From e019f76b40f0d464e37199aba5f0d9bf8c92283f Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Tue, 16 May 2023 12:15:49 -0700 Subject: [PATCH] ssh: Use drop-in config component for /etc files Tests: - Config files are all symlinks in /etc/ - fail2ban-client show shows sshd in jail list - When ssh is enabled avahi-browse -a shows SSH and SFTP services. The avahi service files are created in /etc/avahi/services/. When service is disabled, files are removed and avahi-browse -a does not show the services. Signed-off-by: Sunil Mohan Adapa Reviewed-by: James Valleroy --- debian/freedombox.maintscript | 3 +++ plinth/modules/ssh/__init__.py | 14 +++++++++++++- .../etc/avahi/services/sftp-ssh.service | 0 .../freedombox}/etc/avahi/services/ssh.service | 0 .../etc/fail2ban/jail.d/ssh-freedombox.conf | 0 5 files changed, 16 insertions(+), 1 deletion(-) rename plinth/modules/ssh/data/{ => usr/share/freedombox}/etc/avahi/services/sftp-ssh.service (100%) rename plinth/modules/ssh/data/{ => usr/share/freedombox}/etc/avahi/services/ssh.service (100%) rename plinth/modules/ssh/data/{ => usr/share/freedombox}/etc/fail2ban/jail.d/ssh-freedombox.conf (100%) diff --git a/debian/freedombox.maintscript b/debian/freedombox.maintscript index 881b393fd..1d54dd5a9 100644 --- a/debian/freedombox.maintscript +++ b/debian/freedombox.maintscript @@ -132,3 +132,6 @@ rm_conffile /etc/apache2/conf-available/searx-freedombox.conf 23.10~ rm_conffile /etc/fail2ban/fail2ban.d/freedombox.conf 23.10~ rm_conffile /etc/fail2ban/jail.d/freedombox.conf 23.10~ rm_conffile /etc/apache2/includes/freedombox-sharing.conf 23.10~ +rm_conffile /etc/fail2ban/jail.d/ssh-freedombox.conf 23.10~ +rm_conffile /etc/avahi/services/sftp-ssh.service 23.10~ +rm_conffile /etc/avahi/services/ssh.service 23.10~ diff --git a/plinth/modules/ssh/__init__.py b/plinth/modules/ssh/__init__.py index 03c277ee3..f4144e619 100644 --- a/plinth/modules/ssh/__init__.py +++ b/plinth/modules/ssh/__init__.py @@ -9,6 +9,7 @@ from django.utils.translation import gettext_lazy as _ from plinth import app as app_module from plinth import menu +from plinth.config import DropinConfigs from plinth.daemon import Daemon from plinth.modules.backups.components import BackupRestore from plinth.modules.firewall.components import Firewall @@ -30,7 +31,7 @@ class SSHApp(app_module.App): app_id = 'ssh' - _version = 3 + _version = 4 def __init__(self): """Create components for the app.""" @@ -50,6 +51,17 @@ class SSHApp(app_module.App): packages = Packages('packages-ssh', ['openssh-server']) self.add(packages) + dropin_configs = DropinConfigs('dropin-configs-ssh', [ + '/etc/fail2ban/jail.d/ssh-freedombox.conf', + ]) + self.add(dropin_configs) + + dropin_configs = DropinConfigs('dropin-config-ssh-avahi', [ + '/etc/avahi/services/sftp-ssh.service', + '/etc/avahi/services/ssh.service', + ], copy_only=True) + self.add(dropin_configs) + firewall = Firewall('firewall-ssh', info.name, ports=['ssh'], is_external=True) self.add(firewall) diff --git a/plinth/modules/ssh/data/etc/avahi/services/sftp-ssh.service b/plinth/modules/ssh/data/usr/share/freedombox/etc/avahi/services/sftp-ssh.service similarity index 100% rename from plinth/modules/ssh/data/etc/avahi/services/sftp-ssh.service rename to plinth/modules/ssh/data/usr/share/freedombox/etc/avahi/services/sftp-ssh.service diff --git a/plinth/modules/ssh/data/etc/avahi/services/ssh.service b/plinth/modules/ssh/data/usr/share/freedombox/etc/avahi/services/ssh.service similarity index 100% rename from plinth/modules/ssh/data/etc/avahi/services/ssh.service rename to plinth/modules/ssh/data/usr/share/freedombox/etc/avahi/services/ssh.service diff --git a/plinth/modules/ssh/data/etc/fail2ban/jail.d/ssh-freedombox.conf b/plinth/modules/ssh/data/usr/share/freedombox/etc/fail2ban/jail.d/ssh-freedombox.conf similarity index 100% rename from plinth/modules/ssh/data/etc/fail2ban/jail.d/ssh-freedombox.conf rename to plinth/modules/ssh/data/usr/share/freedombox/etc/fail2ban/jail.d/ssh-freedombox.conf