From 8c536992760ff460e8e6024ac3f35f6e15b174b6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?C=C3=A1ssio=20Gabriel?= Date: Fri, 23 Jan 2026 23:00:38 -0300 Subject: [PATCH] Fix user_data_config.sh --- terraform/user_data_config.sh | 35 +++++++++++++---------------------- 1 file changed, 13 insertions(+), 22 deletions(-) diff --git a/terraform/user_data_config.sh b/terraform/user_data_config.sh index 1cbd0fd..366302b 100644 --- a/terraform/user_data_config.sh +++ b/terraform/user_data_config.sh @@ -5,29 +5,29 @@ export DEBIAN_FRONTEND=noninteractive apt-get update apt-get install -y git gitweb fcgiwrap nginx -# --- A dedicated 'git' user, git-shell only --- +# --- a dedicated 'git' user, git-shell only --- if ! id git >/dev/null 2>&1; then useradd -m -d /home/git -s /usr/bin/git-shell git fi -# Repo root +# Repo root /var/lib/git) mkdir -p /var/lib/git chown -R git:git /var/lib/git chmod 2750 /var/lib/git # --- GitWeb config --- -cat >/etc/gitweb.conf <<'***REMOVED***' +cat >/etc/gitweb.conf <<'EOF' $projectroot = "/var/lib/git"; $projects_list = $projectroot; $site_name = "My Git Server (GitWeb)"; -$feature{'blame'***REMOVED*** = 1; -$feature{'snapshot'***REMOVED*** = 1; -***REMOVED*** +$feature{'blame'} = 1; +$feature{'snapshot'} = 1; +EOF systemctl enable --now fcgiwrap # --- Nginx serving GitWeb via fcgiwrap --- -cat >/etc/nginx/sites-available/gitweb <<'***REMOVED***' +cat >/etc/nginx/sites-available/gitweb <<'EOF' server { listen 80; server_name _; @@ -36,27 +36,27 @@ server { add_header X-Frame-Options SAMEORIGIN always; add_header Referrer-Policy no-referrer always; - location = / { return 302 /cgi-bin/gitweb.cgi; ***REMOVED*** + location = / { return 302 /cgi-bin/gitweb.cgi; } location /gitweb/static/ { alias /usr/share/gitweb/static/; - ***REMOVED*** + } location /cgi-bin/gitweb.cgi { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/gitweb.cgi; fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; fastcgi_pass unix:/run/fcgiwrap.socket; - ***REMOVED*** -***REMOVED*** -***REMOVED*** + } +} +EOF rm -f /etc/nginx/sites-enabled/default ln -sf /etc/nginx/sites-available/gitweb /etc/nginx/sites-enabled/gitweb nginx -t systemctl enable --now nginx -# --- SSH hardening +# --- SSH hardening --- sed -i 's/^#\?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config # Your requirement: allow root login (key-only) @@ -70,12 +70,3 @@ if [ -f /home/ubuntu/.ssh/authorized_keys ]; then chown git:git /home/git/.ssh/authorized_keys chmod 600 /home/git/.ssh/authorized_keys fi - -# Allow root key login (copy ubuntu authorized_keys -> root) -if [ -f /home/ubuntu/.ssh/authorized_keys ]; then - mkdir -p /root/.ssh - cat /home/ubuntu/.ssh/authorized_keys > /root/.ssh/authorized_keys - chmod 700 /root/.ssh - chmod 600 /root/.ssh/authorized_keys -fi - -- 2.34.1