From e69591d2b89f99b9a3b1d3c43fb253a1d97259e7 Mon Sep 17 00:00:00 2001 From: jkoschke Date: Thu, 13 Jan 2022 02:04:01 +0100 Subject: [PATCH] forked ssh and installed tinc --- tinc/CHANGELOG.md | 2 + tinc/DOCS.md | 110 ++++++++++++++++++ tinc/Dockerfile | 85 ++++++++++++++ tinc/README.md | 17 +++ tinc/build.yaml | 13 +++ tinc/config.yaml | 47 ++++++++ tinc/icon.png | Bin 0 -> 6197 bytes tinc/logo.png | Bin 0 -> 5016 bytes tinc/rootfs/etc/cont-init.d/apks.sh | 16 +++ tinc/rootfs/etc/cont-init.d/keygen.sh | 16 +++ tinc/rootfs/etc/cont-init.d/profile.sh | 42 +++++++ tinc/rootfs/etc/cont-init.d/ssh.sh | 34 ++++++ tinc/rootfs/etc/fix-attrs.d/cli | 4 + tinc/rootfs/etc/fix-attrs.d/profile | 2 + tinc/rootfs/etc/fix-attrs.d/ssh | 3 + tinc/rootfs/etc/services.d/sshd/finish | 8 ++ tinc/rootfs/etc/services.d/sshd/run | 13 +++ tinc/rootfs/etc/services.d/ttyd/finish | 8 ++ tinc/rootfs/etc/services.d/ttyd/run | 8 ++ tinc/rootfs/root/.bash_history | 1 + tinc/rootfs/root/.bash_profile | 1 + tinc/rootfs/root/.ssh | 1 + tinc/rootfs/root/.tmux.conf | 25 ++++ tinc/rootfs/usr/bin/hassio | 3 + tinc/rootfs/usr/local/bin/reboot | 5 + tinc/rootfs/usr/local/bin/shutdown | 5 + .../usr/share/tempio/homeassistant.profile | 5 + tinc/rootfs/usr/share/tempio/sshd_config | 26 +++++ 28 files changed, 500 insertions(+) create mode 100644 tinc/CHANGELOG.md create mode 100644 tinc/DOCS.md create mode 100644 tinc/Dockerfile create mode 100644 tinc/README.md create mode 100644 tinc/build.yaml create mode 100644 tinc/config.yaml create mode 100644 tinc/icon.png create mode 100644 tinc/logo.png create mode 100644 tinc/rootfs/etc/cont-init.d/apks.sh create mode 100644 tinc/rootfs/etc/cont-init.d/keygen.sh create mode 100644 tinc/rootfs/etc/cont-init.d/profile.sh create mode 100644 tinc/rootfs/etc/cont-init.d/ssh.sh create mode 100644 tinc/rootfs/etc/fix-attrs.d/cli create mode 100644 tinc/rootfs/etc/fix-attrs.d/profile create mode 100644 tinc/rootfs/etc/fix-attrs.d/ssh create mode 100644 tinc/rootfs/etc/services.d/sshd/finish create mode 100644 tinc/rootfs/etc/services.d/sshd/run create mode 100644 tinc/rootfs/etc/services.d/ttyd/finish create mode 100644 tinc/rootfs/etc/services.d/ttyd/run create mode 120000 tinc/rootfs/root/.bash_history create mode 120000 tinc/rootfs/root/.bash_profile create mode 120000 tinc/rootfs/root/.ssh create mode 100644 tinc/rootfs/root/.tmux.conf create mode 100644 tinc/rootfs/usr/bin/hassio create mode 100644 tinc/rootfs/usr/local/bin/reboot create mode 100644 tinc/rootfs/usr/local/bin/shutdown create mode 100644 tinc/rootfs/usr/share/tempio/homeassistant.profile create mode 100644 tinc/rootfs/usr/share/tempio/sshd_config diff --git a/tinc/CHANGELOG.md b/tinc/CHANGELOG.md new file mode 100644 index 0000000..4dc68c6 --- /dev/null +++ b/tinc/CHANGELOG.md @@ -0,0 +1,2 @@ +# Changelog + diff --git a/tinc/DOCS.md b/tinc/DOCS.md new file mode 100644 index 0000000..aa057ea --- /dev/null +++ b/tinc/DOCS.md @@ -0,0 +1,110 @@ +# Home Assistant Add-on: Terminal & SSH + +## Installation + +Follow these steps to get the add-on installed on your system: + +1. This add-on is only visible to "Advanced Mode" users. To enable advanced mode, go to **Profile** -> and turn on **Advanced Mode**. +2. Navigate in your Home Assistant frontend to **Supervisor** -> **Add-on Store**. +3. Find the "Terminal & SSH" add-on and click it. +4. Click on the "INSTALL" button. + +## How to use + +This add-on adds two main features to your Home Assistant installation: + +- a web terminal that you can use from your browser, and +- enable connecting to your system using an SSH client. + +Regardless of how you connect (using the web terminal or using an SSH client), you end up in this add-on's container. The Home Assistant configuration +directory is located on the path `/config`. + +This add-on comes bundled with [The Home Assistant CLI](https://www.home-assistant.io/hassio/commandline/). Try it out using: + +```bash +ha help +``` + +### The Web Terminal + +You can access the web terminal by clicking the "Open Web UI" button on this add-on's Info tab. If you set the "Show in sidebar" setting (found on the same Info tab) to "on", a shortcut is added to the sidebar allowing you to access the web terminal quickly. + +### SSH Server Connection + +Remote SSH access from the network is disabled by default (See Network below). To connect using an SSH client, such as PuTTY or Linux terminal, you need to supply additional configuration for this add-on. To enable SSH connectivity, you need to: + +- Provide authentication credentials - a password or SSH key(s) +- Specify which TCP port to bind to, on the Home Assistant host + +You can then connect to the port specified, using the username `root`. Please note that enabling the SSH Server potentially makes your Home Assistant system less secure, as it might enable anyone on the internet to try to access your system. The security of your system also depends on your network set up, router settings, use of firewalls, etc. As a general recommendation, you should not activate this part of the add-on unless you understand the ramifications. + +If you enable connecting to the SSH Server using an SSH client, you are strongly recommended to use private/public keys to log in. As long as you keep the private part of your key safe, this makes your system much harder to break into. Using passwords is, therefore, generally considered a less secure mechanism. To generate private/public SSH keys, follow the [instructions for Windows][keygen-windows] and [these for other platforms][keygen]. + +Enabling login via password will disable key-based login. You can not run both variants at the same time. + +## Configuration + +Add-on configuration: + +```yaml +authorized_keys: + - "ssh-rsa AKDJD3839...== my-key" +password: '' +apks: [] +server: + tcp_forwarding: false +``` + +### Option: `apks` + +Additional software packages to install in the add-on container. + +### Option: `authorized_keys` + +Your **public keys** that you wish to accept for login. You can authorize multiple keys by adding multiple public keys to the list. + +If you get errors when adding your key, it is likely that the public key you're trying to add, contains characters that intervene with YAML syntax. Try enclosing your key in double quotes to avoid this issue. + +### Option: `password` + +Set a password for login. **We do NOT recommend this variant**. + +### Option group `server` + +Some SSH server options. + +#### Option `tcp_forwarding` + +Specifies whether TCP forwarding is permitted or not. + +**Note**: _Enabling this option lowers the security of your SSH server! Nevertheless, this warning is debatable._ + +## Network + +This section is only relevant if you want to connect to Home Assistant using an SSH client, such as PuTTY or Linux terminal. To enable SSH remote access from the Network, specify the desired SSH TCP server port in the Network configuration input box. The number you enter will be used to map that port from the host into the running "Terminal & SSH" add-on. The standard port used for the SSH protocol is `22`. + +Remote SSH access can be disabled again, by clearing the input box, saving the configuration and restarting the add-on. + +## Known issues and limitations + +- This add-on will not enable you to install packages or do anything as root. + This is not working with Home Assistant. + +## Support + +Got questions? + +You have several options to get them answered: + +- The [Home Assistant Discord Chat Server][discord]. +- The Home Assistant [Community Forum][forum]. +- Join