From 5bf4e2c02c2ace2cb5f4323d4f9b0e9328920789 Mon Sep 17 00:00:00 2001
From: Elian Loraux <elian.loraux@tetras-libre.fr>
Date: Tue, 18 Feb 2025 16:50:37 +0100
Subject: [PATCH] Variable if you want to add maintenance ssh key or not

---
 README.md       | 1 +
 install/Base.sh | 6 +++++-
 main.env.sample | 6 ++++++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index d549bd8..7231721 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,7 @@ All configuration is on .env.main.sample. By default, this environnement is conf
 8. Test the connection with the ssh key (in case of hosting by OVH, remove the waring in '.ssh/authorized_keys')
 9. **Delete temporary user as needed** `deluser [user] && rm -r /home/[user]`
 10. `. main.env; bash validate.sh`
+11. Put your ssh key in `/root/.ssh/authorized_keys` if needed
 
 If dockerweb doesn't have the right uid, you can chaange it **only if it's not already in use** thanks to:
 ```sh
diff --git a/install/Base.sh b/install/Base.sh
index 4c9c542..04e4742 100644
--- a/install/Base.sh
+++ b/install/Base.sh
@@ -118,7 +118,11 @@ bash $DIR/checks/rkhunter.sh
 
 # Allow maintenance operations:
 mkdir -p /root/.ssh
-cat id_rsa.pub >> /root/.ssh/authorized_keys
+if [ "$TETRAS_MAINTENACE" = true ] ; then
+    cat id_rsa.pub >> /root/.ssh/authorized_keys
+else
+    touch /root/.ssh/authorized_keys
+fi
 chmod 600  /root/.ssh/authorized_keys
 
 #Ssh
diff --git a/main.env.sample b/main.env.sample
index ee72b94..90d5dab 100644
--- a/main.env.sample
+++ b/main.env.sample
@@ -11,8 +11,14 @@ export MAINTENANCE_LEVEL="security"
 # TODO change domain for you domaine of server
 export DOMAIN="dev.tetras-libre.fr"
 
+# TODO change admin mail
 export SERVER_ADMIN="sysadmin@tetras-libre.fr"
 
+# TODO put this variable to false if tetras does not provide maintenance
+# This has the consequence of whether or not the free tetras ssh public key is added to the authorized keys
+export TETRAS_MAINTENACE=true
+
+# TODO change ignore domaines for fail2ban
 export IGNORE_DOMAINES=(
     "tetrix.tetras-libre.fr"
     "piculus.tetras-libre.fr"
-- 
GitLab