0k
/
0k-charms
6
3
Fork 2
Code Issues 11 Pull Requests 5 Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
641 Commits
29 Branches
14 Tags
41 MiB
Tree: 5b529de8dd
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5b529de8dd'
${ noResults }
0k-charms/rsync-backup-target/build/entrypoint.sh

47 lines
1.2 KiB
Raw Normal View History

new: [rsync-backup-target] new charm.
9 years ago
new: [rsync-backup-target] a key identifier is now required and enforced The key identifier will be used to fence each key in its own folder. Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
5 years ago
new: [rsync-backup-target] new charm.
9 years ago
new: [rsync-backup-target] backup groups allow key management delegation Each backup endpoint is now part of a backup group. Each backup group can be managed by ad-hoc and separate account. Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
new: [rsync-backup-target] add recover key mechanism This allows to get a one-time credential to have read access on specified backup slot. Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
new: [rsync-backup-target] backup groups allow key management delegation Each backup endpoint is now part of a backup group. Each backup group can be managed by ad-hoc and separate account. Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
fix: dev: typo !minor Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
new: [rsync-backup-target] backup groups allow key management delegation Each backup endpoint is now part of a backup group. Each backup group can be managed by ad-hoc and separate account. Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
new: [rsync-backup-target] allow dynamic management of backup keys Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
4 years ago
new: [rsync-backup-target] new charm.
9 years ago
fix: [rsync-backup-target] force log to docker logs Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
5 years ago
  1. #!/bin/bash
  4. ##
  5. ## code
  6. ##
  8. chmod 440 /etc/sudoers.d/* -R
  10. KEYS=/etc/rsync/keys
  11. RSYNC_HOME=/var/lib/rsync
  13. mkdir -p "$RSYNC_HOME/.ssh"
  15. if ! egrep '^[^:]+:x:101:101:' /etc/passwd; then
  16. ## Then it is a first run of this container, users
  17. ## need to be created. Notice that container will be
  18. ## re-created anew if user config was changed.
  19. for user_dir in /etc/rsync/keys/admin/* /etc/rsync/keys/recover; do
  20. [ -d "$user_dir" ] || continue
  21. user="${user_dir##*/}"
  22. [ "$user" != "rsync" ] || continue
  24. adduser -S "$user" -h "$user_dir" -G rsync &&
  25. chown "$user":rsync "$user_dir" || {
  26. echo "Error: couldn't create user $user or chown '$user_dir'." >&2
  27. exit 1
  28. }
  29. ## Without this, account is considered locked by SSH
  30. sed -ri "s/^$user:\!:/$user:*NP*:/g" /etc/shadow
  32. ## Withouth this, force-command will not run
  33. sed -ri "s%^($user.*:)[^:]+$%\1/bin/bash%g" /etc/passwd
  35. done
  36. fi
  38. log="/var/log/rsync/ssh-admin-cmd-validate.log"
  39. touch "$log"
  40. chown rsync:rsync "$log"
  41. chmod g+rw "$log"
  44. ssh-update-keys
  46. ## Give back PID 1 so that ssh can receive signals
  47. exec /usr/sbin/sshd -D -e