the [Reddit subreddit][reddit] in [/r/homeassistant][reddit] + +In case you've found a bug, please [open an issue on our GitHub][issue]. + +[discord]: https://discord.gg/c5DvZ4e +[forum]: https://community.home-assistant.io +[issue]: https://github.com/home-assistant/hassio-addons/issues +[keygen-windows]: https://www.digitalocean.com/community/tutorials/how-to-create-ssh-keys-with-putty-to-connect-to-a-vps +[keygen]: https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/ +[reddit]: https://reddit.com/r/homeassistant diff --git a/tinc/Dockerfile b/tinc/Dockerfile new file mode 100644 index 0000000..e209898 --- /dev/null +++ b/tinc/Dockerfile @@ -0,0 +1,85 @@ +ARG BUILD_FROM +FROM $BUILD_FROM + +# Setup base +ARG LIBWEBSOCKETS_VERSION +ARG TTYD_VERSION +RUN \ + set -x \ + && apk add --no-cache \ + bash-completion \ + pulseaudio-utils \ + alsa-plugins-pulse \ + bluez \ + git \ + libuv \ + mosquitto-clients \ + nano \ + openssh \ + pwgen \ + tmux \ + vim \ + \ + && apk add --no-cache --virtual .build-dependencies \ + bsd-compat-headers \ + build-base \ + linux-headers \ + cmake \ + json-c-dev \ + libuv-dev \ + openssl-dev \ + zlib-dev \ + \ + && sed -i "s/ash/bash/" /etc/passwd \ + \ + && git clone --branch "v${LIBWEBSOCKETS_VERSION}" --depth=1 \ + https://github.com/warmcat/libwebsockets.git /tmp/libwebsockets \ + \ + && mkdir -p /tmp/libwebsockets/build \ + && cd /tmp/libwebsockets/build \ + && cmake .. \ + -DCMAKE_BUILD_TYPE=MinSizeRel \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_VERBOSE_MAKEFILE=TRUE \ + -DLWS_IPV6=ON \ + -DLWS_STATIC_PIC=ON \ + -DLWS_UNIX_SOCK=OFF \ + -DLWS_WITH_LIBUV=ON \ + -DLWS_WITH_SHARED=ON \ + -DLWS_WITHOUT_TESTAPPS=ON \ + && make \ + && make install \ + \ + && git clone --branch main --single-branch \ + https://github.com/tsl0922/ttyd.git /tmp/ttyd \ + && git -C /tmp/ttyd checkout "${TTYD_VERSION}" \ + \ + && mkdir -p /tmp/ttyd/build \ + && cd /tmp/ttyd/build \ + && cmake .. \ + -DCMAKE_BUILD_TYPE=MinSizeRel \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_VERBOSE_MAKEFILE=TRUE \ + && make \ + && make install \ + \ + && apk del --no-cache --purge .build-dependencies \ + && rm -f -r \ + /root/.cache \ + /root/.cmake \ + /tmp/* + +# Add YAML highlighting for nano +ADD https://raw.githubusercontent.com/scopatz/nanorc/master/yaml.nanorc /usr/share/nano/yaml.nanorc +RUN sed -i 's/^#[[:space:]]*\(include "\/usr\/share\/nano\/\*\.nanorc".*\)/\1/' /etc/nanorc + +# Home Assistant CLI +ARG BUILD_ARCH +ARG CLI_VERSION +RUN curl -Lso /usr/bin/ha \ + "https://github.com/home-assistant/cli/releases/download/${CLI_VERSION}/ha_${BUILD_ARCH}" \ + && chmod a+x /usr/bin/ha \ + && /usr/bin/ha completion > /usr/share/bash-completion/completions/ha + +# Copy data +COPY rootfs / diff --git a/tinc/README.md b/tinc/README.md new file mode 100644 index 0000000..0d9d66e --- /dev/null +++ b/tinc/README.md @@ -0,0 +1,17 @@ +# Home Assistant Add-on: SSH server + +Allow logging in remotely to Home Assistant using SSH or just the web terminal with Ingress. + +![Supports aarch64 Architecture][aarch64-shield] ![Supports amd64 Architecture][amd64-shield] ![Supports armhf Architecture][armhf-shield] ![Supports armv7 Architecture][armv7-shield] ![Supports i386 Architecture][i386-shield] + +## About + +Setting up an SSH server allows access to your Home Assistant folders with any SSH +client. It also includes a command-line tool to access the Home Assistant API. + + +[aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg +[amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg +[armhf-shield]: https://img.shields.io/badge/armhf-yes-green.svg +[armv7-shield]: https://img.shields.io/badge/armv7-yes-green.svg +[i386-shield]: https://img.shields.io/badge/i386-yes-green.svg diff --git a/tinc/build.yaml