heptapod: enable SSH CA
This commit is contained in:
parent
f1fcda810a
commit
c9bd0696ed
1 changed files with 12 additions and 0 deletions
|
@ -23,10 +23,22 @@ in pkgs.dockerTools.buildImage rec {
|
||||||
diskSize = 8192;
|
diskSize = 8192;
|
||||||
runAsRoot = ''
|
runAsRoot = ''
|
||||||
#!{pkgs.runtimeShell}
|
#!{pkgs.runtimeShell}
|
||||||
|
cat <<"EOF" >/sshd_ca.pub
|
||||||
|
${builtins.readFile ../../../ops/secrets/client-ca.pub}
|
||||||
|
EOF
|
||||||
cat <<"EOF" >/assets/wrapper_wrapper
|
cat <<"EOF" >/assets/wrapper_wrapper
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
/usr/bin/id hg || /usr/sbin/useradd -g $(id -u git) -u $(id -g git) -o -d /var/opt/gitlab -p "*" hg
|
/usr/bin/id hg || /usr/sbin/useradd -g $(id -u git) -u $(id -g git) -o -d /var/opt/gitlab -p "*" hg
|
||||||
/usr/bin/grep "AllowUsers git hg" /assets/sshd_config || /bin/sed -i "s/AllowUsers git/AllowUsers git hg/" /assets/sshd_config
|
/usr/bin/grep "AllowUsers git hg" /assets/sshd_config || /bin/sed -i "s/AllowUsers git/AllowUsers git hg/" /assets/sshd_config
|
||||||
|
/usr/bin/cat <<"EOC" >>/assets/sshd_config
|
||||||
|
TrustedUserCAKeys /sshd_ca.pub
|
||||||
|
Match User git
|
||||||
|
AuthorizedPrincipalsCommandUser root
|
||||||
|
AuthorizedPrincipalsCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-principals-check lukegb lukegb
|
||||||
|
Match User hg
|
||||||
|
AuthorizedPrincipalsCommandUser root
|
||||||
|
AuthorizedPrincipalsCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-principals-check lukegb lukegb
|
||||||
|
EOC
|
||||||
exec /assets/wrapper "$@"
|
exec /assets/wrapper "$@"
|
||||||
EOF
|
EOF
|
||||||
chmod ugo=rx /assets/wrapper_wrapper
|
chmod ugo=rx /assets/wrapper_wrapper
|
||||||
|
|
Loading…
Reference in a new issue