Initial commit
fix #2 -Pobieranie trusted CA z Vault fix #1 -Sprawdzanie konfiguracji ssh, czy posiada TrustedUserCAKeys
This commit is contained in:
commit
37ef5a7c11
40
.changelog.yml
Normal file
40
.changelog.yml
Normal file
@ -0,0 +1,40 @@
|
||||
# The full repository name
|
||||
repo: devOps/trust-ca-ssh
|
||||
|
||||
# Service type (gitea or github)
|
||||
service: gitea
|
||||
|
||||
# Base URL for Gitea instance if using gitea service type (optional)
|
||||
# Default: https://gitea.com
|
||||
base-url: https://git.cynarski.pl
|
||||
|
||||
# Changelog groups and which labeled PRs to add to each group
|
||||
groups:
|
||||
-
|
||||
name: PRZEŁOMOWE ZMIANY
|
||||
labels:
|
||||
- breaking
|
||||
-
|
||||
name: NOWE FUNKCJE
|
||||
labels:
|
||||
- feature
|
||||
-
|
||||
name: BŁĘDY
|
||||
labels:
|
||||
- bug
|
||||
-
|
||||
name: ULEPSZENIA
|
||||
labels:
|
||||
- enhancement
|
||||
- refactor
|
||||
- ui
|
||||
-
|
||||
name: BEZPIECZEŃSTWO
|
||||
labels:
|
||||
- security
|
||||
-
|
||||
name: INNE
|
||||
default: true
|
||||
|
||||
# regex indicating which labels to skip for the changelog
|
||||
skip-labels: skip-changelog|backport\/.+
|
||||
3
.hajduk.yml
Normal file
3
.hajduk.yml
Normal file
@ -0,0 +1,3 @@
|
||||
project:
|
||||
group: devOps
|
||||
name: trust-ca-ssh
|
||||
14
install.sh
Executable file
14
install.sh
Executable file
@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
SSHD_CONFIG=/etc/ssh/sshd_config
|
||||
CA_FILE=/etc/ssh/trusted-ca.pem
|
||||
VAULT_CERT="https://vlt.cynarski.dev/v1/ssh-test/public_key"
|
||||
|
||||
if !(grep -q "TrustedUserCAKeys" $SSHD_CONFIG); then
|
||||
curl -o $CA_FILE $VAULT_CERT
|
||||
echo "TrustedUserCAKeys ${CA_FILE}" | tee -a $SSHD_CONFIG
|
||||
else
|
||||
CA_FILE=$(grep "TrustedUserCAKeys" $SSHD_CONFIG|cut -d' ' -f2)
|
||||
echo $CA_FILE
|
||||
curl $VAULT_CERT >> $CA_FILE
|
||||
fi
|
||||
Loading…
Reference in New Issue
Block a user