b/tinc/build.yaml new file mode 100644 index 0000000..2e4711b --- /dev/null +++ b/tinc/build.yaml @@ -0,0 +1,13 @@ +build_from: + aarch64: ghcr.io/home-assistant/aarch64-base:3.14 + amd64: ghcr.io/home-assistant/amd64-base:3.14 + armhf: ghcr.io/home-assistant/armhf-base:3.14 + armv7: ghcr.io/home-assistant/armv7-base:3.14 + i386: ghcr.io/home-assistant/i386-base:3.14 +codenotary: + signer: notary@home-assistant.io + base_image: notary@home-assistant.io +args: + CLI_VERSION: 4.14.0 + LIBWEBSOCKETS_VERSION: 4.2.1 + TTYD_VERSION: 3e37e33b1cd927ae8f25cfbcf0da268723b6d230 diff --git a/tinc/config.yaml b/tinc/config.yaml new file mode 100644 index 0000000..df1faae --- /dev/null +++ b/tinc/config.yaml @@ -0,0 +1,47 @@ +version: 9.3.0 +slug: tinc +name: Tinc +description: Allow logging in remotely to Home Assistant using SSH +url: https://github.com/home-assistant/hassio-addons/tree/master/ssh +advanced: true +arch: + - armhf + - armv7 + - aarch64 + - amd64 + - i386 +host_dbus: true +image: homeassistant/{arch}-addon-ssh +ingress: true +init: false +map: + - config:rw + - ssl:rw + - addons:rw + - share:rw + - backup:rw + - media:rw +options: + apks: [] + authorized_keys: [] + password: "" + server: + tcp_forwarding: false +panel_icon: mdi:console +panel_title: Terminal +ports: + 22/tcp: null +schema: + apks: + - str + authorized_keys: + - str + password: password + server: + tcp_forwarding: bool +startup: services +uart: true +privileged: + - NET_ADMIN +devices: + - /dev/net/tun \ No newline at end of file diff --git a/tinc/icon.png b/tinc/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..5c98c3f2b2eacbeeea81e68d22a660cde8bb5d0b GIT binary patch literal 6197 zcmV-57|Q2~P)oUzOE10D zSt^zMo}M0$oJ$xT9d$3f@Pd8*`R8kZwvjVkD*{MjsFzLp`1p7azW-KLz1yiC5s~+E zR(pYhF(v>~R6rC|mi4xUrK8uQ8H%DRb4LINsy242k*ZGG*bdk@J~2H#{mh9|C!Txm z$tPb2rq)~wND}X76F*t0e3*6m+3MVfdA`3R@O?l~bx9}+pt>>zNY?oxNdzH1CIJw~ zG0jG!(QG!Kn;f6`&%giMzy2@a)jfOm%-nU?T}{9)w@DpD zZEUd#nlMwF@yg|CDVNJkS1Ke5&)KZ1b8$nXOLI^V#0W`3=_nM~R4TD))27+buI?`9 z8H0%N5~$T?hR*bz`Qv~8mw)sEH}+QrtbTb<{7 zYQ)S{g~`c@hyL()f9KbMm*0Hs*zoJmJvRn4S44m>{n9TDfT&Q|yidL8pZp+rOVXdL zDkNpeJA3vVljZVU(t{vCM3(W1&k>QiP*tKRnv-G6=1ttZe?Qx{ZF7Qa>_UWe|e$$~tLnmK)X$Y8UrxwX#li$(NbJ$9J+<4x$IJT{%6osez`WPA>nM-=$ z`+3q=P=+XqiQt$8l79;kjpj_QCt_KYsAw!NC(JP7DCkS8EBf zn6f`KF>%<4c^v3;)<$FF6Txe*zdqO73xz_S_*E1knF{7w>+QF_dA1r@&lpct91Hl_7PSVj)AT3j@F1ZM* zO1;tGwp(vy@7_JuOK{fK9)9qFAASDWXCF^S#d8A#149c{0%@Z~D8N^K?bkhHjQ5tr zyy)z?v%%@UvvhTJ;GB|k{V+zDsnxk9X$SlF-((A6!D}=d1Hb)izxqSK8--1q`kLkP zC{O{Ei!fIy{azA$`B#7KulRoOmSmJ`o$v1tPW7EhlHZvpe+}TA(%sd?slGn?`}@6S zt7$tsJNJCn=YIa@0Nb~A_3QyQ0i6JC3-JE$|NZ{)z4O@(1(23J%fYiHYcrM2T%mUwpu{8^nck` zf6cR=@s3SQOxPD*e%bSkA!qGko#W`?LvG9FEvC_^5B~0N{>Bd_3-pt~>7;#+0NKqV z%tEFAOTX%?J}(TzW3_rM>N|7BLlqGrXYDQwQRVdMJ~LafySj_LAN6scaBq_M?(N&R zZv(o40x1g#5GR2u-xNg=qa&kcc7rDf{Cu^)#&;2eAYe9EBcr2Y|8AM^|U> z2Yu*=9!sh~=awy7Hm3rFR}^6M&>=|zhkODDnI}TfCprezT?N;U3>TT1RWi}&}cNePo3@)0U>AoNln%Vbk)aC+Qvt+~;rQ|S z0COa2wWwBS@H{VH`LEN7!1p|oMLexmL`P@WZlKU|F3bpE3>p6K|Gv*Afe5!Gvp@B` z{ICCYK%+sUUZ)U-TY>K6=P+#n=3)UPLFJ~KI-S$qvkM4koshHMcLt^2s3XP{fv#Gm z;)P-810G}rNV)56Z}WkUWNrjOSSkXh0OE5U$q|IvTpGmRvTd6W7*+KE1Bl@wc5L11 z2^ut8t)*}K8gLD$JS4Qv3*x6T7;;t_F+!`^LPh*yvFHIN2m%AhWjBI015Q<(a|nw^ zd}y5#j(+1L@B5Ppc6?}y);Xv?WQZ#=CxQt9A!qg40H~7$4=`zPX$weEL7loKWl21+ zW6-%RX5V{u%H%92S~sQk|RL+P!3tHPytdjjisO< zfQyB=5rPE2c6zz2-*u5UWWy?;5( zp&y%}bFZWNkWhb7K+_g+d7X2V>=-EVRa?L^R{^F3wQ+-sm7qiMLe0pq$QB`rOIw5( zVaqKQZu|HF-uHv&x$7^+Iq($?a5~o_T7!9uSYQqy{p3qqV<1aZz_p-oyYl=`ZQ=eO z+0GmPS)hC-L}Tzf6n{A~FxMiI2nf3DTzfeBdC9`@=LdM_Z%wlEgIhFD&F?ze8A-22 zhT;D*9RIeEzyFvn{_p!ry!`jwjJ**O zHw8aTD}x8B?NtU5MU0{jY%?HkdQ4HJ)oLOl8+Q=Y%RUY${uO)13Ou&dRV-1fR)||M z5(xl>{m>cCCv5b7!^wa42ng8s;mW?dV|E>m*t9n$EIP!1i@{l;EkpqjgnGS70SMDC zve;nxM>G2X#LOQ7f1wqCte6B<;y6M?