agala/server-initializer
1
0
Fork 0
mirror of https://github.com/elAgala/server-initializer.git synced 2026-02-14 05:06:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: make ssh keys required

Browse Source
This commit is contained in:
elAgala
2026-02-13 15:15:33 -03:00
parent 30de8ce245
commit 444c8d5c1f
3 changed files with 31 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -3,13 +3,15 @@
## Installation ## Installation
```bash ```bash
export ADMIN_SSH_KEY='ssh-ed25519 AAAA...'
export DEPLOY_SSH_KEY='ssh-ed25519 AAAA...'
curl -fsSL https://raw.githubusercontent.com/elAgala/server-initializer/main/index.sh | bash -s <username> curl -fsSL https://raw.githubusercontent.com/elAgala/server-initializer/main/index.sh | bash -s <username>
``` ```
Or remotely via SSH: Or remotely via SSH:
```bash ```bash
ssh root@<host> "curl -fsSL https://raw.githubusercontent.com/elAgala/server-initializer/main/index.sh | bash -s <username>" ssh root@<host> "ADMIN_SSH_KEY='ssh-ed25519 AAAA...' DEPLOY_SSH_KEY='ssh-ed25519 AAAA...' bash -c '\$(curl -fsSL https://raw.githubusercontent.com/elAgala/server-initializer/main/index.sh)' -- <username>"
``` ```

26
src/install.sh
View File

@@ -34,6 +34,25 @@ fi
# Get the repository directory (parent of src/) # Get the repository directory (parent of src/)
REPO_DIR="$(dirname "$PWD")" REPO_DIR="$(dirname "$PWD")"
# Validate required SSH keys (skip in development mode)
if [ "$DEVELOPMENT_MODE" = "false" ]; then
missing=""
if [ -z "${ADMIN_SSH_KEY:-}" ]; then
missing="ADMIN_SSH_KEY"
fi
if [ -z "${DEPLOY_SSH_KEY:-}" ]; then
missing="${missing:+$missing, }DEPLOY_SSH_KEY"
fi
if [ -n "$missing" ]; then
echo "ERROR: Missing required environment variables: $missing"
echo "SSH keys are required because password authentication will be disabled."
echo ""
echo "Usage:"
echo " ADMIN_SSH_KEY='ssh-ed25519 ...' DEPLOY_SSH_KEY='ssh-ed25519 ...' $0 <username>"
exit 1
fi
fi
# Log file for verbose output # Log file for verbose output
LOG_FILE="/var/log/server-initializer.log" LOG_FILE="/var/log/server-initializer.log"
> "$LOG_FILE" > "$LOG_FILE"
@@ -100,6 +119,13 @@ echo "USERS"
echo " Admin: $1 / $ADMIN_USER_PASSWORD" echo " Admin: $1 / $ADMIN_USER_PASSWORD"
echo " Deploy: deploy / $DEPLOY_USER_PASSWORD" echo " Deploy: deploy / $DEPLOY_USER_PASSWORD"
echo "" echo ""
echo "SSH"
echo " Config: /etc/ssh/sshd_config.d/server-initializer.conf"
echo " Admin: key installed"
echo " Deploy: key installed"
echo " Root login: disabled"
echo " Password auth: disabled"
echo ""
echo "WEB SERVER (Caddy)" echo "WEB SERVER (Caddy)"
echo " Dir: /home/$1/web-server" echo " Dir: /home/$1/web-server"
echo " Sites: /home/$1/web-server/caddy/sites-enabled/" echo " Sites: /home/$1/web-server/caddy/sites-enabled/"

3
src/user/ssh_config.sh
View File

@@ -25,7 +25,8 @@ function config_ssh() {
echo "$public_key" | sudo tee -a "$ssh_dir/authorized_keys" >/dev/null echo "$public_key" | sudo tee -a "$ssh_dir/authorized_keys" >/dev/null
echo "[ SSH ]: Public key added to $ssh_dir/authorized_keys." echo "[ SSH ]: Public key added to $ssh_dir/authorized_keys."
else else
echo "[ SSH ]: WARNING: No SSH key provided for $username (set ADMIN_SSH_KEY / DEPLOY_SSH_KEY)" echo "[ SSH ]: ERROR: No SSH key provided for $username"
return 1
fi fi
# Create SSH configuration file instead of modifying main sshd_config # Create SSH configuration file instead of modifying main sshd_config