Fix user_data_config.sh

diff --git a/terraform/user_data_config.sh b/terraform/user_data_config.sh
index 1cbd0fd867396e81a3b39d53f0f0ee690e59568c..366302b58829bc67dcb2631d83f2244467c470cb 100644 (file)
--- a/terraform/user_data_config.sh
+++ b/terraform/user_data_config.sh
@@ -5,29 +5,29 @@ export DEBIAN_FRONTEND=noninteractive
 apt-get update
 apt-get install -y git gitweb fcgiwrap nginx 
 
-# --- A dedicated 'git' user, git-shell only ---
+# --- a dedicated 'git' user, git-shell only ---
 if ! id git >/dev/null 2>&1; then
   useradd -m -d /home/git -s /usr/bin/git-shell git
 fi
 
-# Repo root 
+# Repo root /var/lib/git)
 mkdir -p /var/lib/git
 chown -R git:git /var/lib/git
 chmod 2750 /var/lib/git
 
 # --- GitWeb config ---
-cat >/etc/gitweb.conf <<'***REMOVED***'
+cat >/etc/gitweb.conf <<'EOF'
 $projectroot = "/var/lib/git";
 $projects_list = $projectroot;
 $site_name = "My Git Server (GitWeb)";
-$feature{'blame'***REMOVED*** = 1;
-$feature{'snapshot'***REMOVED*** = 1;
-***REMOVED***
+$feature{'blame'} = 1;
+$feature{'snapshot'} = 1;
+EOF
 
 systemctl enable --now fcgiwrap
 
 # --- Nginx serving GitWeb via fcgiwrap ---
-cat >/etc/nginx/sites-available/gitweb <<'***REMOVED***'
+cat >/etc/nginx/sites-available/gitweb <<'EOF'
 server {
   listen 80;
   server_name _;
@@ -36,27 +36,27 @@ server {
   add_header X-Frame-Options SAMEORIGIN always;
   add_header Referrer-Policy no-referrer always;
 
-  location = / { return 302 /cgi-bin/gitweb.cgi; ***REMOVED***
+  location = / { return 302 /cgi-bin/gitweb.cgi; }
 
   location /gitweb/static/ {
     alias /usr/share/gitweb/static/;
-  ***REMOVED***
+  }
 
   location /cgi-bin/gitweb.cgi {
     include fastcgi_params;
     fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/gitweb.cgi;
     fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
     fastcgi_pass unix:/run/fcgiwrap.socket;
-  ***REMOVED***
-***REMOVED***
-***REMOVED***
+  }
+}
+EOF
 
 rm -f /etc/nginx/sites-enabled/default
 ln -sf /etc/nginx/sites-available/gitweb /etc/nginx/sites-enabled/gitweb
 nginx -t
 systemctl enable --now nginx
 
-# --- SSH hardening 
+# --- SSH hardening ---
 sed -i 's/^#\?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config
 
 # Your requirement: allow root login (key-only)
@@ -70,12 +70,3 @@ if [ -f /home/ubuntu/.ssh/authorized_keys ]; then
   chown git:git /home/git/.ssh/authorized_keys
   chmod 600 /home/git/.ssh/authorized_keys
 fi
-
-# Allow root key login (copy ubuntu authorized_keys -> root)
-if [ -f /home/ubuntu/.ssh/authorized_keys ]; then
-  mkdir -p /root/.ssh
-  cat /home/ubuntu/.ssh/authorized_keys > /root/.ssh/authorized_keys
-  chmod 700 /root/.ssh
-  chmod 600 /root/.ssh/authorized_keys
-fi
-