&=_pY9N`|=c|bv7{4wFozlU=&?ENTZ&%0x` z-xeorBBrCqfwaE^rs=t7&&vjsKmk-Qn^Losi$Tkmpos4Wmn1=Ba1Bs}&i8|DM-(4; z{$C6ad~e7re_ddz&u{y!iGZr4I;RrMRB1IgPCJlGcXkBgg%^P?I|Z(w1ZgF}_(FP@ z5K$SbuM16J*KNveUu}8+w?}MyQ$*)hi}Aol(!To&SyBnIm0+Xo1ZFmb7MKE78siDY zZAI#}3bm1#nE^ut^uE<`@RQ?Y1s}8JKt$&ji}67%I4i^!L;x1o0yeM&*~`HK$W_Nc zSeX_e-i4jHcp6$SdN_L6boVrOd|rdyM`JeM9MiGMB3_#GScqdlK+Jq09!sP=D?@c*m0;%X>XlEPYW@Evq{8)MrpDam2^Ns4EP0y z7dl)d2pe1iRbVaz&^82sW#wN%Lgt9Zgw`8^SJ1hnAN;%~+itHVNv{zWTZn**J#1t^ zmzQ)e(79t=7pBe!48Ig`>fZx)>{DEQBTArTH-ggFk_J~919i#g6b~A&3OLyQkr6w; zJW2X(HHy78!mbDqoHf{10Dz!r;uo=~xhUzjB~14RjJy(X?m?e3e`%;AY}uvwn?Nlf z8@CdurhO5ly%wNLD*zHeG$I`Qx*Gf5SEg%wgP5m4S`F+DQLJvym5cGJ8Yl6mrkg|a!P_h?;+P^6jr_3R;q@Ew0g5Gyj*m6sm zXr?2*Py-@MOF9C^1J75~LT$oh{6s+i;{knto%}p1lu)|vfUZz+EpSazvdQ0Y5@cF{ z6T7He!dTvO0k-L3TYg%qb@AnjOwt`R%HG`7!+|G#&isqd(Cb1s(EVnmcaNeGxE9!m zh1oz7D1ZprmuIP+g#l6*q}D85PQJ*H@! zCVhs>lS`1I;8fZg1E+xQR2EsK=|nv60|kNBjG=roVCcCd>Hp_*{vvq`t$ znu|($E`esR@3lDwD$8dvW81{pfZ-QI&fe#9_FoMS=-I98II5saO?obYq({XGxa{AO zHf{)6E(?rpO`&`~VD#mHv$JE{UmKbTJ)4!SM-)iQdyQq1OOUz6Q!>HA0_ZZW(@b9v zGGp72&**Cb=N}2^`$Izop~suQIYf-kC%w)!B$psF2DZ5mu*~dhx`OvR9BP%?`25&* z{;`0*zwnrt5_(X&?u70j9orhLAh`tD_q%WfSmq?C4!o_1855h2bE`kb`xix^$1XU4zm2QEtg=)Xd15FjUZK) z*8(i~LBN6c6q%`37FfaO60E8MuAN)Lra;lA?+V5#$|{gcur~Jrl+`DfU^S)yU7G^r608D?ssO6F z1UHxjie|?^S#S)@ev9M!mmrrwRg+lMPN1@?WwO5APfsQRpjCYyt@V(XnQw><`Sf+g?N1RY%9Ae z-P?q)BScjJ0R;&Z6LO7NKma9|Kpl9U&~s2hST$6q=?IH>egLXqz}AG;s0T(_DvGo# zKwb$<0QFa3-)A`9_YGCV1C&*y0%E{{S5QV@33=etcCh)b0NYfShAu_`-QW^r9&an? zY73BJQ5F1x!-S4WDiq@qMgmlINl)iqgaG1mWpW90K5!WUgq24D5!8`{z-$0BwF;eH z2|rk*1e(SoZwbqikBE}SY9JS#Qxrh}=46kfXptkMpqGw-+V;huT!QP50s>2vK+$&Z z2bjv#j9h}X$l@iqFi^Tn>X_liAeW&1Ho$^k5wjU+UMK+h!cebcUsTc%WC01fi&tM5 zI&}hY)ve$upaVrW@^m2SK|nlBLavhl>G@5XkEKbVfS|gloj^%|jVghH04{=P#vtbU zXpWYJr}WQE&+61WHoZ-TMs4FB~lB@nI;3K+0;DBYsC2Ed{vP!U8y z)j7H9SHx7$pLfBo-LZ(UktIMtBdDGdP_7>e5`rnDLa=xVL5cEv^{JAQ6h3H%b*9|d)!EM5XZQ0HvaY}$6dC9I*&R*WC?l4XNRpqBMVMgq_G z5fNhN>OjjFqb`9IbD7PiIF9YG7=tlJS=Z$I1U8PwinKIKzP z60-*M2_PcMx+RxDRjJQZXC)wtq6we{L_iEEpoYuPsMTI{&SH!R>y}&s5y5yyW-CE? za$*>;&bd?q+$941)nEOUCc)_N;Pb6!%L(EEnoF>5QO|f1M{#{@cyt74S!){^0i5A7 zOixe0+G;glH^!{vHjqnTj8QQ{tJUhaHkvZVw17t13hZo{E9`s^RV&p8RUMvLuL9%} zc*cl2C20XCfI3i11!$%MIN{2C*5S9j{nx@mShCitg51cxGLE8jM7(i6{l4c(6vdOL zPrUw@KtFIA=u3Z|1j=TC`%#{$R>}_}f`~ZQ4S6LHz@)8vW~TB2FkAj-fZ3>KCjrBi z8R$EC;@?`0dRas~K{c0PeIQ0uL`*9g{YC}{Uj>@Zxk;b`)KdXk0ESD^bWflHJTW#p z`d{hOrOKKomq0`SaH^CiCLaSPjWN@}Y?L#Lzz9GVs3O|6efyr;*w{xNyyMPqEEY?5 zIOiOaQzc_?SD69Q%r} zP}pLvbtWN~VC^BO6XTgUipS5MKKXaRDA1qAIbb|f2`qqNVWMKOcnWypY+v8sMp3IN zB4$#lt5P`^bauWx zIWczsz`1jO6UR|g%$#k`#u2KTOR(C^Cw?|uT9q4PBP0J(t5!}MW2(-%{uD!%C0g!8v?KI~~`qM0AlddSv z+NpZ2@zT`9*lX#hzV4hG1IE&%4*``l>gmyP1%##H16zTep6Bhi*4~s#v3uLj-3Pl% z#an|Q*yDL#hlpITSpoEhSQr{(h~t<>t#-}Zfn=&B^HsGGN6}!tUO!o#E}u;k-7v&aAtnKaVm<5&P;=@_6VBf=hQ?Ji(5u*nO8ojsd2@9OO8>h=9#v+sK)5$Qn0 zlO(tSNJ}xv*mbSMa;REWZ8+yDv5lvi_2zJ+J~L{qolKM3Oh>$_wA@c;Hh3DD)&5L7 zpEhCnbOM{w*qVs2bM|Ph?E$*df8GIf8e=-dn+FiqI}VH|SZi@s!LW233QiN!+qTH= z*|#vJ3Cxg)ktVm2>GKVso)Mr)n+Vqi59m&#l*Xnc&n2J;bXwH{&iQ}`m@A$;#{r5l z&OpmKX@X4?JQp>fdeO}t&5Q(&MIc;Te4sNE9hnHzNCm)fIdT+mX~aO3Mw(=zY-Py& zeajLMRt5uvnFs(s4Fkx6=g!eg*fcH{qLsdOECXTX5x~nty8`4~UIKe9N2&i0zpZx9 TkjfyL00000NkvXXu0mjfZ>q5L literal 0 HcmV?d00001 diff --git a/tinc/logo.png b/tinc/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..84e06b05ee80098bb446aac5b6e234eeb68e09ba GIT binary patch literal 5016 zcmV;J6KCv+P)*`SIP|w_*T5S(K)VVQ5+afb=!8QjvWxJ-`@ajKLTK#!O9` zTyjkqeZPW>Eos>O?H!CUQ$WjoH@Mq@rO`Km&$*$&xRdTia9ub4&wLY%0doM?m<7;r z02~YI0N%@?R{{Rpbv(v!A|^Z_NC*c}fpjANUI+Z34&X%ZTiXCu+X;Vw3t)f^0A??6 z)}%4X_-Qd@_(16CUrQwFyh%>If;x~+nd?EP2?Q=M7LSx9M^|~#IKx<6vf6mr zs5&w(Qy62+GI+sFnrFN4)td3@m_#qW5VusA& zG5FjX9H?y9kpS+xJdyUOnVUUWYIW55YZpbo-fB+yO3QN?YXZHXgs)mJm5%tQb5X*v zi-Q!gwA5<&7C=i7#Eq=p;3%!y6%RHG@JN?vyiC~y;nXGoR%|kN0I=xMM^6A?lQB1v ztO6@tT}isIc84*pYlf#Qm!BON6V;k`Nd+N!wT_hH_UT)0Gsex&SOo(eMAbgOz1MSQus|ua?gn5tJOE)ehP4fP zfRm27qym9cNBVJr?|Vtzrv`+fhix?z1}9enu<8w~wz=!x46xB`zYKu?h&p#_#O-$y zz3sYgB<`j0>Q@6g4^p_$+Y3 z$9N)>H6f+v`J$ka3+YTxo(Jp%u8vj3g2Zr)$;dLtBV<=aR|1@#d}AH>ivZfKbh5TW z0|ywh9dtV#U76U|N0R2Lfou6Pl3EYI_Qx%YF+enI^q@s4QU5^HH6m$R5P!b|U}3f5 z5jcH1If)uObp z2OL`S3VO}+GWgTu&qxk7NrGDH*Z9U8l*ziHO3f|=@zqfxTW`g0g7d;LKGtw2~(Mh54U?xfPxy#BaiwyB*`E?d{Z zXTA$CrEJDu8M!(ye04F__#2FcBuQ8c-WOrR2KZHUDneklRPdXcmPn}Ckb$fyU2MwwESPVJFlx5uFw1LfiBF4aMT)l81=0*Kywj=esyI^@!k@ zaFC&l96|~5+03x#;`($&Ev2T5n95t@>L~;Mgyl;P7F@yr_yS)C880VHtp%+NIQR<~6lIg;au8!nY z`8tv3*4=@ITAjmVnM6xVz}VrUgol3;=kH&OR&>=Pp8&pj!I1Fj(}j+>Zsx9KO}fQ` z4W>`LBggN$G+&Kjh9%o_0r8;uxaOKmZjT>d6W{^PfW}_3u8=*A(~1Slq8@GFfwvz5 z2mzM=&k4SqO}Oh(uN@uVY#8Yyw$1YvU6{=GoLq0y&7P-*L?23nC48!J zRH3ydb=sEiuzEE>S_o+aN+e4zdm5^tGG}^luA^5ej3fg~s}w@{bq6~DYa*zEBouX} z;<#sq{&@n%X)#jFY#aEaG@DpYJNbXM5kU~E<+feAxO$aJWplnD^{$s3sZ=Mr*%OUY z(hm)kygvSYEK~4)yEg~Y)kr;fw941@z1gGRKw5%dSo;C4J1)gd?YY?&D*~L7ov(p( zXTi-117AvYzs-4agWoyA0S`uKv%?9>WlJfMAZy{tcWd_SIYPoZaj+ZHkp4VCZ&K=L zKcz0ax|bLbJCLopQ||V1(l%Dovwr{(;}Zg3NL0He{5<04OS?L^iB=k03LR^WB5AEH z#-gH0-vJ3)(232Z&|qtUO&F?1|AOuvzjPXkho4$h%_15r0bdHF+b!YU{H?ebHb6tD zR4|_Z;g5dKo<@W?RP{Yij_=t1&>;-)cmEt!dB=bCll|<~$8+gom>c6}1z)Bx54Y<~Lt&lkA{&dIxKwS5N%*#6m>(eEM+ua!>uw zuJ2KTDh#G8Kzh=Dd6JK#-;G6^=f5vPq-ar%i7b#o&cjwB<$9bM1{-e!@MT}^L&?K= zG174M?I3C#a3v+>vBYjhKd$U4R-O z{8*7XT16n0<(0uA$rvOQggpY?IKE*ik8h;HUoe%97V*&)7z1J3AOk(j>6px`c{v=+ zvI#8}rYoV9Lzfzep6E^#?X_(KY9@}rsQ9OCBPOgAHhb0su%iuQp{!c!o{iH=ij3kDq| z+eXWbMlG-#%95ch(9O`a;pq)2Dt*496Q6u)3EG-oF9ObrZlP#pyZ*hF>Ya1QZa7Yz zdLvsyHqdDBsu@Pl4>r>AyLItt`&&-aju&E|N1BV9g0{Y^Eh^v(5#)9OBw*XlbJNjW z?%+6rt*JYmj@mcaVQt20IF2q2a$}Xt`y;^Y>}Yf9eJLW=jrYz^O-i;K6B=WFndC2y zKa@m>uL_L`!_ajX^pP7No#JdaT(wkA*(%XB^^{^D{`ZOi|B_#y_e1~`6o#n3m6dt+b zBc+htp=SjEgW*Tb2Ux+&c%4K`zoDCTxGg9s*m2C?+Nu7tH(asYl6)p|QDr%d&FF zF38XxpXBkuQ2z%X01(~AkXf{%j~t~PYQjFIgI;6iOvk=E%Stv}Y#VC4vIN;_Wst*FOk{{BZVKs3cH#QTBKRW56_3dfD^ z_`r+JGj>1_AS}eVP+c9t!82$2uChX3Qm>(XQMCkc>Ve&tB)fsjZ#qYN9O=o&`SA_4 zj4y;V>{%(Y@9r%7q^vFO27ncU?h2vRH5#Bc(W%?`%zkfoo>Ofq4|~?^S(&W;uZ%Hu zHmyTx8|i~3B-F*^^l)lDRQAM+#kcOtqCF8!F$)pMELq+>>m4(5SDyND=NG@~Mpok$%U3qfY%Yu(Jz3Od zVl+}EgNDW9o$q;j``=vUH2hi}dI2p-tu69#<-zdj-}ZXly~%OTji)y(jR0x$i8~ji z9!@?*Cy2v;y!Ft)t4nVjcJ$=%UH|rQ`I}dK{E|J1=-HwNU^Pei-oB_>z0vpX)~9~T z>S=0hTm|(wxc>6y@;V!?BmCgK(|q96_B3oi_2GMlcW&(`^RBPm7~y;OtcL3H`+38T zM#ThIUNgNy*m2zUX4znV{BW^g$=NFw{^p@DSF&Y`lhZ`?k|;|~j{8{6{29?FUOi7U zouuau^4lkV`tWSWY~kL4y9i&qsF+{=!xiz18Ue2pzF zm0beJ*7USm`sy9Sm`-~9)v~rLE?c{DA#`rN^>F{I3%_2>A3SY$vEa(j=Q3ZtIG4HP z{c+S$MDHs`ceK!eu%xgQVj|nSvKpfI{W7M7DBnE&*Ly}YE#Es(B))ihZ6X=(kKEk% zcFBR_;(JY>!n^dALiUuL>*!nsh=%1+2&>0b$8I3?RJ9|~sYQ*ayKJ9wqJf^A2JSrL zp1Cag6<>i~kND8{O%L=<3Pz`_6P&P5i~t<(}Nt=G;tcl{*q4EXDdP`4LNS*x1Xi*W#N3!cx6dYcNK7nTXzG9DXWqHk%Y$PG9*EjpcwGwj@SE@B5IE zrmcp(Z3Azs8Ti#Nt}PItl_f-TI$*F?%i)vrwl&jtk7*8RcgR!}w7Oj5BVkyUOD@*&hqj2FofxOk2XV>}o3t{B3k| z5WBTX20{ph(76LxM=Sm5fZXVYtu$JcOpsDNz^d9}B-7EEayf|<6O)rq4>IWZk_Mr) zw9bXy)u2REFPU$q-*rp>eY~Hie=8xPZ`Dzg=!TkH9Jv!p1&F#mO1xv%>vWpIpaIb| zeC5{~ezJ+8!X79E_JDXFw5kDO9U1D|{U4POW5Pm_LzWeXd@3UKO z>|3=_8hP8Pf0Lqizw5g0wJ{4`zUtQom+%#Pj4`IWbEg~K2-TMlj?C*H&wb zU)q-SX`tf53%>U|V~jbl_3{(4-reAq|IMkywGS?P z_a9d(mCA8%*_Z?*)}2#t#cuTG;se47zkGCg>D;_> /data/.ssh/authorized_keys + done <<< "$(bashio::config 'authorized_keys')" + + chmod 600 /data/.ssh/authorized_keys + + # Unlock account + PASSWORD="$(pwgen -s 64 1)" + echo "root:${PASSWORD}" | chpasswd 2&> /dev/null +elif bashio::config.has_value 'password'; then + bashio::log.info "Setup password login" + + PASSWORD=$(bashio::config 'password') + echo "root:${PASSWORD}" | chpasswd 2&> /dev/null +elif bashio::var.has_value "$(bashio::addon.port 22)"; then + bashio::exit.nok "You need to setup a login!" +fi + +# Generate config +mkdir -p /etc/ssh +tempio \ + -conf /data/options.json \ + -template /usr/share/tempio/sshd_config \ + -out /etc/ssh/sshd_config diff --git a/tinc/rootfs/etc/fix-attrs.d/cli b/tinc/rootfs/etc/fix-attrs.d/cli new file mode 100644 index 0000000..dbd6e17 --- /dev/null +++ b/tinc/rootfs/etc/fix-attrs.d/cli @@ -0,0 +1,4 @@ +/usr/bin/hassio false root 0755 0755 +/usr/bin/ha false root 0755 0755 +/usr/local/bin/reboot false root 0755 0755 +/usr/local/bin/shutdown false root 0755 0755 diff --git a/tinc/rootfs/etc/fix-attrs.d/profile b/tinc/rootfs/etc/fix-attrs.d/profile new file mode 100644 index 0000000..45857cb --- /dev/null +++ b/tinc/rootfs/etc/fix-attrs.d/profile @@ -0,0 +1,2 @@ +/data/.bash_history false root 0600 0755 +/data/.bash_profile false root 0600 0755 diff --git a/tinc/rootfs/etc/fix-attrs.d/ssh b/tinc/rootfs/etc/fix-attrs.d/ssh new file mode 100644 index 0000000..a6fdf24 --- /dev/null +++ b/tinc/rootfs/etc/fix-attrs.d/ssh @@ -0,0 +1,3 @@ +/data/.ssh false root 0644 0700 +/data/.ssh/authorized_keys false root 0600 0755 +/etc/ssh false root 0644 0755 diff --git a/tinc/rootfs/etc/services.d/sshd/finish b/tinc/rootfs/etc/services.d/sshd/finish new file mode 100644 index 0000000..e5bd8e5 --- /dev/null +++ b/tinc/rootfs/etc/services.d/sshd/finish @@ -0,0 +1,8 @@ +#!/usr/bin/execlineb -S1 +# ============================================================================== +# Take down the S6 supervision tree when sshd fails +# ============================================================================== +if { s6-test ${1} -ne 0 } +if { s6-test ${1} -ne 256 } + +s6-svscanctl -t /var/run/s6/services diff --git a/tinc/rootfs/etc/services.d/sshd/run b/tinc/rootfs/etc/services.d/sshd/run new file mode 100644 index 0000000..4be0401 --- /dev/null +++ b/tinc/rootfs/etc/services.d/sshd/run @@ -0,0 +1,13 @@ +#!/usr/bin/with-contenv bashio +# ============================================================================== +# Start sshd service if enabled +# ============================================================================== + +# If SSH is disabled, use a fake sleep process +if ! bashio::var.has_value "$(bashio::addon.port 22)"; then + bashio::log.warning "SSH port is disabled. Prevent start of SSH server." + exec sleep infinity +fi + +bashio::log.info "Starting the SSH daemon..." +exec /usr/sbin/sshd -D -e diff --git a/tinc/rootfs/etc/services.d/ttyd/finish b/tinc/rootfs/etc/services.d/ttyd/finish new file mode 100644 index 0000000..2235a70 --- /dev/null +++ b/tinc/rootfs/etc/services.d/ttyd/finish @@ -0,0 +1,8 @@ +#!/usr/bin/execlineb -S1 +# ============================================================================== +# Take down the S6 supervision tree when ttyd fails +# ============================================================================== +if { s6-test ${1} -ne 0 } +if { s6-test ${1} -ne 256 } + +s6-svscanctl -t /var/run/s6/services diff --git a/tinc/rootfs/etc/services.d/ttyd/run b/tinc/rootfs/etc/services.d/ttyd/run new file mode 100644 index 0000000..b9ea319 --- /dev/null +++ b/tinc/rootfs/etc/services.d/ttyd/run @@ -0,0 +1,8 @@ +#!/usr/bin/with-contenv bashio +# ============================================================================== +# Start ttyd service for ingress +# ============================================================================== +bashio::log.info "Starting Web Terminal..." +cd /root || bashio::exit.nok "Can't find root folder!" + +exec ttyd -p 8099 tmux -u new -A -s homeassistant bash -l \ No newline at end of file diff --git a/tinc/rootfs/root/.bash_history b/tinc/rootfs/root/.bash_history new file mode 120000 index 0000000..ee4752b --- /dev/null +++ b/tinc/rootfs/root/.bash_history @@ -0,0 +1 @@ +/data/.bash_history \ No newline at end of file diff --git a/tinc/rootfs/root/.bash_profile b/tinc/rootfs/root/.bash_profile new file