more specific grep pattern

allow makeitso to be re-run
remove aws stuff - will get from public site
2021-07-16 10:05:29 -07:00 · 2021-07-16 09:59:50 -07:00 · 2021-07-16 09:56:10 -07:00 · 2021-07-16 09:54:50 -07:00 · 2021-07-16 09:52:53 -07:00
4 changed files with 5 additions and 98 deletions
--- a/14
+++ b/14
@ -1,14 +0,0 @@
-# Yubikey
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoRxIS1Dr33Jhybd/ck7UCLQ1Df5msSpvw03w/ljgB+1sx/U+965+q597XRHHnzPey8NFrOdID4I1l0tfco1XG5DJG2yJ/zY+tbyK+0b0Yi4qbRFnH2kxKYcdHq29CiVk64o1VHJxxj78IO2wTUcgK4sXijm05LWqCik4LSfcOBEyOwK6f37Mew19KDq7UAojHLTEbVB6xiv2ufh9evn3PggirE1VtvQlTBnt3NdBDumxD1RzRoVgwMuU1FNvQeMwLnlMlvLX76vjPkRRrgBGEJ2k0BUm7slrAtRnBzIvIbouk55MIBzpPjCIi53L91KxwNkHNPldYG81C+BczN/R5 cardno:000604717732
-
-# Chromebook (GalliumOS)
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDxUNqjpukVhDXJnicD0dOhMMaQPOqYgPR14NSUd9rLp lobo@gallium
-
-# Home server
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4qu/tmKfeTtFDFimpcKH+1HRiiug7eNzNvORoH1ngh lobo@nas2
-
-# Corp workspaces
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqdB5I6TIaXo0vMTjQ59SA4OL9TWWVXt+afbKRgU2u3 lobo@DESKTOP-VT5VL1V
-
-# Phone
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPb49syadEvvwlBpRs6DaZxJGV1HgOC/bYZR1WIYvNus u0_a276@localhost
--- a/3
+++ b/3
@ -1,3 +0,0 @@
-[default]
-region = us-west-2
-output = json
--- a/12
+++ b/12
@ -5,9 +5,12 @@ if [ $# -ne 1 ]; then
  exit 1
 fi

-#sudo adduser --disabled-login --gecos 'User for AuthorizedKeysCommand' authorizedkeysuser ||
-sudo useradd -c 'User for AuthorizedKeysCommand' -d /home/authorizedkeysuser -m -s/usr/sbin/nologin authorizedkeysuser
+if [ ! -d /home/authorizedkeysuser ]; then
+  #sudo adduser --disabled-login --gecos 'User for AuthorizedKeysCommand' authorizedkeysuser ||
+  sudo useradd -c 'User for AuthorizedKeysCommand' -d /home/authorizedkeysuser -m -s/usr/sbin/nologin authorizedkeysuser
+fi

+grep -qF 'AuthorizedKeysCommand /etc/ssh/get_authorized_keys' /etc/ssh/sshd_config || \
 sudo sh -c "echo 'Match User $1
  AuthorizedKeysCommand /etc/ssh/get_authorized_keys
  AuthorizedKeysCommandUser authorizedkeysuser' >> /etc/ssh/sshd_config"
@ -16,9 +19,4 @@ sudo cp get_authorized_keys /etc/ssh

 sudo chmod 755 /etc/ssh/get_authorized_keys

-sudo -u authorizedkeysuser mkdir ~authorizedkeysuser/.aws
-sudo -u authorizedkeysuser cp config ~authorizedkeysuser/.aws
-sudo -u authorizedkeysuser cp .credentials ~authorizedkeysuser/.aws/credentials
-sudo -u authorizedkeysuser chmod 600 ~authorizedkeysuser/.aws/*
-sudo -H -u authorizedkeysuser sh -c 'command -v aws > /dev/null 2>&1 || pip install --user awscli'
 sudo systemctl restart sshd
--- a/trigger/authorized_keys.py
+++ b/trigger/authorized_keys.py
@ -1,74 +0,0 @@
-import json
-import boto3
-
-ddb = boto3.client('dynamodb')
-codecommit = boto3.client('codecommit')
-targetarn = 'arn:aws:codecommit:us-west-2:932028523435:authorized_keys'
-
-
-def lambda_handler(event, context):
-    # {
-    #   "Records": [
-    #     {
-    #       "awsRegion": "us-west-2",
-    #       "codecommit": {
-    #         "references": [
-    #           {
-    #             "commit": "5c4ef1049f1d27deadbeeff313e0730018be182b",
-    #             "ref": "refs/heads/master"
-    #           }
-    #         ]
-    #       },
-    #       "customData": "this is custom data",
-    #       "eventId": "5a824061-17ca-46a9-bbf9-114edeadbeef",
-    #       "eventName": "TriggerEventTest",
-    #       "eventPartNumber": 1,
-    #       "eventSource": "aws:codecommit",
-    #       "eventSourceARN": "arn:aws:codecommit:us-west-2:123456789012:repo",
-    #       "eventTime": "2016-01-01T23:59:59.000+0000",
-    #       "eventTotalParts": 1,
-    #       "eventTriggerConfigId": "5a824061-17ca-46a9-bbf9-114edeadbeef",
-    #       "eventTriggerName": "my-trigger",
-    #       "eventVersion": "1.0",
-    #       "userIdentityARN": "arn:aws:iam::123456789012:root"
-    #     }
-    #   ]
-    # }
-    print(json.dumps(event))
-    records = event["Records"]
-    if records is None or len(records) == 0:
-        raise RuntimeError('No records property in event')
-    print(records)
-    for record in records:
-        repoArn = record['eventSourceARN']
-        if repoArn is None:
-            print('no eventSourceARN on record')
-            continue
-        print('Record from ARN' + repoArn)
-        if repoArn != targetarn:
-            print('Not target ARN. Continuting')
-            continue
-        resp = codecommit.get_file(repositoryName='authorized_keys',
-                                   filePath='authorized_keys')
-        data = resp['fileContent'].decode("utf-8")
-        ddbitem = ddb.scan(TableName='key')  # ddbitem['Items']...
-        found = False
-        for item in ddbitem['Items']:  # should be only one anyway - whatever
-            if item['key']['S'] == data:
-                found = True
-                break
-        if found:
-            print('no change to keys. continuing')
-            continue
-        # Something's changed - let's make the update in DDB
-        ddb.put_item(TableName='key', Item={'key': {'S': data}})
-        for item in ddbitem['Items']:  # should be only one anyway - whatever
-            print('deleting old item')
-            ddb.delete_item(TableName='key', Key=item)
-
-    print('All records processed')
-
-    return {
-        'statusCode': 200,
-        'body': json.dumps('Processing complete')
-    }
Author	SHA1	Message	Date
Emil Lerch	31b912b2c9	more specific grep pattern	2021-07-16 10:05:29 -07:00
Emil Lerch	9e8d93d4ea	allow makeitso to be re-run	2021-07-16 09:59:50 -07:00
Emil Lerch	ae51e774ae	remove aws stuff - will get from public site	2021-07-16 09:56:10 -07:00
Emil Lerch	7b1dcdf13b	invent and simplify...	2021-07-16 09:54:50 -07:00
Emil Lerch	19b4cc3d7d	remove authorized_keys file - will be published at https://emil.lerch.org/authorized_keys	2021-07-16 09:52:53 -07:00