from base64 import b64decode defaults = { 'users': { 'root': { 'home': '/root', 'password': repo.vault.password_for(f'{node.name} user root'), }, }, } @metadata_reactor.provides( 'users', ) def authorized_users(metadata): users = {} for name, config in metadata.get('users').items(): users[name] = { 'authorized_keys': set(), } for authorized_user in config.get('authorized_users', set()): authorized_user_name, authorized_user_node = authorized_user.split('@') users[name]['authorized_keys'].add( repo.get_node(authorized_user_node).metadata.get(f'users/{authorized_user_name}/pubkey') ) return { 'users': users, } @metadata_reactor.provides( 'users', ) def user_defaults(metadata): users = {} for name, config in metadata.get('users').items(): users[name] = { 'authorized_keys': set(), } if not 'full_name' in config: users[name]['full_name'] = name if not 'home' in config: users[name]['home'] = f'/home/{name}' if not 'shell' in config: users[name]['shell'] = '/bin/bash' if not 'privkey' in users[name] and not 'pubkey' in users[name]: privkey, pubkey = repo.libs.ssh.generate_ed25519_key_pair( b64decode(str(repo.vault.random_bytes_as_base64_for(f"{name}@{metadata.get('id')}", length=32))) ) users[name]['keytype'] = 'ed25519' users[name]['privkey'] = privkey users[name]['pubkey'] = pubkey + f' {name}@{node.name}' return { 'users': users, }