From: Kristof Provost <kp@FreeBSD.org>
Date: Wed, 12 Jul 2023 11:08:31 +0000 (+0200)
Subject: autossh: run autossh with a reverse tunnel
X-Git-Url: https://git.sigsegv.be/?a=commitdiff_plain;h=406364c1ca511ad48b0cbf33a9a3b97369cfe368;p=pennestraat-domotica

autossh: run autossh with a reverse tunnel

This will be the primary method of connecting to these devices, and will
be the method we use to push ansible configuration.

(We can't just rely on ansible-poll because we may want to include
secrets from ansible-vault)
---

diff --git a/image/overlay/domotica/etc/rc.d/autossh b/image/overlay/domotica/etc/rc.d/autossh
new file mode 100755
index 0000000..479e4d2
--- /dev/null
+++ b/image/overlay/domotica/etc/rc.d/autossh
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+
+# PROVIDE: autossh
+# REQUIRE: sshd NETWORKING
+# BEFORE: LOGIN
+
+. /etc/rc.subr
+
+name="autossh"
+start_cmd="autossh_start"
+status_cmd="autossh_status"
+extra_commands="status"
+
+autossh_start()
+{
+	echo "Starting autossh..."
+
+	/usr/local/bin/sudo -u kp \
+	    /usr/local/bin/tmux new-session -d \
+	    "autossh -M 0 -p 2207 -N -R ${control_port}:localhost:22 \
+	    -o ExitOnForwardFailure=yes \
+	    domotica@kosmos.sigsegv.be"
+}
+
+autossh_status()
+{
+	if pidof autossh >/dev/null;
+	then
+		echo "OK"
+	else
+		echo "FAIL"
+		exit 1
+	fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/image/overlay/domotica/home/kp/.ssh/id_rsa b/image/overlay/domotica/home/kp/.ssh/id_rsa
new file mode 100644
index 0000000..b9e0cc8
--- /dev/null
+++ b/image/overlay/domotica/home/kp/.ssh/id_rsa
@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEAtv8irs8k/BYtn5eJMj9lGdT5PgfmeJnteas+MzCi4mSVmK16UjfS
+fpbJSHl5/4IMqZShtilQwf2xHkGRfd/D8tXs1l2GMoGzmsO7cfGqwBQoxgfOTucuylgc5E
+CGvnTmusw4KiHmHJGCGf+CHolGhqOJxglw756+lllowRB5wwWAAQzqhO+NT+TsLzLIbezh
+pYyLKPr9HQyIzLZtb0C2EKeVMclXPtZoDnh1xBNjr1CjgBc6dL6aJnZS0ABLfEdhZFw7b0
+Cpi7Yx8OLKMQtubefGiLB0KHa23uhjVlhB0s8g7rGLG0BCuyxw/aIcrJBRwehfg4hxuXXp
+THtMoE68JoEJr9gKfWHUjyYkkT2GEr3E0uiP2oLF30sOmbJwOkzXqg4TrrswqSCXcZkQs+
+3sHMJjyVvRRGPN+0uF99wQOiJKMY7Lh856rjSHOTH73oEyPXY82G5YC3o3qEVml9RNfpsQ
+GY/kiDjpCpesAX0LMvCkLZh4mXTfwGc5+K5yHbMnAAAFgCjKGLcoyhi3AAAAB3NzaC1yc2
