Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create users_sync.sh #78

Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Create users_sync.sh #78

Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
8d2e883
Create users_sync.sh
EvilOlaf Jun 9, 2024
5e5ffe1
Create README.md
EvilOlaf Jun 9, 2024
1345b0c
Add blocklist and token support
EvilOlaf Jun 11, 2024
5188346
fix comparison
EvilOlaf Jun 11, 2024
e0e1baa
shellcheck, token validation, texts
EvilOlaf Jun 11, 2024
0d07a6f
remove debug
EvilOlaf Jun 11, 2024
ad3abd8
set shell to false
EvilOlaf Jun 12, 2024
0e999b0
add checks for curl and jq
EvilOlaf Jun 12, 2024
f5f3fff
fix permissions and path
EvilOlaf Jun 12, 2024
5f99e6c
fix user deletion, adjust logic
EvilOlaf Jun 13, 2024
d679ecc
functions, key refreshing
EvilOlaf Jun 13, 2024
b0000c8
shellcheck
EvilOlaf Jun 14, 2024
151d3f2
toggle DEBUG and ask for confirmation...
EvilOlaf Jun 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix permissions and path
  • Loading branch information
@EvilOlaf
EvilOlaf authored Jun 12, 2024
commit f5f3fffcb952f0e011651b93c8fd7185a19499da
13 changes: 8 additions & 5 deletions utils/users_sync.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,13 @@
# NO trailing slash!
# the owner of the parent directory must be "root"!
# configure nginx accordingly
USERPATH=/var/www/users
USERPATH=/armbianusers

# which group is used to catch and jail users into their sftp chroot?
SFTPGROUP=sftponly

# classic token from any organization member with "read:org" permission
TOKEN=xxxxxx
TOKEN=xxx

# the organization you want to read members from
ORG=armbian
Expand All @@ -38,6 +38,7 @@ command -v curl >/dev/null 2>&1 || echo >&2 "\"curl\" not found. Aborting."
# Check if jq is installed
command -v jq >/dev/null 2>&1 || echo >&2 "\"jq\" not found. Aborting."


# validate token
RESPONSE=$(curl -sS -f -I -H "Authorization: token $TOKEN" https://api.github.com | grep -i x-oauth-scopes |grep -c read:org)
if [[ $RESPONSE != 1 ]]; then
Expand All @@ -61,7 +62,7 @@ then
echo "Add this to your \"sshd_config\" if not done already."
echo ""
echo "Match Group $SFTPGROUP"
echo " ChrootDirectory $USERPATH/%u"
echo " ChrootDirectory $USERPATH"
echo " ForceCommand internal-sftp"
echo " AllowTcpForwarding no"
echo ""
Expand Down Expand Up @@ -109,6 +110,7 @@ for i in $ORGMEMBERS; do
mkdir -p "$USERPATH"/"$i"/.ssh
curl -s https://github.com/"$i".keys > "$USERPATH"/"$i"/.ssh/authorized_keys
chown -R "$i":"$SFTPGROUP" "$USERPATH"/"$i"/.ssh
chmod 700 "$USERPATH"/"$i"/.ssh
chmod 600 "$USERPATH"/"$i"/.ssh/authorized_keys

# Check if grabbed stuff are actual ssh keys.
Expand All @@ -118,14 +120,15 @@ for i in $ORGMEMBERS; do
if [[ $CHECK_KEYS != 0 ]]; then
echo "$i - $CHECK_KEYS key/s for $i imported"
else
echo "$i - Either grabbing failed or $i does not have ssh key on git"
echo "$i won't be able to login"
echo "(!) $i - Either grabbing failed or $i does not have ssh key on git"
echo "(!) $i won't be able to login"
rm "$USERPATH"/"$i"/.ssh/authorized_keys
fi

else
echo "$i - local directory found. Skipping..."
# TODO: update ssh keys here

fi
done

Expand Down
Loading