wol waker only allow wakeonlan command
This commit is contained in:
parent
59dd4c5877
commit
985a15e5c7
SSH key fingerprint:
SHA256:v0410ZKfuO1QHdgKBsdQNF64xmTxOF8osF1LIqwTcVw
13 changed files with 32 additions and 18 deletions
|
|
@ -27,7 +27,7 @@ def ssh_keys(metadata):
|
|||
'users': {
|
||||
'build-agent': {
|
||||
'authorized_users': {
|
||||
f'build-server@{other_node.name}'
|
||||
f'build-server@{other_node.name}': {}
|
||||
for other_node in repo.nodes
|
||||
if other_node.has_bundle('build-server')
|
||||
for architecture in other_node.metadata.get('build-server/architectures').values()
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ def ssh_keys(metadata):
|
|||
'users': {
|
||||
'build-ci': {
|
||||
'authorized_users': {
|
||||
f'build-server@{other_node.name}'
|
||||
f'build-server@{other_node.name}': {}
|
||||
for other_node in repo.nodes
|
||||
if other_node.has_bundle('build-server')
|
||||
},
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ def ssh_keys(metadata):
|
|||
'users': {
|
||||
'downloads': {
|
||||
'authorized_users': {
|
||||
f'build-server@{other_node.name}'
|
||||
f'build-server@{other_node.name}': {}
|
||||
for other_node in repo.nodes
|
||||
if other_node.has_bundle('build-server')
|
||||
},
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ def user(metadata):
|
|||
'users': {
|
||||
'sshmon': {
|
||||
'authorized_users': {
|
||||
'nagios@' + metadata.get('monitoring/icinga2_node'),
|
||||
'nagios@' + metadata.get('monitoring/icinga2_node'): {},
|
||||
}
|
||||
},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ def users(metadata):
|
|||
'allow_users': set(
|
||||
name
|
||||
for name, conf in metadata.get('users').items()
|
||||
if conf.get('authorized_keys', []) or conf.get('authorized_users', [])
|
||||
if conf.get('authorized_keys', []) or conf.get('authorized_users', {})
|
||||
),
|
||||
},
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,11 +20,15 @@ def authorized_users(metadata):
|
|||
users[name] = {
|
||||
'authorized_keys': set(),
|
||||
}
|
||||
for authorized_user in config.get('authorized_users', set()):
|
||||
for authorized_user, options in config.get('authorized_users', {}).items():
|
||||
authorized_user_name, authorized_user_node = authorized_user.split('@')
|
||||
users[name]['authorized_keys'].add(
|
||||
repo.get_node(authorized_user_node).metadata.get(f'users/{authorized_user_name}/pubkey')
|
||||
)
|
||||
authorized_user_public_key = repo.get_node(authorized_user_node).metadata.get(f'users/{authorized_user_name}/pubkey')
|
||||
|
||||
for command in options.get('commands', []):
|
||||
users[name]['authorized_keys'].add(f'command="{command}" ' + authorized_user_public_key)
|
||||
else:
|
||||
users[name]['authorized_keys'].add(authorized_user_public_key)
|
||||
|
||||
return {
|
||||
'users': users,
|
||||
}
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ defaults = {
|
|||
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'wol-sleeper/mac',
|
||||
'wol-sleeper/wake_command',
|
||||
)
|
||||
def wake_command(metadata):
|
||||
|
|
@ -53,7 +54,8 @@ def wake_command(metadata):
|
|||
|
||||
return {
|
||||
'wol-sleeper': {
|
||||
'wake_command': f"ssh -o StrictHostKeyChecking=no wol@{waker_hostname} 'wakeonlan {mac} && while ! ping {ip} -c1 -W3; do true; done'",
|
||||
'mac': mac,
|
||||
'wake_command': f"ssh -o StrictHostKeyChecking=no wol@{waker_hostname} '/usr/bin/wakeonlan {mac}' && while ! ping {ip} -c1 -W3; do true; done",
|
||||
},
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -6,17 +6,25 @@ defaults = {
|
|||
},
|
||||
}
|
||||
|
||||
|
||||
@metadata_reactor.provides(
|
||||
'users/wol',
|
||||
'users/wol/authorized_users',
|
||||
)
|
||||
def user(metadata):
|
||||
return {
|
||||
'users': {
|
||||
'wol': {
|
||||
'authorized_users': {
|
||||
f'root@{node.name}'
|
||||
for node in repo.nodes
|
||||
if node.dummy == False and node.has_bundle('ssh')
|
||||
f'root@{ssh_client.name}': {
|
||||
'commands': {
|
||||
'/usr/bin/wakeonlan ' + sleeper.metadata.get('wol-sleeper/mac')
|
||||
for sleeper in repo.nodes
|
||||
if sleeper.has_bundle('wol-sleeper')
|
||||
and sleeper.metadata.get('wol-sleeper/waker') == node.name
|
||||
}
|
||||
}
|
||||
for ssh_client in repo.nodes
|
||||
if ssh_client.dummy == False and ssh_client.has_bundle('ssh')
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@
|
|||
},
|
||||
'wol-sleeper': {
|
||||
'network': 'wakeonlan',
|
||||
'waker': 'home.server',
|
||||
'waker': 'home.router',
|
||||
},
|
||||
'zfs-mirror': {
|
||||
'server': 'wb.offsite-backups',
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@
|
|||
'users': {
|
||||
'root': {
|
||||
'authorized_users': {
|
||||
'root@home.server',
|
||||
'root@home.server': {},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@
|
|||
'kea-dhcpd',
|
||||
'wireguard',
|
||||
'pppoe',
|
||||
'wol-waker',
|
||||
],
|
||||
'metadata': {
|
||||
'id': '1d6a43e5-858c-42f9-9c40-ab63d61c787c',
|
||||
|
|
|
|||
|
|
@ -31,7 +31,6 @@
|
|||
'systemd-swap',
|
||||
'twitch-clip-download',
|
||||
'raspberrymatic-cert',
|
||||
'wol-waker',
|
||||
'zfs',
|
||||
'routeros-monitoring',
|
||||
],
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@
|
|||
'users': {
|
||||
'root': {
|
||||
'authorized_users': {
|
||||
'root@home.backups',
|
||||
'root@home.backups': {},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in a new issue