+EAAAGBALb/Iq7PJPwWLZ+XiTI/ZRnU+T4H5niZ7XmrPjMwouJklZitelI30n6WyUh5ef+C
+DKmUobYpUMH9sR5BkX3fw/LV7NZdhjKBs5rDu3HxqsAUKMYHzk7nLspYHORAhr505rrMOC
+oh5hyRghn/gh6JRoajicYJcO+evpZZaMEQecMFgAEM6oTvjU/k7C8yyG3s4aWMiyj6/R0M
+iMy2bW9AthCnlTHJVz7WaA54dcQTY69Qo4AXOnS+miZ2UtAAS3xHYWRcO29AqYu2MfDiyj
+ELbm3nxoiwdCh2tt7oY1ZYQdLPIO6xixtAQrsscP2iHKyQUcHoX4OIcbl16Ux7TKBOvCaB
+Ca/YCn1h1I8mJJE9hhK9xNLoj9qCxd9LDpmycDpM16oOE667MKkgl3GZELPt7BzCY8lb0U
+RjzftLhffcEDoiSjGOy4fOeq40hzkx+96BMj12PNhuWAt6N6hFZpfUTX6bEBmP5Ig46QqX
+rAF9CzLwpC2YeJl038BnOfiuch2zJwAAAAMBAAEAAAGALaxOFr1CqNxMNMnYhz8FV8YtEw
+tbvXwFpllUI+iersyV/c5GemDOW6P8xubyyQ/HY0fieJmlO1W7MCcDThxcRq6X9wTOqqpu
+jlEN5ql/iYM+jfaCynSu2/fT9jAYsU5yC+tOlU1ypmy2wRBhhIeUn6QPjerrUhMX1GSqXY
+1kJoWn5hs4KUe0yF0Fid4t4im+Q9hpHyhNpkNrnVRmyd6n0k5RUWTELr3KqNnt4qtINQh2
+VlD12Q99X94mWx3HuVQDEbNwa/M943rerVPyzEpK6rBv99QkVxp/Co21xsUAbHIJqucXF4
+aPsFfLK/bfF1AVyy6IG1YkZ+yFac8Xnm9gWcU+ehE5891k1znWs1RjfNUYxfXwh34fATfe
+12lB6yp8K9eRtsZ/zChyOnRKB7j/WNVnJL5XrXoIaG6lzvPVdjZXjHPh3/8sB8kFZTvSps
+AMITzaeNKG0UpoCFXf3v9I3BfXHlgJuPOvLvnNHcfDRVrDn/axb66XmwqQnGEDl3j5AAAA
+wQC0AZxYESTZ9qPHFw1rYB1GCuX57QgKqL0AvP94DHtgVLxyL6/dC6w0MNAMJxkSXlbJaY
+qh77bHRp82bYUPmoAeRQyBH4qSyxadSgsnJPa88Ul6zyu+hLoxNGFjOt6blOSm4qlw0CJy
+Rl7rMnXb+mBoRJEIHbdYTdVuLRN0qmYhEEFr6RDNH87KvGdIXL1zLuSYjEi0m+kUxMKyEE
+ISiIVnepvQTaKN++tVYKMYOvwE3wvkiZrrLlLz4U6bHu+OspwAAADBAN/w8kUDzi3scz6q
+NGqjxeJbG4Xzao2TABEcfU6FxSyl9qtyt1dTxQAYRVcCZEsROLRH/s8R3Ny4OQDYpfwg39
+PnL8FZh09opGhKb2ubqTawbn77iCYJ6Ipymt8YDaZMCZ0ObrXlZFw1zi/Sz6vdjWVCgMTq
+CTDHHpghlio08DTVYY9XNKNj3dq40aYq7FTYEl5RS4ZHvftKyq3cFqamHfaNpIUkC/WNDK
+2GLrYBCwRqJMZuMB9/3oPidCeM8l0UQwAAAMEA0TGkWybWuPEqsv5ounJAL5h1WwnZVYsc
+2KV4f7HyJfE6NjZMMEOVnYnHNTe0Rwc6Dntv923WNArPe3jPRzao5FDyL3sdqsh0xVPYH7
+cCgw1z9DHKwQePiquol8dMNN8Odt1YRxn2xDQip+NDVPy2JQ8bh7M1/rUGHeR9iwx1HQOy
+tEl9IghrSsHSbi6kskt414nNCCNiJVNy4e9bqqPNuUdjMCTqYjnLs2X4kSnhVQqbN/0b0Z
+3fU63civFjkslNAAAABmtwQG51dAECAwQ=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/image/overlay/domotica/home/kp/.ssh/id_rsa.pub b/image/overlay/domotica/home/kp/.ssh/id_rsa.pub
new file mode 100644
index 0000000..46b32a5
--- /dev/null
