blob: f2ea8de70134fabb842c701748dbb5ff2f089e03 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
#!/usr/bin/env fish
# load environment
source (dirname (status --current-filename))/env
#
#
# function definitions
#
#
function checkUser
set -l user $argv[1]
cat /etc/passwd | grep -q -E "^$user:"
return $status
end
function createUser
set -l userConfig (string split ':' $argv[1])
set -l user $userConfig[1]
set -l key $userConfig[2]
checkUser "$user"; and return 0
echo "Setting up user: $user"
if [ "$user" = git ]
echo "Error: User git is reserved"
return 1
end
set -l HOME "/home/$user"
# user is not restricted, this is done in ssh config with forceCommand
# we need to be able to run a fish script to check for permissions
adduser --home $HOME -D "$user"
# add user to sudo group
addgroup "$user" $_GIT_SUDO_GROUP
# unlock account to allow ssh logins
passwd -u "$user"
mkdir "$HOME/.ssh"
echo "$key" > "$HOME/.ssh/authorized_keys"
chown -R $user "$HOME"
chmod -R 700 "$HOME"
end
function setupGitUser
checkUser "git"; and return 0
echo "Setting up git user"
# git user has read/write access to all repos, set git-shell
# and no password login allowed -> no ssh login possible
adduser git -u $GIT_UID -D --shell "/usr/bin/git-shell"
# group that is allowed to sudo
addgroup $_GIT_SUDO_GROUP
end
function setupRepo
set -l repoConfig $argv[1]
set -l parsedConfig (string split ':' -- $repoConfig)
set -l repo $parsedConfig[1]
# check repo name
set -l matcher (string match -r -g "^$_REPO_VALIDATION_REGEX\$" -- $repo)
if test -z $matcher[1]
echo "Failed to setup repo, invalid config: $repoConfig"
return 1
end
# we assume all repos to be in /srv/repos
set -l repoDir srv repos
set repoDir /(string join -n '/' $repoDir (string split '/' $repo))
echo "Setting up repo: $repo"
# write user as allowed into permission file
for user in $parsedConfig[2..]
echo "$repoDir:$user" >> $_REPO_PERMISSIONS_FILE
end
# setup repo dir
if not test -d $repoDir
mkdir -p $repoDir
git init --bare $repoDir -b trunk
end
chown -R git:git "$repoDir"
chmod -R 700 "$repoDir"
end
function runSSHDaemon
echo "Setting up server"
# generate host keys in case
mkdir -p /var/ssh/etc/ssh/ && ssh-keygen -A -f /var/ssh
# run ssh daemon
/usr/sbin/sshd -D -e
end
#
#
# main
#
#
argparse 'g/git-uid=?' 'u/user=+' 'r/repo=+' 'h/help' -- $argv
or exit 1;
if set -q _flag_h
echo "Usage: $(status filename) [ OPTIONS ]..."
echo -e ""
echo -e "OPTIONS"
echo -e "\t -h, --help \t\t Display this page"
echo -e "\t -g, --git-uid \t\t UID of the git user that is used also as ownership for all repos"
echo -e "\t -u, --user \t\t User setting in form of <user-name>:<public-key>"
echo -e "\t -r, --repo \t\t Repo setting in form of <repo-path>:<allowed-user1>. You can add as many users as you want. Currently if a user is allowed he has all permissions read/write"
echo -e ""
return
end
# read variables
set -l users $_flag_u
for user in (set -n | string match -r "^USER_\S+")
set users $users (eval echo \$$user)
end
set -l repos $_flag_r
for repo in (set -n | string match -r "^REPO_\S+")
set repos $repos (eval echo \$$repo)
end
if set -q $_flag_g
set GIT_UID $_flag_g
end
# Setup users
setupGitUser
for userConfig in $users
createUser "$userConfig"
end
# Setup repos
echo > $_REPO_PERMISSIONS_FILE
for repoConfig in $repos
setupRepo "$repoConfig"
end
# create writable log file for run script
touch $_LOG && chmod 777 $_LOG
runSSHDaemon
|