blob: de5d480b6289cb1bbce27cc2d7ca906edefed836 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
ENDOFORGE_BACKUPS = y
ifneq (,$(ENDOFORGE_BACKUPS))
SUFFIX := ~$(shell date -Ins | tr -d :)
INSTALL := install -b --suffix=$(SUFFIX)
MV := mv -b --suffix=$(SUFFIX)
else
INSTALL = install
MV = mv
endif
ifeq ($(shell id -u),0)
SUDO =
else
SUDO = sudo
endif
HAVE_ROOT != $(SUDO) true && echo y || true
ROOT_INSTALL = $(SUDO) $(INSTALL)
USER != echo "$${SUDO_USER:-$$(id -un)}"
SSH_CONFIG_DIR = /etc/ssh
SSHD_CONFIG_DIR = $(SSH_CONFIG_DIR)/sshd_config.d
SSH_LIB_DIR = /usr/lib/ssh
USER_SSH_CONFIG_DIR = ~$(USER)/.ssh
BROWSER != 2>/dev/null which xdg-open || which w3m || which links || which elinks
.PHONY: install install-user install-user-config install-root shared doc test
doc: README.html
$(BROWSER) $<
shared: install
git config core.self-forge true
SRC = src
SOURCE_NAMES = AnonymousAccessCommand anonymous-access.conf AuthorizedKeysCommand sshd_config
SOURCES = $(addprefix $(SRC), $(SOURCE_NAMES))
KEYTYPE = ed25519
define EDIT_SSHD
sed \
-e 's?ForceCommand=$$?&$(HOME)/.ssh/AnonymousAccessCommand?' \
-e 's?AuthorizedKeysCommandUser=$$?&$(USER)?' \
-e 's?HostKey=$$?&$(HOME)/.ssh/id_$(KEYTYPE)?' \
-e 's?PidFile=$$?&$(HOME)/.ssh/sshd.pid?'
endef
install: $(if $(HAVE_ROOT), install-root, install-user)
install-user-config:
$(INSTALL) -d ~/.ssh
$(INSTALL) -t ~/.ssh $(SRC)/AnonymousAccessCommand
~/.ssh/id_ed25519:
ssh-keygen -t ed25519 -P '' -f $@
install-user: install-user-config ~/.ssh/id_ed25519
$(EDIT_SSHD) < $(SRC)/sshd_config > ~/.ssh/sshd_config.tmp
$(MV) ~/.ssh/sshd_config.tmp ~/.ssh/sshd_config
$(INSTALL) -m0644 -t ~/.config/systemd/user $(SRC)/sshd.service
systemctl --user daemon-reload
systemctl --user enable sshd
systemctl --user restart sshd
install-root: install-user-config
$(ROOT_INSTALL) -d "$(SSH_CONFIG_DIR)" "$(SSHD_CONFIG_DIR)" "$(SSH_LIB_DIR)" || true
$(ROOT_INSTALL) -m0644 -t "$(SSHD_CONFIG_DIR)" $(SRC)/anonymous-access.conf || true
$(ROOT_INSTALL) -t "$(SSH_LIB_DIR)" $(SRC)/AuthorizedKeysCommand || true
[ -e /etc/ssh/AuthorizedKeysCommand ] || $(SUDO) ln -s -t /etc/ssh "$(SSH_LIB_DIR)"/AuthorizedKeysCommand
$(SUDO) systemctl reload sshd
README.html: README.md
pandoc -s --css "$(SRC)"/style.css -t html $< -o $@
test:
make -C test
|
