From d4e99699960970739bd48e20feab317e6a5a08eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20B=C3=B6hm?= Date: Sat, 2 Jul 2022 21:38:47 +0200 Subject: [PATCH] Add deployment user with authorized keys --- authorized_keys | 9 +++++++++ debian.cfg | 16 ++++++++++++---- 2 files changed, 21 insertions(+), 4 deletions(-) create mode 100644 authorized_keys diff --git a/authorized_keys b/authorized_keys new file mode 100644 index 0000000..54733e9 --- /dev/null +++ b/authorized_keys @@ -0,0 +1,9 @@ +# do not remove! required for automation +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFkGqrbgoDtjB1sJ4HKdgMiC3KJl6m8JQ7naB7mUwUIqVVnVcPnXMQX9jlElZ11OPLGI0Ih6KAiT2iwVnCqFrlw= deploy + +# admin users +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFkGqrbgoDtjB1sJ4HKdgMiC3KJl6m8JQ7naB7mUwUIqVVnVcPnXMQX9jlElZ11OPLGI0Ih6KAiT2iwVnCqFrlw= alex +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdnrK3VE2WHPQ7VygeMUonRRsQjZw3EO6pW0rANSISN therojam +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAugLnOhEzJ8gGy0LzHiUpe18pyXoaw/b54gD+m+ua9XJLqmakgOllizKDoeqSrLtOBfL1Pqm78qDMNUaddBSMGUj9f6PaqQflNZIcghFQ8jIfSEstXVDdeBD97X+ngBLClWeQeYoOOox2H3P7NL45OD/NYHKuHX9zlWP2iPXlhWmjVJQdV/gdPciaT8nTMm0epAWwLwBTa502JVYPYdFH/rBggxLjuiXx0xR3XtXq149sEq9rNxaVEZohrVH5uOTiZtKUOkSAPwIfmPno+ekRC3DvnV8erqMoiUIc8osVrLhWWdvFfVQcqEJEjjk/Aih8mAprn/DaHOMnUZdh2US1pw== rockstable +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDA97i0en3wdYnzad3vbOfvBSNul2EgtR/hZQXF7dOqLmX7neiT82MDrensDBlUeFO756nHcWr42a1/g3nMYTrmuz89GkZLo+O27R+xWklzBYEu0hZ3L7kliHy4Fl9WU1cp5EVGAJZDgwO9RQfYD9puqnX520OQcD1BOTrjnZVxJGKJ7UM0oIyYfWNkQPYosv6oZ6caiBsBPaYprKnp/JbXsaRz1qKEPZ7BDH+94XwWj8ItGKnH460MxyaMOHdT2ThvAfAy3QXRtbgyxc59WjBDQjcJVpdYscIB2/hRwkIC6KfQSoeq8XiV1v3vrMqTmESQqvL+p9+tJC6nImk8aU7H6eCMvU6xsYlL9NlngTJWBPYVdrwaLJwrebeiFoF3+RiB9uq5W23ZxnXMOPxCag7XGaDShVHqECBHYPGSqPFdlILUy7MoO9l9SJpv0gTc+iJ7cfEhqk4VPK6a/c1xKSilr1DarOqdYB8860LFX+QMaGNo/yYjXAXlu4c67HTF6KsxlHjlqPodA4BUvK1RwPMT0Ja1t+KawWmxxMBJP8r1d8GYhklDt/cvYzKkRYlhKuJSNpLDBRvq7xM55uzneX9ZZO7D54FxLAqUJOBcH+EzvV/ViMXNnBTuCpo+/4hRIihJH2TASWViTzexUFblC44INmOcc18hUk28xlj1oi1KXw== drbroiler + diff --git a/debian.cfg b/debian.cfg index a10b50d..c35724e 100644 --- a/debian.cfg +++ b/debian.cfg @@ -149,7 +149,7 @@ tasksel tasksel/first multiselect none # Individual additional packages to install #d-i pkgsel/include string openssh-server build-essential -d-i pkgsel/include string bind9-dnsutils, ca-certificates, curl, gnupg, inetutils-ping, mc, openssh-server, qemu-guest-agent, python3, rsync, tree, vim +d-i pkgsel/include string bind9-dnsutils, ca-certificates, curl, gnupg, inetutils-ping, mc, openssh-server, qemu-guest-agent, python3, rsync, sudo, tree, vim # Whether to upgrade packages after debootstrap. # Allowed values: none, safe-upgrade, full-upgrade d-i pkgsel/upgrade select full-upgrade @@ -158,7 +158,7 @@ d-i pkgsel/upgrade select full-upgrade # installed, and what software you use. The default is not to report back, # but sending reports helps the project determine what software is most # popular and include it on CDs. -popularity-contest popularity-contest/participate boolean false +popularity-contest popularity-contest/participate boolean true # This is fairly safe to set, it makes grub install automatically to the MBR # if no other operating system is detected on the machine. @@ -184,5 +184,13 @@ d-i debian-installer/exit/poweroff boolean true # still a usable /target directory. You can chroot to /target and use it # directly, or use the apt-install and in-target commands to easily install # packages and run commands in the target system. -#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh - +d-i preseed/late_command string \ + in-target useradd -s /bin/sh -m -U -G sudo deploy; \ + in-target passwd -l deploy; \ + in-target mkdir -p "/home/deploy/.ssh"; \ + in-target curl -o /home/deploy/.ssh/authorized_keys https://git.dezentrale.cloud/services/preseed/raw/branch/main/authorized_keys; \ + in-target chown -R "deploy:deploy" "/home/deploy"; \ + in-target chmod 700 "/home/deploy"; \ + in-target chmod 700 "/home/deploy/.ssh"; \ + in-target chmod 600 "/home/deploy/.ssh/authorized_keys"; \ + true