Fix and improve scripts

loranmutafov · Feb 26, 2023 · 2e61149 · 2e61149
1 parent 47add70
commit 2e61149
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 15 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -11,6 +11,8 @@ ARG GID=4096
 
 ENV HOST_KEYS_PATH_PREFIX="/usr"
 ENV HOST_KEYS_PATH="${HOST_KEYS_PATH_PREFIX}/etc/ssh"
+ENV BASTION_USER=${USER}
+ENV BASTION_GROUP=${GROUP}
 
 COPY bastion /usr/sbin/bastion
 COPY setup-keys.sh /usr/sbin/setup-keys.sh

diff --git a/bastion b/bastion
@@ -1,13 +1,13 @@
 #!/usr/bin/env sh
 
-HOST_KEYS_PATH_PREFIX="${HOST_KEYS_PATH_PREFIX:='/'}"
-HOST_KEYS_PATH="${HOST_KEYS_PATH:='/etc/ssh'}"
-
-SETUP_KEYS_PATH="${SETUP_KEYS_PATH:='/etc/bastion/ssh-keys'}"
+SETUP_KEYS_PATH="${SETUP_KEYS_PATH:=/etc/bastion/ssh-keys}"
 if [ -f "$SETUP_KEYS_PATH" ] || [ -L "$SETUP_KEYS_PATH" ]; then
     ./setup-keys.sh
 fi
 
+HOST_KEYS_PATH_PREFIX="${HOST_KEYS_PATH_PREFIX:=/}"
+HOST_KEYS_PATH="${HOST_KEYS_PATH:=/etc/ssh}"
+
 if [ "$PUBKEY_AUTHENTICATION" == "false" ]; then
     CONFIG_PUBKEY_AUTHENTICATION="-o PubkeyAuthentication=no"
 else

diff --git a/setup-keys.sh b/setup-keys.sh
@@ -1,16 +1,20 @@
 #!/bin/sh
-while IFS= read -r line
-do
-    IFS=';' read -r username publickey <<EOF
+# Escape into (subshell), because we're modifying the IFS
+(
+    while IFS= read -r line
+    # Yet another (subshell), because we're modifying the IFS we're using
+    do (
+        IFS=':' read -r username publickey <<EOF
 $line
 EOF
-    adduser -D -h "/home/${username}" -s /bin/ash -g "${username} service" \
-        -G "${GROUP}" "${username}"
+        adduser -D -h "/home/${username}" -s /bin/ash -g "${username} service" \
+            -G "${BASTION_GROUP}" "${username}"
 
-    mkdir -p "/home/${username}/.ssh"
-    echo "${publickey}" > "/home/${username}/.ssh/authorized_keys"
+        mkdir -p "/home/${username}/.ssh"
+        echo "${publickey}" > "/home/${username}/.ssh/authorized_keys"
 
-    chown -R "${username}":"${GROUP}" "/home/${username}/.ssh"
-    chmod 700 "/home/${username}/.ssh"
-    chmod 600 "/home/${username}/.ssh/authorized_keys"
-done <"${SETUP_KEYS_PATH}"
+        chown -R "${username}":"${BASTION_GROUP}" "/home/${username}/.ssh"
+        chmod 700 "/home/${username}/.ssh"
+        chmod 600 "/home/${username}/.ssh/authorized_keys"
+    ) done <"${SETUP_KEYS_PATH}"
+)