Variable if you want to add maintenance ssh key or not

5bf4e2c0 · Elian Loraux · d0fc503d · 5bf4e2c0 · 5bf4e2c0 · 5bf4e2c0
Commit 5bf4e2c0 authored 3 months ago by Elian Loraux
--- a/README.md
+++ b/README.md
@@ -20,6 +20,7 @@ All configuration is on .env.main.sample. By default, this environnement is conf
 8. Test the connection with the ssh key (in case of hosting by OVH, remove the waring in '.ssh/authorized_keys')
 9. **Delete temporary user as needed** `deluser [user] && rm -r /home/[user]`
 10. `. main.env; bash validate.sh`
+11. Put your ssh key in `/root/.ssh/authorized_keys` if needed

 If dockerweb doesn't have the right uid, you can chaange it **only if it's not already in use** thanks to:
 ```sh

--- a/install/Base.sh
+++ b/install/Base.sh
@@ -118,7 +118,11 @@ bash $DIR/checks/rkhunter.sh

 # Allow maintenance operations:
 mkdir -p /root/.ssh
-cat id_rsa.pub >> /root/.ssh/authorized_keys
+if [ "$TETRAS_MAINTENACE" = true ] ; then
+    cat id_rsa.pub >> /root/.ssh/authorized_keys
+else
+    touch /root/.ssh/authorized_keys
+fi
 chmod 600  /root/.ssh/authorized_keys

 #Ssh

--- a/main.env.sample
+++ b/main.env.sample
@@ -11,8 +11,14 @@ export MAINTENANCE_LEVEL="security"
 # TODO change domain for you domaine of server
 export DOMAIN="dev.tetras-libre.fr"

+# TODO change admin mail
 export SERVER_ADMIN="sysadmin@tetras-libre.fr"

+# TODO put this variable to false if tetras does not provide maintenance
+# This has the consequence of whether or not the free tetras ssh public key is added to the authorized keys
+export TETRAS_MAINTENACE=true
+
+# TODO change ignore domaines for fail2ban
 export IGNORE_DOMAINES=(
    "tetrix.tetras-libre.fr"
    "piculus.tetras-libre.fr"