mode 120000 index 0000000..c79acaf --- /dev/null +++ b/tinc/rootfs/root/.bash_profile @@ -0,0 +1 @@ +/data/.bash_profile \ No newline at end of file diff --git a/tinc/rootfs/root/.ssh b/tinc/rootfs/root/.ssh new file mode 120000 index 0000000..71426d9 --- /dev/null +++ b/tinc/rootfs/root/.ssh @@ -0,0 +1 @@ +/data/.ssh \ No newline at end of file diff --git a/tinc/rootfs/root/.tmux.conf b/tinc/rootfs/root/.tmux.conf new file mode 100644 index 0000000..fff27cf --- /dev/null +++ b/tinc/rootfs/root/.tmux.conf @@ -0,0 +1,25 @@ +set-option -g default-terminal $TERM +set-option -g base-index 1 +setw -g pane-base-index 1 +setw -g window-status-format "#[fg=white]#[bg=blue] #I #[bg=blue]#[fg=white] #W " +setw -g window-status-current-format "#[bg=brightmagenta]#[fg=white] *#I #[fg=white,bold]#[bg=cyan] [#W] " +set -g status-fg white +set -g status-bg blue +set -g status-left '' +set -g status-right '%a %m-%d %H:%M' +set -g mouse on +unbind C-b +set-option -g prefix C-a +bind-key C-a send-prefix +bind | split-window -h +bind \\ split-window -h +bind - split-window -v +unbind '"' +unbind % +bind -n M-Left select-pane -L +bind -n M-Right select-pane -R +bind -n M-Up select-pane -U +bind -n M-Down select-pane -D +set -s escape-time 0 +bind-key -T copy-mode-vi MouseDragEnd1Pane send-keys -X copy-pipe-and-cancel "xclip -selection clipboard -i" +bind-key -T copy-mode MouseDragEnd1Pane send-keys -X copy-pipe-and-cancel "xclip -selection clipboard -i" diff --git a/tinc/rootfs/usr/bin/hassio b/tinc/rootfs/usr/bin/hassio new file mode 100644 index 0000000..e38eb86 --- /dev/null +++ b/tinc/rootfs/usr/bin/hassio @@ -0,0 +1,3 @@ +#!/usr/bin/env bashio +bashio::log.yellow "The 'hassio' command is deprecated, please use 'ha' instead!" +ha "$@" diff --git a/tinc/rootfs/usr/local/bin/reboot b/tinc/rootfs/usr/local/bin/reboot new file mode 100644 index 0000000..8ab1828 --- /dev/null +++ b/tinc/rootfs/usr/local/bin/reboot @@ -0,0 +1,5 @@ +#!/usr/bin/with-contenv bashio +# ============================================================================== +# This script overrides the reboot command to reboot the host machine. +# ============================================================================== +bashio::host.reboot diff --git a/tinc/rootfs/usr/local/bin/shutdown b/tinc/rootfs/usr/local/bin/shutdown new file mode 100644 index 0000000..4697fda --- /dev/null +++ b/tinc/rootfs/usr/local/bin/shutdown @@ -0,0 +1,5 @@ +#!/usr/bin/with-contenv bashio +# ============================================================================== +# This script overrides the shutdown command to shutdown the host machine. +# ============================================================================== +bashio::host.shutdown diff --git a/tinc/rootfs/usr/share/tempio/homeassistant.profile b/tinc/rootfs/usr/share/tempio/homeassistant.profile new file mode 100644 index 0000000..793f4b5 --- /dev/null +++ b/tinc/rootfs/usr/share/tempio/homeassistant.profile @@ -0,0 +1,5 @@ +#!/usr/bin/env bash +export PS1="\[\e[0;32m\][\h \W]\$ \[\e[m\]" +export SUPERVISOR_TOKEN={{ .supervisor_token }} + +ha banner diff --git a/tinc/rootfs/usr/share/tempio/sshd_config b/tinc/rootfs/usr/share/tempio/sshd_config new file mode 100644 index 0000000..72e4255 --- /dev/null +++ b/tinc/rootfs/usr/share/tempio/sshd_config @@ -0,0 +1,26 @@ +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# Logging +LogLevel INFO + +# Default +AllowTcpForwarding {{ if .server.tcp_forwarding }}yes{{ else }}no{{ end }} +GatewayPorts no +X11Forwarding no + +Subsystem sftp /usr/lib/ssh/sftp-server + +# Authentication: +PermitRootLogin yes + +Banner none +PrintMotd no + +{{ if .authorized_keys }} +PasswordAuthentication no +{{ else if .password }} +PasswordAuthentication yes +PermitEmptyPasswords no +{{ end }} +