Created
March 26, 2011 12:58
-
-
Save ghickman/888261 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
alias ls='ls --color=auto' | |
# start ssh-agent | |
# pipe the keychain output to /dev/null or you'll see it everytime you ssh in | |
keychain id_airlock 2>/dev/null | |
[ -z "$HOSTNAME" ] && HOSTNAME=`uname -n` | |
[ -f $HOME/.keychain/$HOSTNAME-sh ] && . $HOME/.keychain/$HOSTNAME-sh | |
# Colour the terminal. | |
#Green for the hostname as we're on the Airlock. | |
RED="\[\033[0;31m\]" | |
WHITE="\[\033[00m\]" | |
export PS1="$RED\h $WHITE\w$WHITE\$ " |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[gitosis] | |
[group gateway] | |
members = user1 user2 | |
writable = gateway | |
[group satellite] | |
members = user1 user2 | |
writable = satellite | |
[group users-auth] | |
members = user1 user2 | |
writable = users-auth |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# list of all the hosts with access to the system | |
# Gateway: 127.0.0.1, xxx.xxx.xxx.xxx | |
# Satellite 1: xxx.xxx.xxx.xxx | |
# Satellite 2: xxx.xxx.xxx.xxx | |
sshd: 127.0.0.1, xxx.xxx.xxx.xxx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The PARANOID wildcard matches any host whose name does not match its | |
# address. | |
ALL: PARANOID | |
# Block all ssh connections - specific ips are allowed in hosts.allow | |
sshd: ALL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
*filter | |
:INPUT ACCEPT [1:52] | |
:FORWARD ACCEPT [0:0] | |
:OUTPUT ACCEPT [0:0] | |
-A INPUT -i lo -j ACCEPT | |
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable | |
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
-A INPUT -p tcp -m state --state NEW -m tcp --dport 12345 -j ACCEPT | |
-A INPUT -p icmp -m icmp --icmp-type 8 -j DROP | |
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 | |
-A INPUT -j REJECT --reject-with icmp-port-unreachable | |
-A FORWARD -j REJECT --reject-with icmp-port-unreachable | |
-A OUTPUT -j ACCEPT | |
COMMIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
while read oldrev newrev refname | |
do | |
if [ "$refname" == "refs/heads/master" ]; then | |
WORKDIR=/home/office/source/airlock | |
export GIT_DIR=$WORKDIR/.git | |
pushd $WORKDIR >/dev/null | |
git pull --quiet >/dev/null | |
echo "====================================================" | |
echo "Deployed Gateway config changes" | |
echo "If changes were made to the iptables, you must run:" | |
echo "sudo iptables-restore < /etc/iptables.up.rules" | |
echo "to reapply them." | |
echo "====================================================" | |
popd >/dev/null | |
fi | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Host gateway | |
HostName 127.0.0.1 | |
Host sat1 | |
HostName satellite1.example.com | |
Host * | |
AddressFamily inet | |
Port 12345 | |
User office |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Port 12345 | |
PermitRootLogin no | |
PubkeyAuthentication yes | |
AuthorizedKeysFile %h/.ssh/authorized_keys | |
PermitEmptyPasswords no | |
PasswordAuthentication no |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment