare $repoDir -b trunk end chown -R git:git "$repoDir" chmod -R 700 "$repoDir" end function runSSHDaemon echo "Setting up server" # generate host keys in case mkdir -p /var/ssh/etc/ssh/ && ssh-keygen -A -f /var/ssh # run ssh daemon /usr/sbin/sshd -D -e end # # # main # # argparse 'g/git-uid=?' 'u/user=+' 'r/repo=+' 'h/help' -- $argv or exit 1; if set -q _flag_h echo "Usage: $(status filename) [ OPTIONS ]..." echo -e "" echo -e "OPTIONS" echo -e "\t -h, --help \t\t Display this page" echo -e "\t -g, --git-uid \t\t UID of the git user that is used also as ownership for all repos" echo -e "\t -u, --user \t\t User setting in form of :" echo -e "\t -r, --repo \t\t Repo setting in form of :. You can add as many users as you want. Currently if a user is allowed he has all permissions read/write" echo -e "" return end # read variables set -l users $_flag_u for user in (set -n | string match -r "^USER_\S+") set users $users (eval echo \$$user) end set -l repos $_flag_r for repo in (set -n | string match -r "^REPO_\S+") set repos $repos (eval echo \$$repo) end if set -q $_flag_g set GIT_UID $_flag_g end # Setup users setupGitUser for userConfig in $users createUser "$userConfig" end # Setup repos echo > $_REPO_PERMISSIONS_FILE for repoConfig in $repos setupRepo "$repoConfig" end # create writable log file touch $LOG && chmod 777 $LOG runSSHDaemon