mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-09-26 06:50:43 +02:00
Use restrict key option and relative borg command
No functional change; the "restrict" key option is a shorthand for: - no-agent-forwarding - no-port-forwarding - no-X11-forwarding - no-pty - no-user-rc It was added in OpenSSH 7.2 (2016-02-29) as a convenient way to specify an authorized key should have "all current and future key restrictions" applied to it. Also switch to a relative borg command since its location is not really standardized; on rsync.net it appears to be located under usr/local/bin (though /usr/bin/borg works too, even if it doesn't exist!) and Hetzner just forces its own command, ignoring ours. 🐱 The Borg documentation seems to agree with both the above alterations: [1] https://borgbackup.readthedocs.io/en/stable/usage/serve.html
This commit is contained in:
parent
3fa8851afb
commit
3561a38398
@ -37,5 +37,5 @@
|
|||||||
user: borg
|
user: borg
|
||||||
key: "{{ item.stdout }}"
|
key: "{{ item.stdout }}"
|
||||||
manage_dir: true
|
manage_dir: true
|
||||||
key_options: "command=\"/usr/bin/borg serve --restrict-to-path {{ backup_dir }}/{{ item['item'] }}\",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc"
|
key_options: "command=\"borg serve --restrict-to-path {{ backup_dir }}/{{ item['item'] }}\",restrict"
|
||||||
with_items: "{{ ssh_keys.results }}"
|
with_items: "{{ ssh_keys.results }}"
|
||||||
|
@ -13,5 +13,5 @@
|
|||||||
|
|
||||||
# Client machines keys
|
# Client machines keys
|
||||||
{% for client_key in client_ssh_keys.results %}
|
{% for client_key in client_ssh_keys.results %}
|
||||||
command="/usr/bin/borg serve --restrict-to-path {{ backup_dir }}/{{ client_key['item'] }}",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc {{ client_key['stdout'] }}
|
command="borg serve --restrict-to-path {{ backup_dir }}/{{ client_key['item'] }}",restrict {{ client_key['stdout'] }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -13,5 +13,5 @@
|
|||||||
|
|
||||||
# Client machines keys
|
# Client machines keys
|
||||||
{% for client_key in client_ssh_keys.results %}
|
{% for client_key in client_ssh_keys.results %}
|
||||||
command="/usr/bin/borg serve --restrict-to-path {{ backup_dir }}/{{ client_key['item'] }}",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc {{ client_key['stdout'] }}
|
command="borg serve --restrict-to-path {{ backup_dir }}/{{ client_key['item'] }}",restrict {{ client_key['stdout'] }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
Loading…
Reference in New Issue
Block a user