-
Notifications
You must be signed in to change notification settings - Fork 0
/
init.sh
36 lines (31 loc) · 1.41 KB
/
init.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/bin/bash
mkdir -p /var/run/sshd
# This doesn't much matter, as there's no password for the user, but do it anyway
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
# Create and configure the git user for SSH
# This is the only user in use on the server, it will both be accepting the inbound
# connections and making the requests upstream. It has the proxy script as its
# shell and can't be used for anything else. It's set so that it'll make the initial
# connection upstream as TOFU.
useradd -m -s /git-proxy.py git
mkdir -p ~git/.ssh
echo $MY_PUBLIC_KEY > ~git/.ssh/authorized_keys
echo $MY_PUBLIC_KEY2 >> ~git/.ssh/authorized_keys
echo $MY_PUBLIC_KEY3 >> ~git/.ssh/authorized_keys
echo $MY_PUBLIC_KEY4 >> ~git/.ssh/authorized_keys
echo $MY_PUBLIC_KEY5 >> ~git/.ssh/authorized_keys
echo $MY_PUBLIC_KEY6 >> ~git/.ssh/authorized_keys
echo $MY_PUBLIC_KEY7 >> ~git/.ssh/authorized_keys
echo $MY_PUBLIC_KEY8 >> ~git/.ssh/authorized_keys
echo $MY_PUBLIC_KEY9 >> ~git/.ssh/authorized_keys
echo "Host = $UPSTREAM_HOST
StrictHostKeyChecking = accept-new" > ~git/.ssh/config
chown -R git:git ~git/.ssh
chmod go-rwx ~git/.ssh
mkdir -p /repositories
chown -R git:git /repositories
# Export the envvars somewhere the python script can get at them
echo "UPSTREAM_USER = '$UPSTREAM_USER'
UPSTREAM_HOST = '$UPSTREAM_HOST'
UPSTREAM_PORT = '$UPSTREAM_PORT'" > /proxyenvironment.py
chmod ugo+x /proxyenvironment.py