+++ b/image/overlay/domotica/home/kp/.ssh/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2/yKuzyT8Fi2fl4kyP2UZ1Pk+B+Z4me15qz4zMKLiZJWYrXpSN9J+lslIeXn/ggyplKG2KVDB/bEeQZF938Py1ezWXYYygbOaw7tx8arAFCjGB85O5y7KWBzkQIa+dOa6zDgqIeYckYIZ/4IeiUaGo4nGCXDvnr6WWWjBEHnDBYABDOqE741P5OwvMsht7OGljIso+v0dDIjMtm1vQLYQp5UxyVc+1mgOeHXEE2OvUKOAFzp0vpomdlLQAEt8R2FkXDtvQKmLtjHw4soxC25t58aIsHQodrbe6GNWWEHSzyDusYsbQEK7LHD9ohyskFHB6F+DiHG5delMe0ygTrwmgQmv2Ap9YdSPJiSRPYYSvcTS6I/agsXfSw6ZsnA6TNeqDhOuuzCpIJdxmRCz7ewcwmPJW9FEY837S4X33BA6IkoxjsuHznquNIc5MfvegTI9djzYblgLejeoRWaX1E1+mxAZj+SIOOkKl6wBfQsy8KQtmHiZdN/AZzn4rnIdsyc= kp@nut
diff --git a/image/overlay/domotica/home/kp/.ssh/known_hosts b/image/overlay/domotica/home/kp/.ssh/known_hosts
new file mode 100644
index 0000000..e8de663
--- /dev/null
+++ b/image/overlay/domotica/home/kp/.ssh/known_hosts
@@ -0,0 +1,3 @@
+[kosmos.sigsegv.be]:2207 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxjvBaEANdPe1yq3jk/y9bDspKfelTYqZzVm96z9Khw
+[kosmos.sigsegv.be]:2207 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnL3dW4FREQLShLjz0jA4zMtkx24OnmfPjpdQ/LWsy8UHaICRH3dPRD09qnWpZI8lDnS4RJ03MYmpPR9X3nvdx5gyEuHwQooJFrZm+jh4APQKx6k8rkdt3gkx09yjqYhc7FY7MitJhAGcDELg3allsm8XFI8r4mbcNCmyF9OlGQTj0AxORXVBU8sFwq6hD2W98+TPev+4Vso55C4baVA5bblcl4tnKE8Yfs03btYSzvbCOMIL5qhU3km5cLli8JVOPks6QEbAvH6Tks0CWUS7PSWlVfyxoGzyjTcQctVS6/d90C5RcFbiQs6eFvSBbnUvRYGaBhr2+rK6ifApZb/lziHxLr8jvTo5ilAYc9DSR9AwITZijKkTASW5X/G9qrASj/+Qy0+1CeAGChdTMiTSl/kJDywMoH84psZ3d29MsgHOgKe7yKW6zkDNIGs+ucUMu0toAgNG+n+ujGMTGexiXh6/wpch9lA49nTWAjaYaVV3wAu9tBnTQU+P3I4zurSU=
+[kosmos.sigsegv.be]:2207 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD5dw+Ebj/6bwOuq5rbi8QvmuPJPivqZqGOzItxR89Id6l7IaxMRZ7lYFvpNgLKqimiXg/Dkm/gtlxuvO9kNtJg=
diff --git a/image/overlay/domotica/var/cron/tabs/root b/image/overlay/domotica/var/cron/tabs/root
index e65f859..7704ef0 100644
--- a/image/overlay/domotica/var/cron/tabs/root
+++ b/image/overlay/domotica/var/cron/tabs/root
@@ -1 +1,2 @@
 1 5 * * * /home/kp/bin/ansible_poll
+*/5 * * * * /etc/rc.d/autossh status || /etc/rc.d/autossh start
diff --git a/image/packagelist b/image/packagelist
index 5f28e1c..c9dc614 100644
--- a/image/packagelist
+++ b/image/packagelist
@@ -6,6 +6,7 @@ editors/vim
 devel/git
 shells/zsh
 security/autossh
+sysutils/pidof
 
 sysutils/ansible-sysrc
 sysutils/ansible