From 37ef5a7c111ae64298a458c9b4f880062f8f1ae5 Mon Sep 17 00:00:00 2001
From: Aleksander Cynarski <aleksander@cynarski.pl>
Date: Fri, 20 Nov 2020 23:47:05 +0100
Subject: [PATCH] Initial commit

fix #2 -Pobieranie trusted CA z Vault
fix #1 -Sprawdzanie konfiguracji ssh, czy posiada TrustedUserCAKeys
---
 .changelog.yml | 40 ++++++++++++++++++++++++++++++++++++++++
 .hajduk.yml    |  3 +++
 install.sh     | 14 ++++++++++++++
 3 files changed, 57 insertions(+)
 create mode 100644 .changelog.yml
 create mode 100644 .hajduk.yml
 create mode 100755 install.sh

diff --git a/.changelog.yml b/.changelog.yml
new file mode 100644
index 0000000..138167a
--- /dev/null
+++ b/.changelog.yml
@@ -0,0 +1,40 @@
+# The full repository name
+repo: devOps/trust-ca-ssh
+
+# Service type (gitea or github)
+service: gitea
+
+# Base URL for Gitea instance if using gitea service type (optional)
+# Default: https://gitea.com
+base-url: https://git.cynarski.pl
+
+# Changelog groups and which labeled PRs to add to each group
+groups:
+  -
+    name: PRZEŁOMOWE ZMIANY
+    labels:
+      - breaking
+  -
+    name: NOWE FUNKCJE
+    labels:
+      - feature
+  -
+    name: BŁĘDY
+    labels:
+      - bug
+  -
+    name: ULEPSZENIA
+    labels:
+      - enhancement
+      - refactor
+      - ui
+  -
+    name: BEZPIECZEŃSTWO
+    labels:
+      - security
+  -
+    name: INNE
+    default: true
+
+# regex indicating which labels to skip for the changelog
+skip-labels: skip-changelog|backport\/.+
\ No newline at end of file
diff --git a/.hajduk.yml b/.hajduk.yml
new file mode 100644
index 0000000..c7e521f
--- /dev/null
+++ b/.hajduk.yml
@@ -0,0 +1,3 @@
+project:
+  group: devOps
+  name: trust-ca-ssh
diff --git a/install.sh b/install.sh
new file mode 100755
index 0000000..4c56371
--- /dev/null
+++ b/install.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+SSHD_CONFIG=/etc/ssh/sshd_config
+CA_FILE=/etc/ssh/trusted-ca.pem
+VAULT_CERT="https://vlt.cynarski.dev/v1/ssh-test/public_key"
+
+if !(grep -q "TrustedUserCAKeys" $SSHD_CONFIG); then
+     curl -o $CA_FILE $VAULT_CERT
+     echo "TrustedUserCAKeys ${CA_FILE}" | tee -a $SSHD_CONFIG
+else 
+	CA_FILE=$(grep "TrustedUserCAKeys" $SSHD_CONFIG|cut -d' ' -f2)
+	echo $CA_FILE
+	curl $VAULT_CERT >> $CA_FILE	
+fi