forked ssh and installed tinc

2022-01-13 02:04:01 +01:00
parent a073c3af33
commit e69591d2b8
28 changed files with 500 additions and 0 deletions
--- a/tinc/rootfs/etc/cont-init.d/apks.sh
+++ b/tinc/rootfs/etc/cont-init.d/apks.sh
@ -0,0 +1,16 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# SSH install additional packages on startup
+# ==============================================================================
+
+if ! bashio::config.has_value "apks"; then
+    bashio::exit.ok
+fi
+
+apk update \
+    || bashio::exit.nok "Failed updating Alpine packages indexes"
+
+for package in $(bashio::config "apks"); do
+    apk add "$package" \
+        || bashio::exit.nok "Failed installing ${package}"
+done
--- a/tinc/rootfs/etc/cont-init.d/keygen.sh
+++ b/tinc/rootfs/etc/cont-init.d/keygen.sh
@ -0,0 +1,16 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# SSH Host keys
+# ==============================================================================
+readonly KEYS_PATH=/data/host_keys
+
+if ! bashio::fs.directory_exists "${KEYS_PATH}"; then
+    bashio::log.info "Generating host keys..."
+
+    mkdir -p "${KEYS_PATH}"
+    ssh-keygen -A || bashio::exit.nok "Failed to create host keys!"
+    cp -fp /etc/ssh/ssh_host* "${KEYS_PATH}/"
+else
+    bashio::log.info "Restoring host keys..."
+    cp -fp "${KEYS_PATH}"/* /etc/ssh/
+fi
--- a/tinc/rootfs/etc/cont-init.d/profile.sh
+++ b/tinc/rootfs/etc/cont-init.d/profile.sh
@ -0,0 +1,42 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# Setup persistent user settings
+# ==============================================================================
+readonly DIRECTORIES=(addons backup config share ssl)
+
+# Persist shell history by redirecting .bash_history to /data
+if ! bashio::fs.file_exists /data/.bash_profile; then
+    touch /data/.bash_history
+    chmod 600 /data/.bash_history
+fi
+
+# Make Home Assistant TOKEN available on the CLI
+mkdir -p /etc/profile.d
+bashio::var.json \
+    supervisor_token "${SUPERVISOR_TOKEN}" \
+    | tempio \
+        -template /usr/share/tempio/homeassistant.profile \
+        -out /etc/profile.d/homeassistant.sh
+
+
+# Persist shell profile by redirecting .bash_profile to /data
+if ! bashio::fs.file_exists /data/.bash_profile; then
+    touch /data/.bash_profile
+    chmod 600 /data/.bash_profile
+fi
+
+# Links some common directories to the user's home folder for convenience
+for dir in "${DIRECTORIES[@]}"; do
+    ln -s "/${dir}" "${HOME}/${dir}" \
+        || bashio::log.warning "Failed linking common directory: ${dir}"
+done
+
+# Sets up the users .ssh folder to be persistent
+if ! bashio::fs.directory_exists /data/.ssh; then
+    mkdir -p /data/.ssh \
+        || bashio::exit.nok 'Failed to create a persistent .ssh folder'
+
+    chmod 700 /data/.ssh \
+        || bashio::exit.nok \
+            'Failed setting permissions on persistent .ssh folder'
+fi
--- a/tinc/rootfs/etc/cont-init.d/ssh.sh
+++ b/tinc/rootfs/etc/cont-init.d/ssh.sh
@ -0,0 +1,34 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# SSH setup & user
+# ==============================================================================
+if bashio::config.has_value 'authorized_keys'; then
+    bashio::log.info "Setup authorized_keys"
+
+    mkdir -p /data/.ssh
+    chmod 700 /data/.ssh
+    rm -f /data/.ssh/authorized_keys
+    while read -r line; do
+        echo "$line" >> /data/.ssh/authorized_keys
+    done <<< "$(bashio::config 'authorized_keys')"
+
+    chmod 600 /data/.ssh/authorized_keys
+
+    # Unlock account
+    PASSWORD="$(pwgen -s 64 1)"
+    echo "root:${PASSWORD}" | chpasswd 2&> /dev/null
+elif bashio::config.has_value 'password'; then
+    bashio::log.info "Setup password login"
+
+    PASSWORD=$(bashio::config 'password')
+    echo "root:${PASSWORD}" | chpasswd 2&> /dev/null
+elif bashio::var.has_value "$(bashio::addon.port 22)"; then
+    bashio::exit.nok "You need to setup a login!"
+fi
+
+# Generate config
+mkdir -p /etc/ssh
+tempio \
+    -conf /data/options.json \
+    -template /usr/share/tempio/sshd_config \
+    -out /etc/ssh/sshd_config
--- a/tinc/rootfs/etc/fix-attrs.d/cli
+++ b/tinc/rootfs/etc/fix-attrs.d/cli
@ -0,0 +1,4 @@
+/usr/bin/hassio false root 0755 0755
+/usr/bin/ha false root 0755 0755
+/usr/local/bin/reboot false root 0755 0755
+/usr/local/bin/shutdown false root 0755 0755
--- a/tinc/rootfs/etc/fix-attrs.d/profile
+++ b/tinc/rootfs/etc/fix-attrs.d/profile
@ -0,0 +1,2 @@
+/data/.bash_history false root 0600 0755
+/data/.bash_profile false root 0600 0755
--- a/tinc/rootfs/etc/fix-attrs.d/ssh
+++ b/tinc/rootfs/etc/fix-attrs.d/ssh
@ -0,0 +1,3 @@
+/data/.ssh false root 0644 0700
+/data/.ssh/authorized_keys false root 0600 0755
+/etc/ssh false root 0644 0755
--- a/tinc/rootfs/etc/services.d/sshd/finish
+++ b/tinc/rootfs/etc/services.d/sshd/finish
@ -0,0 +1,8 @@
+#!/usr/bin/execlineb -S1
+# ==============================================================================
+# Take down the S6 supervision tree when sshd fails
+# ==============================================================================
+if { s6-test ${1} -ne 0 }
+if { s6-test ${1} -ne 256 }
+
+s6-svscanctl -t /var/run/s6/services
--- a/tinc/rootfs/etc/services.d/sshd/run
+++ b/tinc/rootfs/etc/services.d/sshd/run
@ -0,0 +1,13 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# Start sshd service if enabled
+# ==============================================================================
+
+# If SSH is disabled, use a fake sleep process
+if ! bashio::var.has_value "$(bashio::addon.port 22)"; then
+    bashio::log.warning "SSH port is disabled. Prevent start of SSH server." 
