Joakim
cf71fb3a8d
Major Changes: - Add dual SSH mode system (passthrough default, dedicated fallback) - Refactor domain configuration to use direct specification pattern - Fix critical fail2ban security gap in dedicated mode - Separate HTTP and SSH domains for cleaner Git URLs
29 lines
990 B
Django/Jinja
29 lines
990 B
Django/Jinja
#!/bin/bash
|
|
# Gitea SSH Keys AuthorizedKeysCommand - Rick-Infra
|
|
# Generated by Ansible Gitea role
|
|
#
|
|
# This script is called by OpenSSH's AuthorizedKeysCommand to query
|
|
# Gitea's database for SSH public keys when the 'git' user connects.
|
|
#
|
|
# Called by SSH with parameters:
|
|
# %u = username (should be "git")
|
|
# %t = key type (ssh-rsa, ssh-ed25519, ecdsa-sha2-nistp256, etc.)
|
|
# %k = base64 encoded public key content
|
|
#
|
|
# The script returns authorized_keys format entries that include
|
|
# forced commands to execute Gitea's Git server.
|
|
|
|
set -euo pipefail
|
|
|
|
# Gitea keys command queries the database and returns authorized_keys format
|
|
# If the key is found, it returns a line like:
|
|
# command="/usr/bin/gitea serv key-123",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAA...
|
|
|
|
exec /usr/bin/gitea keys \
|
|
--config /etc/gitea/app.ini \
|
|
--username "$1" \
|
|
--type "$2" \
|
|
--content "$3"
|
|
|
|
# Rick-Infra: AuthorizedKeysCommand for Gitea SSH passthrough mode
|