Adapt cmdline from #49, fix docker permission drop, fix readme

Trolldemorted · fsck · commit 901771581e10 · 2019-03-05T16:19:16.000+01:00
Closes #49 Closes #46 Closes #41
diff --git a/Dockerfile b/Dockerfile
@@ -24,13 +24,15 @@ RUN cargo +nightly build
 FROM debian:stretch-slim
 WORKDIR /enokey
 RUN mkdir keyfiles
+RUN mkdir data
 
 RUN apt-get update \
     && apt-get install -y libssl1.1 ca-certificates openssh-client --no-install-recommends \
     && rm -rf /var/lib/apt/lists/*
 
 COPY --from=build /service/enokey/target/debug/enokey .
 COPY ./static ./static
+COPY ./templates ./templates
 COPY ./Rocket.toml ./Rocket.toml
 
 ENV ROCKET_ENV production
@@ -41,6 +43,5 @@ RUN chown -R enokey /home/enokey/
 RUN chown -R enokey .
 COPY /docker-entrypoint.sh /
 RUN chmod o+x /docker-entrypoint.sh
-USER enokey
 ENTRYPOINT ["/docker-entrypoint.sh"]
 CMD ["./enokey"]
diff --git a/README.md b/README.md
@@ -12,7 +12,7 @@ version: '3'
 
 services:
   enokey:
-    build: .
+    build: enoflag/enokey
     volumes:
       - ./data:/enokey/data
     restart: on-failure
@@ -23,9 +23,9 @@ services:
       - ROCKET_ENV=production
       - ROCKET_LOG=normal
       - ROCKET_SECRET_KEY=whs/vijJnEoWN9Xgf25oJDn2yUtvsNuhm0eMNxZe6CI=
-      - SERVER_ADMIN=root@very.import.server:8022
-      - PSK_ADMIN=HIGHLYSECRET
-      - SERVER_USER=root@boring.server
-      - PSK_USER=NOTSOSECRET
+      - ADMIN_SERVERS=root@very.import.server:8022
+      - ADMIN_PSK=HIGHLYSECRET
+      - USER_SERVERS=root@boring.server
+      - USER_PSK=NOTSOSECRET
       - RUST_BACKTRACE=1
 ```
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -12,5 +12,6 @@ cp ./data/id_ed25519 ~/.ssh/id_ed25519
 chmod 600 ~/.ssh/id_ed25519
 ssh-keygen -y -f ~/.ssh/id_ed25519 |awk '{print $1" "$2" enokey@docker"}'> ~/.ssh/id_ed25519.pub
 chmod 644 ~/.ssh/id_ed25519.pub
-
-exec "$@"
+chown -R . enokey
+su enokey
+exec "$@" --admin-servers "$ADMIN_SERVERS" --admin-psk "$ADMIN_PSK" --user-servers "$USER_SERVERS" --user-psk "$USER_PSK"
diff --git a/src/main.rs b/src/main.rs
@@ -245,12 +245,11 @@ fn main() {
     let args: Vec<String> = env::args().collect();
     let program = args[0].clone();
     let mut opts = Options::new();
-    opts.optflag(
-        "n",
-        "dry-run",
-        "Do not push the generated authorized_key file",
-    );
     opts.optflag("h", "help", "Print this help menu");
+    opts.optopt("a", "admin-servers", "Set the destinations (remote server) for the admin group", "ADMIN_SERVERS");
+    opts.optopt("p", "admin-psk", "Set the pre-shared key to add keys the admin group", "ADMIN_PSK");
+    opts.optopt("u", "user-servers", "Set the destinations (remote server) for the user group", "USER_SERVERS");
+    opts.optopt("q", "user-psk", "Set the pre-shared key to add keys the user group", "USER_PSK");
 
     let matches = match opts.parse(&args[1..]) {
         Ok(m) => m,
@@ -264,41 +263,37 @@ fn main() {
         return;
     }
 
-    if matches.opt_present("n") {
-        eprintln!("dry mode is currently not supported");
-        std::process::exit(1);
-    }
+    {
+        let config = &mut *CONFIG.lock().unwrap();
 
-    let admin_env = match env::var("SERVER_ADMIN") {
-        Ok(admin) => parse_destinations(&admin),
-        Err(e) => {
-            println!("Warning: SERVER_ADMIN not set. ({})", e);
-            Ok(vec![])
-        }
-    };
+        let admin_env = match matches.opt_str("a") {
+            Some(admin) => parse_destinations(&admin),
+            None => {
+                println!("Warning: No admin servers set");
+                Ok(vec!())
+            }
+        };
 
-    let user_env = match env::var("SERVER_USER") {
-        Ok(admin) => parse_destinations(&admin),
-        Err(e) => {
-            println!("Warning: SERVER_USER not set. ({})", e);
-            Ok(vec![])
-        }
-    };
+        let user_env = match matches.opt_str("u") {
+            Some(user) => parse_destinations(&user),
+            None => {
+                println!("Warning: No user servers set");
+                Ok(vec!())
+            }
+        };
 
-    {
-        let config = &mut *CONFIG.lock().unwrap();
         config.user_destinations = match user_env {
             Ok(user_env) => user_env.clone(),
             Err(e) => {
-                println!("Could not parse SERVER_USER {:?}", e);
+                println!("Could not parse user servers: {:?}", e);
                 return;
             }
         };
 
         config.admin_destinations = match admin_env {
             Ok(admin_env) => admin_env.clone(),
             Err(e) => {
-                println!("Could not parse SERVER_ADMIN {:?}", e);
+                println!("Could not parse admin servers: {:?}", e);
                 return;
             }
         };
@@ -307,13 +302,13 @@ fn main() {
             .admin_destinations
             .extend(config.user_destinations.iter().cloned());
 
-        config.user_psk = env::var("PSK_USER").unwrap_or_else(|e| {
-            println!("Warning: PSK_USER not set. {:?}", e);
+        config.user_psk = matches.opt_str("q").unwrap_or_else(||{
+            println!("Warning: User PSK not set.");
             "default".to_string()
         });
 
-        config.admin_psk = env::var("PSK_ADMIN").unwrap_or_else(|e| {
-            println!("Warning: PSK_ADMIN not set. {:?}", e);
+        config.admin_psk = matches.opt_str("p").unwrap_or_else(||{
+            println!("Warning: Admin PSK not set.");
             "default".to_string()
         });
 
