Skip to main content

max / makenotwork

1.5 KB · 46 lines History Blame Raw
1 #!/bin/bash
2 # Set up SSH key infrastructure for git push access.
3 # Run once on the production server after initial deploy.
4 #
5 # Prerequisites: git system user exists (from setup-git-ssh.sh)
6
7 set -e
8
9 echo "[setup] Configuring SSH key infrastructure..."
10
11 # Ensure git user's .ssh directory exists with correct permissions
12 mkdir -p /opt/git/.ssh
13 chown git:git /opt/git/.ssh
14 chmod 700 /opt/git/.ssh
15
16 # Create empty authorized_keys if it doesn't exist
17 touch /opt/git/.ssh/authorized_keys
18 chown git:git /opt/git/.ssh/authorized_keys
19 chmod 600 /opt/git/.ssh/authorized_keys
20
21 # Ensure mnw-admin binary exists at the expected path
22 if [ ! -f /opt/makenotwork/mnw-admin ]; then
23 echo "[setup] WARNING: /opt/makenotwork/mnw-admin not found."
24 echo " Deploy the binary first, then re-run this script."
25 fi
26
27 # Add sudoers rule: allow makenotwork user to run rebuild-keys as git
28 SUDOERS_FILE="/etc/sudoers.d/mnw-git-ssh"
29 if [ ! -f "$SUDOERS_FILE" ]; then
30 echo "makenotwork ALL=(git) NOPASSWD: /opt/makenotwork/mnw-admin rebuild-keys" > "$SUDOERS_FILE"
31 chmod 440 "$SUDOERS_FILE"
32 echo "[setup] Added sudoers rule: $SUDOERS_FILE"
33 else
34 echo "[setup] Sudoers rule already exists: $SUDOERS_FILE"
35 fi
36
37 # Verify sudoers syntax
38 visudo -cf "$SUDOERS_FILE"
39
40 echo "[setup] SSH key infrastructure configured."
41 echo ""
42 echo "Next steps:"
43 echo " 1. Users add SSH keys via the dashboard"
44 echo " 2. The web app triggers: sudo -u git /opt/makenotwork/mnw-admin rebuild-keys"
45 echo " 3. SSH clone: git clone git@makenot.work:{username}/{repo}.git"
46