mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
69 lines
1.7 KiB
Bash
Executable file
69 lines
1.7 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
. /usr/share/yunohost/helpers
|
|
|
|
do_pre_regen() {
|
|
pending_dir=$1
|
|
|
|
# If the (legacy) 'from_script' flag is here,
|
|
# we won't touch anything in the ssh config.
|
|
[[ ! -f /etc/yunohost/from_script ]] || return 0
|
|
|
|
cd /usr/share/yunohost/templates/ssh
|
|
|
|
# do not listen to IPv6 if unavailable
|
|
[[ -f /proc/net/if_inet6 ]] && ipv6_enabled=true || ipv6_enabled=false
|
|
|
|
ssh_keys=$(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key 2>/dev/null || true)
|
|
|
|
# Support legacy setting (this setting might be disabled by a user during a migration)
|
|
if [[ "$(yunohost settings get 'service.ssh.allow_deprecated_dsa_hostkey')" == "True" ]]; then
|
|
ssh_keys="$ssh_keys $(ls /etc/ssh/ssh_host_dsa_key 2>/dev/null || true)"
|
|
fi
|
|
|
|
# Support different strategy for security configurations
|
|
export compatibility="$(yunohost settings get 'security.ssh.compatibility')"
|
|
|
|
export port="$(yunohost settings get 'security.ssh.port')"
|
|
|
|
export ssh_keys
|
|
export ipv6_enabled
|
|
ynh_render_template "sshd_config" "${pending_dir}/etc/ssh/sshd_config"
|
|
}
|
|
|
|
do_post_regen() {
|
|
regen_conf_files=$1
|
|
|
|
# If the (legacy) 'from_script' flag is here,
|
|
# we won't touch anything in the ssh config.
|
|
[[ ! -f /etc/yunohost/from_script ]] || return 0
|
|
|
|
# If no file changed, there's nothing to do
|
|
[[ -n "$regen_conf_files" ]] || return 0
|
|
|
|
# Enforce permissions for /etc/ssh/sshd_config
|
|
chown root:root "/etc/ssh/sshd_config"
|
|
chmod 644 "/etc/ssh/sshd_config"
|
|
|
|
systemctl restart ssh
|
|
}
|
|
|
|
FORCE=${2:-0}
|
|
DRY_RUN=${3:-0}
|
|
|
|
case "$1" in
|
|
pre)
|
|
do_pre_regen $4
|
|
;;
|
|
post)
|
|
do_post_regen $4
|
|
;;
|
|
*)
|
|
echo "hook called with unknown argument \`$1'" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
exit 0
|