wip
This commit is contained in:
mwiegand
parent
1abc99b6f8
commit
1030fe95e0
4 changed files with 55 additions and 39 deletions
|
|
@ -1,35 +1,29 @@
|
|||
from os.path import join, exists
|
||||
for group, config in node.metadata.get('groups', {}).items():
|
||||
groups[group] = config
|
||||
|
||||
for group, attrs in node.metadata.get('groups', {}).items():
|
||||
groups[group] = attrs
|
||||
|
||||
for username, attrs in node.metadata['users'].items():
|
||||
home = attrs.get('home', '/home/{}'.format(username))
|
||||
|
||||
user = users.setdefault(username, {})
|
||||
|
||||
user['home'] = home
|
||||
user['shell'] = attrs.get('shell', '/bin/bash')
|
||||
|
||||
if 'password' in attrs:
|
||||
user['password'] = attrs['password']
|
||||
else:
|
||||
user['password_hash'] = 'x' if node.use_shadow_passwords else '*'
|
||||
|
||||
if 'groups' in attrs:
|
||||
user['groups'] = attrs['groups']
|
||||
|
||||
directories[home] = {
|
||||
'owner': username,
|
||||
'mode': attrs.get('home-mode', '0700'),
|
||||
for name, config in node.metadata.get('users').items():
|
||||
users[name] = {
|
||||
k:v for k,v in config.items() if k in [
|
||||
"full_name", "gid", "groups", "home", "password_hash", "shell", "uid",
|
||||
]
|
||||
}
|
||||
|
||||
if 'ssh_pubkey' in attrs:
|
||||
files[home + '/.ssh/authorized_keys'] = {
|
||||
'content': '\n'.join(sorted(attrs['ssh_pubkey'])) + '\n',
|
||||
'owner': username,
|
||||
'mode': '0600',
|
||||
}
|
||||
directories[config['home']] = {
|
||||
'owner': name,
|
||||
}
|
||||
|
||||
elif not attrs.get('do_not_remove_authorized_keys_from_home', False):
|
||||
files[home + '/.ssh/authorized_keys'] = {'delete': True}
|
||||
files[f"{config['home']}/.ssh/id_{config['keytype']}"] = {
|
||||
'content': config['privkey'],
|
||||
'owner': name,
|
||||
'mode': '0600',
|
||||
}
|
||||
files[f"{config['home']}/.ssh/id_{config['keytype']}.pub"] = {
|
||||
'content': config['pubkey'],
|
||||
'owner': name,
|
||||
'mode': '0600',
|
||||
}
|
||||
files[config['home'] + '/.ssh/authorized_keys'] = {
|
||||
'content': '\n'.join(sorted(config['authorized_keys'])),
|
||||
'owner': name,
|
||||
'mode': '0600',
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,18 +13,30 @@ defaults = {
|
|||
@metadata_reactor.provides(
|
||||
'users',
|
||||
)
|
||||
def users(metadata):
|
||||
def user(metadata):
|
||||
users = {}
|
||||
|
||||
for name in metadata.get('users'):
|
||||
privkey, pubkey = repo.libs.ssh.generate_ad25519_key_pair(
|
||||
b64decode(str(repo.vault.random_bytes_as_base64_for(metadata.get('id'), length=32)))
|
||||
)
|
||||
for name, config in metadata.get('users').items():
|
||||
users[name] = {
|
||||
'home': f'/home/{name}',
|
||||
'privkey': privkey,
|
||||
'pubkey': pubkey,
|
||||
'authorized_keys': []
|
||||
}
|
||||
|
||||
if not 'home' in config:
|
||||
users[name]['home'] = f'/home/{name}'
|
||||
|
||||
if not 'shell' in config:
|
||||
users[name]['shell'] = '/bin/bash'
|
||||
|
||||
if not 'password_hash' in config:
|
||||
users[name]['password_hash'] = 'x' if node.use_shadow_passwords else '*'
|
||||
|
||||
if not 'privkey' in users[name]:
|
||||
privkey, pubkey = repo.libs.ssh.generate_ad25519_key_pair(
|
||||
b64decode(str(repo.vault.random_bytes_as_base64_for(metadata.get('id'), length=32)))
|
||||
)
|
||||
users[name]['keytype'] = 'ed25519'
|
||||
users[name]['privkey'] = privkey
|
||||
users[name]['pubkey'] = pubkey + f' {name}@{node.name}'
|
||||
|
||||
return {
|
||||
'users': users,
|
||||
|
|
|
|||
|
|
@ -8,5 +8,12 @@
|
|||
'server': 'backups.sublimity.de',
|
||||
},
|
||||
'dns': {},
|
||||
'users': {
|
||||
'root': {
|
||||
'authorized_keys': [
|
||||
'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEU1l2ijW3ZqzFGZcdWg2ESgTGehdNfBTfafxsjWvWdS mwiegand@macbook',
|
||||
],
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -78,6 +78,9 @@
|
|||
'version': '1.4.11',
|
||||
'installer': True,
|
||||
},
|
||||
'users': {
|
||||
'test': {},
|
||||
},
|
||||
'vm': {
|
||||
'cpu': 2,
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in a new issue