bundles/sshmon: do not rely on bundle:users to create sshmon user

2021-01-16 22:21:27 +01:00 · 2021-01-16 22:21:27 +01:00 · ad84f62c0d
parent 988c71a6fb
commit ad84f62c0d
2 changed files with 17 additions and 14 deletions
--- a/bundles/sshmon/items.py
+++ b/bundles/sshmon/items.py
@ -1,3 +1,5 @@
+from os.path import join
+
 def collect_commands():
    check_commands = {}

@ -15,6 +17,13 @@ def collect_commands():
    return check_commands


+users = {
+    'sshmon': {
+        'password_hash': 'x',
+        'home': '/home/sshmon',
+    },
+}
+
 pkg_apt = {
    'gawk': {},  # needed by check_ram
    'libwww-perl': {},  # needed by check_nginx_status
@ -24,6 +33,9 @@ pkg_apt = {

 check_commands = collect_commands()

+with open(join(repo.path, 'data', 'sshmon', 'sshmon.pub'), 'r') as fp:
+    pubkey = fp.read().strip()
+
 files = {
    '/etc/sshmon.cfg': {
        'content_type': 'mako',
@ -41,6 +53,11 @@ files = {
    '/usr/local/sbin/sshmon': {
        'mode': '0755',
    },
+    '/home/sshmon/.ssh/authorized_keys': {
+        'content': 'command="/usr/local/sbin/sshmon" {}\n'.format(pubkey),
+        'owner': 'sshmon',
+        'mode': '0400',
+    },
 }

 for check in {
--- a/bundles/sshmon/metadata.py
+++ b/bundles/sshmon/metadata.py
@ -1,12 +1,7 @@
 from bundlewrap.utils import Fault

-from os.path import join
 from re import sub

-
-with open(join(repo.path, 'data', 'sshmon', 'sshmon.pub'), 'r') as fp:
-    pubkey = fp.read().strip()
-
 defaults = {
    'apt': {
        'packages': {
@ -25,15 +20,6 @@ defaults = {
            },
        },
    },
-    'users': {
-        'sshmon': {
-            'password_hash': 'x',
-            'ssh_pubkey': {
-                'command="/usr/local/sbin/sshmon" {}'.format(pubkey),
-            },
-            'sudo_commands': [],
-        },
-    },
 }