nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gluon-authorized-keys: add unauthorized_keys to remove access

Browse Source
This commit is contained in:
Maciej Krüger 2022-12-13 22:40:23 +01:00
parent 1780bafafc
commit c4ab768f4b
No known key found for this signature in database
GPG Key ID: 0D948CE19CF49C5F
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
package/gluon-authorized-keys/check_site.lua
View File

@ -1 +1,2 @@
need_string_array(in_site({'authorized_keys'})) need_string_array(in_site({'authorized_keys'}))
need_string_array(in_site({'unauthorized_keys'}), false)

12
package/gluon-authorized-keys/luasrc/lib/gluon/upgrade/100-authorized-keys
View File

@ -4,6 +4,7 @@ local site = require 'gluon.site'
local file = '/etc/dropbear/authorized_keys' local file = '/etc/dropbear/authorized_keys'
local keys = {} local keys = {}
local rm_keys = {}
local function load_keys() local function load_keys()
for line in io.lines(file) do for line in io.lines(file) do
@ -11,12 +12,21 @@ local function load_keys()
end end
end end
for _, key in ipairs(site.unauthorized_keys({})) do
rm_keys[key] = true
end
pcall(load_keys) pcall(load_keys)
local f = io.open(file, 'a') local f = io.open(file, 'w')
for _, key in ipairs(site.authorized_keys()) do for _, key in ipairs(site.authorized_keys()) do
if not keys[key] then if not keys[key] then
f:write(key .. '\n') f:write(key .. '\n')
end end
end end
for key, _ in pairs(keys) do
if not rm_keys[key] then
f:write(key .. '\n')
end
end
f:close() f:close()