Moduletrace/turboci-admin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates

Browse Source
This commit is contained in:
Benjamin Toby 2026-03-11 13:16:11 +00:00
parent 42dd622ad2
commit 1ecc1374d2
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/functions/deployment-users/setup-deployment-user.ts
View File

@ -1,4 +1,5 @@
import { NSQLITE_TURBOCI_ADMIN_USERS, NSQLiteTables } from "@/src/db/types"; import { NSQLITE_TURBOCI_ADMIN_USERS, NSQLiteTables } from "@/src/db/types";
import { _n } from "@/src/exports/client-exports";
import NSQLite from "@moduletrace/nsqlite"; import NSQLite from "@moduletrace/nsqlite";
import { existsSync } from "fs"; import { existsSync } from "fs";
@ -12,6 +13,7 @@ export default async function setupDeploymentUser({ user_id }: Params) {
(typeof NSQLiteTables)[number] (typeof NSQLiteTables)[number]
>({ >({
table: "users", table: "users",
targetId: _n(user_id),
}); });
const target_user = target_user_res.singleRes; const target_user = target_user_res.singleRes;
@ -23,12 +25,40 @@ export default async function setupDeploymentUser({ user_id }: Params) {
const { username } = target_user; const { username } = target_user;
const user_dir = `/home/${username}`; const user_dir = `/home/${username}`;
const ssh_dir = `${user_dir}/.ssh`;
const ssh_key_file = `${ssh_dir}/${username}`;
const sshd_config_file = `/etc/ssh/sshd_config.d/${username}`;
const force_command_file = `/usr/local/bin/turboci-deployment-user-${username}`;
if (!existsSync(user_dir)) { if (!existsSync(user_dir)) {
let cmd = ``; let cmd = ``;
cmd += `useradd --create-home --shell /bin/bash --comment "TurboCI Deployment user ${username}" ${username}\n`; cmd += `useradd --create-home --shell /bin/bash --comment "TurboCI Deployment user ${username}" ${username}\n`;
cmd += `passwd --lock "${username}"\n`; cmd += `passwd --lock "${username}"\n`;
cmd += `mkdir -p "${ssh_dir}"\n`;
cmd += `ssh-keygen -t ed25519 -f "${ssh_key_file}" -N ""\n`;
cmd += `cp "${ssh_key_file}.pub" "${ssh_dir}/authorized_keys"\n`;
cmd += `chown -R "${username}:${username}" "${ssh_dir}"\n`;
cmd += `chmod 700 "${ssh_dir}"\n`;
cmd += `chmod 600 "${ssh_key_file}"\n`;
cmd += `chmod 644 "${ssh_key_file}.pub"\n`;
cmd += `chmod 600 "${ssh_dir}/authorized_keys"\n`;
cmd += `cat << 'EOF' > ${force_command_file}\n`;
cmd += `EOF\n`;
cmd += `cat << 'EOF' > ${sshd_config_file}\n`;
cmd += `Match User ${username}\n`;
cmd += ` # Authentication\n`;
cmd += ` PasswordAuthentication no\n`;
cmd += ` PubkeyAuthentication yes\n`;
cmd += ` AuthenticationMethods publickey\n\n`;
cmd += ` # Restrict shell / tunneling\n`;
cmd += ` AllowTcpForwarding yes\n`;
cmd += ` X11Forwarding no\n`;
cmd += `EOF\n`;
} }
return; return;