Mathis/dev-cluster
1
0
Fork 0
mirror of https://github.com/lordmathis/dev-cluster.git synced 2025-12-22 16:44:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Write sshd config manually

Browse Source
This commit is contained in:
Matúš Námešný
2025-01-04 15:49:16 +01:00
parent 221600ae0b
commit c36e7c0fb1
1 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
provisioning/cloud-init.yaml
View File

@@ -43,17 +43,18 @@ write_files:
kubectl --kubeconfig /home/git/.kube/config exec -i -n gitea $GITEA_POD -c gitea -- /usr/local/bin/gitea keys -e git -u $1 -t $2 -k $3 kubectl --kubeconfig /home/git/.kube/config exec -i -n gitea $GITEA_POD -c gitea -- /usr/local/bin/gitea keys -e git -u $1 -t $2 -k $3
permissions: "0755" permissions: "0755"
path: /usr/local/bin/gitea-keys path: /usr/local/bin/gitea-keys
- content: |
Match User git
AuthorizedKeysCommandUser git
AuthorizedKeysCommand /usr/local/bin/gitea-keys %u %t %k
path: /etc/ssh/sshd_config.d/50-gitea.conf
permissions: "0644"
ssh: ssh:
emit_keys_to_console: true emit_keys_to_console: true
ssh_pwauth: false ssh_pwauth: false
disable_root: true disable_root: true
ssh_config:
Match User git:
AuthorizedKeysCommandUser: git
AuthorizedKeysCommand: /usr/local/bin/gitea-keys %u %t %k
runcmd: runcmd:
# UFW # UFW
- ufw default deny incoming - ufw default deny incoming
@@ -76,6 +77,11 @@ runcmd:
- cp /etc/rancher/k3s/k3s.yaml /home/${username}/.kube/config - cp /etc/rancher/k3s/k3s.yaml /home/${username}/.kube/config
- chown -R ${username}:${username} /home/${username}/.kube - chown -R ${username}:${username} /home/${username}/.kube
- chmod 600 /home/${username}/.kube/config - chmod 600 /home/${username}/.kube/config
# Set up kubeconfig for git
- mkdir -p /home/git/.kube
- cp /etc/rancher/k3s/k3s.yaml /home/git/.kube/config
- chown -R git:git /home/git/.kube
- chmod 600 /home/git/.kube/config
# Dotfiles # Dotfiles
- | - |
su ${username} -c ' su ${username} -c '