Initial commit

fix #2 -Pobieranie trusted CA z Vault fix #1 -Sprawdzanie konfiguracji ssh, czy posiada TrustedUserCAKeys
2020-11-20 23:47:05 +01:00 · 2020-11-20 23:47:05 +01:00 · 37ef5a7c11
commit 37ef5a7c11
3 changed files with 57 additions and 0 deletions
--- a/.changelog.yml
+++ b/.changelog.yml
@ -0,0 +1,40 @@
+# The full repository name
+repo: devOps/trust-ca-ssh
+
+# Service type (gitea or github)
+service: gitea
+
+# Base URL for Gitea instance if using gitea service type (optional)
+# Default: https://gitea.com
+base-url: https://git.cynarski.pl
+
+# Changelog groups and which labeled PRs to add to each group
+groups:
+  -
+    name: PRZEŁOMOWE ZMIANY
+    labels:
+      - breaking
+  -
+    name: NOWE FUNKCJE
+    labels:
+      - feature
+  -
+    name: BŁĘDY
+    labels:
+      - bug
+  -
+    name: ULEPSZENIA
+    labels:
+      - enhancement
+      - refactor
+      - ui
+  -
+    name: BEZPIECZEŃSTWO
+    labels:
+      - security
+  -
+    name: INNE
+    default: true
+
+# regex indicating which labels to skip for the changelog
+skip-labels: skip-changelog|backport\/.+
--- a/.hajduk.yml
+++ b/.hajduk.yml
@ -0,0 +1,3 @@
+project:
+  group: devOps
+  name: trust-ca-ssh
--- a/install.sh
+++ b/install.sh
@ -0,0 +1,14 @@
+#!/bin/bash
+
+SSHD_CONFIG=/etc/ssh/sshd_config
+CA_FILE=/etc/ssh/trusted-ca.pem
+VAULT_CERT="https://vlt.cynarski.dev/v1/ssh-test/public_key"
+
+if !(grep -q "TrustedUserCAKeys" $SSHD_CONFIG); then
+     curl -o $CA_FILE $VAULT_CERT
+     echo "TrustedUserCAKeys ${CA_FILE}" | tee -a $SSHD_CONFIG
+else 
+	CA_FILE=$(grep "TrustedUserCAKeys" $SSHD_CONFIG|cut -d' ' -f2)
+	echo $CA_FILE
+	curl $VAULT_CERT >> $CA_FILE	
+fi