+    exec sleep infinity
+fi
+
+bashio::log.info "Starting the SSH daemon..."
+exec /usr/sbin/sshd -D -e
--- a/tinc/rootfs/etc/services.d/ttyd/finish
+++ b/tinc/rootfs/etc/services.d/ttyd/finish
@ -0,0 +1,8 @@
+#!/usr/bin/execlineb -S1
+# ==============================================================================
+# Take down the S6 supervision tree when ttyd fails
+# ==============================================================================
+if { s6-test ${1} -ne 0 }
+if { s6-test ${1} -ne 256 }
+
+s6-svscanctl -t /var/run/s6/services
--- a/tinc/rootfs/etc/services.d/ttyd/run
+++ b/tinc/rootfs/etc/services.d/ttyd/run
@ -0,0 +1,8 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# Start ttyd service for ingress
+# ==============================================================================
+bashio::log.info "Starting Web Terminal..."
+cd /root || bashio::exit.nok "Can't find root folder!"
+
+exec ttyd -p 8099 tmux -u new -A -s homeassistant bash -l
--- a/tinc/rootfs/root/.bash_history
+++ b/tinc/rootfs/root/.bash_history
@ -0,0 +1 @@
+/data/.bash_history
--- a/tinc/rootfs/root/.bash_profile
+++ b/tinc/rootfs/root/.bash_profile
@ -0,0 +1 @@
+/data/.bash_profile
--- a/tinc/rootfs/root/.ssh
+++ b/tinc/rootfs/root/.ssh
@ -0,0 +1 @@
+/data/.ssh
--- a/tinc/rootfs/root/.tmux.conf
+++ b/tinc/rootfs/root/.tmux.conf
@ -0,0 +1,25 @@
+set-option -g default-terminal $TERM
+set-option -g base-index 1
+setw -g pane-base-index 1
+setw -g window-status-format "#[fg=white]#[bg=blue] #I #[bg=blue]#[fg=white] #W "
+setw -g window-status-current-format "#[bg=brightmagenta]#[fg=white] *#I #[fg=white,bold]#[bg=cyan] [#W] "
+set -g status-fg white
+set -g status-bg blue
+set -g status-left ''
+set -g status-right '%a %m-%d %H:%M'
+set -g mouse on
+unbind C-b
+set-option -g prefix C-a
+bind-key C-a send-prefix
+bind | split-window -h
+bind \\ split-window -h
+bind - split-window -v
+unbind '"'
+unbind %
+bind -n M-Left select-pane -L
+bind -n M-Right select-pane -R
+bind -n M-Up select-pane -U
+bind -n M-Down select-pane -D
+set -s escape-time 0
+bind-key -T copy-mode-vi MouseDragEnd1Pane send-keys -X copy-pipe-and-cancel "xclip -selection clipboard -i"
+bind-key -T copy-mode MouseDragEnd1Pane send-keys -X copy-pipe-and-cancel "xclip -selection clipboard -i"
--- a/tinc/rootfs/usr/bin/hassio
+++ b/tinc/rootfs/usr/bin/hassio
@ -0,0 +1,3 @@
+#!/usr/bin/env bashio
+bashio::log.yellow "The 'hassio' command is deprecated, please use 'ha' instead!"
+ha "$@"
--- a/tinc/rootfs/usr/local/bin/reboot
+++ b/tinc/rootfs/usr/local/bin/reboot
@ -0,0 +1,5 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# This script overrides the reboot command to reboot the host machine.
+# ==============================================================================
+bashio::host.reboot
--- a/tinc/rootfs/usr/local/bin/shutdown
+++ b/tinc/rootfs/usr/local/bin/shutdown
@ -0,0 +1,5 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# This script overrides the shutdown command to shutdown the host machine.
+# ==============================================================================
+bashio::host.shutdown
--- a/tinc/rootfs/usr/share/tempio/homeassistant.profile
+++ b/tinc/rootfs/usr/share/tempio/homeassistant.profile
@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+export PS1="\[\e[0;32m\][\h \W]\$ \[\e[m\]"
+export SUPERVISOR_TOKEN={{ .supervisor_token }}
+
+ha banner
--- a/tinc/rootfs/usr/share/tempio/sshd_config
+++ b/tinc/rootfs/usr/share/tempio/sshd_config
@ -0,0 +1,26 @@
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# Logging
+LogLevel INFO
+
+# Default
+AllowTcpForwarding {{ if .server.tcp_forwarding }}yes{{ else }}no{{ end }}
+GatewayPorts no
+X11Forwarding no
+
+Subsystem       sftp    /usr/lib/ssh/sftp-server
+
+# Authentication:
+PermitRootLogin yes
+
+Banner none
+PrintMotd no
+
+{{ if .authorized_keys }}
+PasswordAuthentication no
+{{ else if .password }}
+PasswordAuthentication yes
+PermitEmptyPasswords no
+{{ end }}
+