punkfairie/install.fairie
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
install.fairie/home/.chezmoiscripts/universal/run_onchange_after_30-sshd.sh.tmpl
Brian Zalewski 2f9a236021 Update 28 files 
- /home/.chezmoiscripts/run_onchange_after_add-fonts.tmpl
- /home/.chezmoiscripts/run_onchange_after_endlessh.tmpl
- /home/.chezmoiscripts/run_onchange_after_fail2ban.tmpl
- /home/.chezmoiscripts/run_onchange_after_symlink-ansible-configs.tmpl
- /home/.chezmoiscripts/run_onchange_after_sshd.tmpl
- /home/.chezmoiscripts/run_onchanges_after_decrypt-ssh-keys.tmpl
- /home/.chezmoiscripts/run_onchange_ensure-executable.tmpl
- /home/.chezmoiscripts/run_onchanges_after_ensure-private-key.tmpl
- /home/.chezmoiscripts/run_onchanges_after_generate-public-keys.tmpl
- /home/.chezmoiscripts/run_onchanges_after_symlink-custom.tmpl
- /home/.chezmoitemplates/ssh/authorized-keys.yubikey
- /home/.chezmoiscripts/universal/run_onchange_after_24-vpn-darwin.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_20-font.sh.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_02-ensure-executable.sh.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_05-decrypt-ssh-keys.sh.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_07-ensure-private-key.sh.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_08-generate-public-keys.sh.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_08-symlink-custom.sh.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_24-vpn-darwin.sh.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_30-endlessh.sh.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_30-sshd.sh.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_31-fail2ban.sh.tmpl
- /home/.chezmoiscripts/disabled/run_onchange_after_symlink-ansible-configs.tmpl
- /home/.chezmoiscripts/linux/run_onchange_before_01-requirements.sh.tmpl
- /home/.chezmoiscripts/linux/run_onchange_before_10-system-tweaks.sh.tmpl
- /home/.chezmoiscripts/linux/run_onchange_before_11-configure-swap.sh.tmpl
- /home/.chezmoiscripts/linux/run_onchange_before_14-warp.sh.tmpl
- /home/.chezmoitemplates/ssh/encrypted_authorized-keys.yubikey.tmpl
2023-04-15 23:14:30 +00:00

56 lines
2.3 KiB
Cheetah
Raw Blame History

{{- if ne .host.distro.family "windows" -}}
#!/usr/bin/env bash
# @file SSHD Configuration
# @brief Applies SSHD system configuration and then restarts / enables the SSH server
# @description
# This script applies the SSH server MOTD banner and `sshd_config` (which are housed in the `home/private_dot_ssh/system` location)
# to the system by copying the files to the system location and then restarting / enabling the system SSH server.
#
# ## Links
#
# * [System SSHD configurations](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/system)
# sshd_config hash: {{- include (joinPath .host.home ".ssh" "system" "sshd_config") | sha256sum -}}
# banner hash: {{- include (joinPath .host.home ".ssh" "system" "banner") | sha256sum -}}
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}
### Update /etc/ssh/sshd_config if environment is not WSL
if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
if [ -d /etc/ssh ]; then
logg info 'Copying ~/.ssh/system/banner to /etc/ssh/banner'
sudo cp -f "$HOME/.ssh/system/banner" /etc/ssh/banner
logg info 'Copying ~/.ssh/system/sshd_config to /etc/ssh/sshd_config'
sudo cp -f "$HOME/.ssh/system/sshd_config" /etc/ssh/sshd_config
if command -v semanage > /dev/null; then
logg info 'Apply SELinux configuration addressing custom SSH port'
sudo semanage port -a -t ssh_port_t -p tcp {{ .host.ssh.port }}
logg info 'Allow NIS SSHD'
sudo setsebool -P nis_enabled 1
fi
### Restart SSH server
if [ -d /Applications ] && [ -d /System ]; then
# macOS
logg info 'Running `sudo launchctl stop com.openssh.sshd`'
sudo launchctl stop com.openssh.sshd
logg info 'Running `sudo launchctl start com.openssh.sshd`'
sudo launchctl start com.openssh.sshd
else
# Linux
logg info 'Enabling the `sshd` service'
sudo systemctl enable sshd
logg info 'Restarting the `sshd` service'
sudo systemctl restart sshd
fi
else
logg warn 'The /etc/ssh folder does not exist'
fi
else
logg info 'Skipping sshd_config application since environment is WSL'
fi
{{ end -}}
Reference in a new issue View git blame Copy permalink