From 6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb Mon Sep 17 00:00:00 2001 From: Cullum Smith Date: Tue, 24 Sep 2024 22:35:45 -0400 Subject: finish up idm_server hostclass --- scripts/os/freebsd/10-sysctls | 4 ++-- scripts/os/freebsd/30-ssh | 32 -------------------------------- scripts/os/freebsd/41-ssh | 40 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 42 insertions(+), 34 deletions(-) delete mode 100644 scripts/os/freebsd/30-ssh create mode 100644 scripts/os/freebsd/41-ssh (limited to 'scripts/os/freebsd') diff --git a/scripts/os/freebsd/10-sysctls b/scripts/os/freebsd/10-sysctls index a59d54f..865544a 100644 --- a/scripts/os/freebsd/10-sysctls +++ b/scripts/os/freebsd/10-sysctls @@ -67,8 +67,8 @@ if [ "$BOXCONF_VIRTUALIZATION_TYPE" != jail ]; then net.inet.tcp.minmss=536 \ security.bsd.hardlink_check_gid=0 \ security.bsd.hardlink_check_uid=0 \ - security.bsd.see_other_gids=0 \ - security.bsd.see_other_uids=0 \ + security.bsd.see_other_gids="$see_other_uids" \ + security.bsd.see_other_uids="$see_other_uids" \ security.bsd.unprivileged_read_msgbuf=0 \ vfs.zfs.min_auto_ashift=12 diff --git a/scripts/os/freebsd/30-ssh b/scripts/os/freebsd/30-ssh deleted file mode 100644 index 7a57943..0000000 --- a/scripts/os/freebsd/30-ssh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -# Create state dataset to persist SSH host keys across OS rebuilds. -create_dataset -o "mountpoint=${ssh_host_key_dir}" "${state_dataset}/ssh" - -# If the state dataset contains existing host keys, symlink them into -# /etc/ssh. -# -# If not, this is the first time we are building this box, so copy the -# autogenerated host keys to the state partition. -for key in \ - ssh_host_ecdsa_key \ - ssh_host_ed25519_key \ - ssh_host_rsa_key -do - [ -f "${ssh_host_key_dir}/${key}" ] || \ - mv -v "/etc/ssh/${key}" "/etc/ssh/${key}.pub" "$ssh_host_key_dir" - - ln -snvf "${ssh_host_key_dir}/${key}" "/etc/ssh/${key}" - ln -snvf "${ssh_host_key_dir}/${key}.pub" "/etc/ssh/${key}.pub" -done - -# Copy SSH configs. -install_directory -m 0755 /etc/ssh/sshd_config.d - -install_template -m 0644 \ - /etc/ssh/sshd_config \ - /etc/ssh/ssh_config - -# Restart sshd. -sysrc -v sshd_enable=YES -service sshd restart diff --git a/scripts/os/freebsd/41-ssh b/scripts/os/freebsd/41-ssh new file mode 100644 index 0000000..7352fc3 --- /dev/null +++ b/scripts/os/freebsd/41-ssh @@ -0,0 +1,40 @@ +#!/bin/sh + +# Install and use ssh from ports. +pkg install -y openssh-portable + +# Disable base sshd and enable the one from ports. +sysrc -v \ + sshd_enable=NO \ + openssh_enable=YES + +# Create state dataset to persist SSH host keys across OS rebuilds. +create_dataset -o "mountpoint=${ssh_host_key_dir}" "${state_dataset}/ssh" + +# If the state dataset contains existing host keys, symlink them into +# /etc/ssh. +# +# If not, this is the first time we are building this box, so copy the +# autogenerated host keys to the state partition. +service openssh keygen +for key in \ + ssh_host_ecdsa_key \ + ssh_host_ed25519_key \ + ssh_host_rsa_key +do + [ -f "${ssh_host_key_dir}/${key}" ] || \ + mv -v "/usr/local/etc/ssh/${key}" "/usr/local/etc/ssh/${key}.pub" "$ssh_host_key_dir" + + ln -snvf "${ssh_host_key_dir}/${key}" "/usr/local/etc/ssh/${key}" + ln -snvf "${ssh_host_key_dir}/${key}.pub" "/usr/local/etc/ssh/${key}.pub" +done + +# Copy SSH configs. +install_directory -m 0755 /usr/local/etc/ssh/sshd_config.d +install_template -m 0644 \ + /usr/local/etc/ssh/sshd_config \ + /usr/local/etc/ssh/ssh_config + +# Stop base sshd and start the one from ports. +service sshd stop +service openssh restart -- cgit v1.2.3