This commit is contained in:
mwiegand 2021-06-25 18:19:11 +02:00
parent 716c166dc7
commit fc945d7f04
6 changed files with 25 additions and 7 deletions

View file

@ -10,5 +10,16 @@ defaults = {
@metadata_reactor.provides(
'users/backup-receiver/authorized_keys'
)
def backup_authorized_keys():
return
def backup_authorized_keys(metadata):
return {
'users': {
'backup-receiver': {
'authorized_keys': [
other_node.metadata.get('users/backup/pubkey')
for other_node in repo.nodes
if other_node.has_bundle('backup')
and other_node.metadata.get('backup/server') == node.name
],
},
},
}

View file

@ -8,4 +8,7 @@ defaults = {
'server': None,
'paths': [],
},
'users': {
'backup': {},
},
}

View file

@ -30,10 +30,7 @@ def user(metadata):
if not 'shell' in config:
users[name]['shell'] = '/bin/bash'
if not 'password_hash' in config:
users[name]['password_hash'] = 'x' if node.use_shadow_passwords else '*'
if not 'privkey' in users[name]:
if not 'privkey' in users[name] and not 'pubkey' in users[name]:
privkey, pubkey = repo.libs.ssh.generate_ad25519_key_pair(
b64decode(str(repo.vault.random_bytes_as_base64_for(metadata.get('id'), length=32)))
)

View file

@ -5,7 +5,7 @@
],
'metadata': {
'backup': {
'server': 'backups.sublimity.de',
'server': 'home.backups',
},
'dns': {},
'users': {

View file

@ -0,0 +1,6 @@
{
'bundles': [
'backup-server',
'zfs',
],
}

View file

@ -2,6 +2,7 @@
'hostname': '10.0.0.5',
'groups': [
'debian-10',
'backup-server',
],
'bundles': [
'zfs',