[dev] first working version #4

Merged
DictXiong merged 21 commits from dev into main 2023-05-30 13:21:29 +08:00
4 changed files with 36 additions and 2 deletions
Showing only changes of commit cce4a4c5bc - Show all commits

View File

@ -19,3 +19,5 @@ insert_if_not_exist()
} }
insert_if_not_exist "/etc/crontab" "*/5 * * * * cd \"$THIS_DIR\" && git pull && \"$THIS_DIR\"/jumpserver_cron.sh" insert_if_not_exist "/etc/crontab" "*/5 * * * * cd \"$THIS_DIR\" && git pull && \"$THIS_DIR\"/jumpserver_cron.sh"
\"$THIS_DIR\"/jumpserver_cron.sh

4
scripts/nasp Executable file
View File

@ -0,0 +1,4 @@
%nasp ALL = (root) NOPASSWD: /usr/bin/docker
%nasp ALL = (root) NOPASSWD: /usr/sbin/reboot
%nasp ALL = (root) NOPASSWD: /usr/bin/whoami

View File

@ -16,6 +16,7 @@ touch_user() {
--shell /bin/bash \ --shell /bin/bash \
--disabled-password \ --disabled-password \
--home /home/$1 \ --home /home/$1 \
--gecos "nasp member" \
$1 $1
usermod -a -G nasp $1 usermod -a -G nasp $1
} }
@ -23,12 +24,18 @@ touch_user() {
update_key() { update_key() {
tmp_path="/tmp/authorized_keys_$1" tmp_path="/tmp/authorized_keys_$1"
dest_path="/home/$1/.ssh/authorized_keys" dest_path="/home/$1/.ssh/authorized_keys"
echo "# This file is autoly generated. Changes here will not work." > "$tmp_path" dest_dir=$(dirname "$dest_path")
echo "# This file is autoly generated. Changes here will not work." > "$tmp_path"
for file in $(find "$THIS_DIR/../authorized_keys/$1" -type f); do for file in $(find "$THIS_DIR/../authorized_keys/$1" -type f); do
(echo "# key file: ${file#*authorized_keys/}";cat "$file"; echo) >> "$tmp_path" (echo "# key file: ${file#*authorized_keys/}";cat "$file"; echo) >> "$tmp_path"
done done
if [[ ! -d "$dest_dir" ]]; then
mkdir -p "$dest_dir"
chown $1:$1 "$dest_dir"
chmod 700 "$dest_dir"
fi
cat "$tmp_path" > "$dest_path" cat "$tmp_path" > "$dest_path"
rm "$tmp_path" rm "$tmp_path"
chown $1:$1 "$dest_path" chown $1:$1 "$dest_path"
@ -36,8 +43,9 @@ update_key() {
} }
main() { main() {
cp "$THIS_DIR/nasp /etc/sudoers.d/nasp"
for file in "$THIS_DIR"/../authorized_keys/* ; do for file in "$THIS_DIR"/../authorized_keys/* ; do
if ! test -d "$file"; then if [[ ! -d "$file" ]]; then
continue continue
fi fi
username=$(basename $file) username=$(basename $file)

20
scripts/testbed_deploy.sh Executable file
View File

@ -0,0 +1,20 @@
#!/bin/bash
set -ex
THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )
apt update && apt install sudo
addgroup nasp
insert_if_not_exist()
{
filename=$1
line=$2
if [ ! -f "$filename" ]; then
touch $filename
fi
grep -qxF -- "$line" "$filename" || echo "$line" >> "$filename"
}
insert_if_not_exist "/etc/crontab" "*/5 * * * * cd \"$THIS_DIR\" && git pull && \"$THIS_DIR\"/testbed_cron.sh"
\"$THIS_DIR\"/testbed_cron.sh