Merge pull request #13 from ST2Projects/tk/client-prep

Tk/client prep

Author: neo1908

.gitignore

@@ -171,4 +171,4 @@ fabric.properties
 
 resources
 dist/
-./ssh-sentinel-server
+ssh-sentinel-server

.goreleaser.yml

@@ -16,6 +16,11 @@ archives:
       linux: Linux
       386: i386
       amd64: x86_64
+    files:
+      - samples
+      - README.md
+      - LICENSE
+      - install/Makefile
 checksum:
   name_template: 'checksums.txt'
 snapshot:

README.md

@@ -6,6 +6,35 @@ A simple to use and deploy SSH CA server.
 
 Once ready, I will update the README and provide some more info in terms of usage and deployment
 
+## Installation
+
+The release archive contains the binary `ssh-sentinel-server` and a samples directory containing a config template and a systemd service file.
+
+You **will** need to edit the `config.json` to suit your needs. You may need to edit the service file depending on your OS.
+
+To install, unpack the archive into the `/opt` directory then run the then install
+
+```shell
+mkdir /opt/sentinel
+# Copy archive into directory
+tar xvzf ssh-sentinel-server_$VERSION_$ARCH.tar.gz
+
+make install
+```
+
+## Configuration
+
+Configuration is defined in the `config.json`. Properties are explained below. All paths are relative to the `resources` directory
+
+- `CAPrivateKey` - Name of the CA private key. The key must be unencrypted - a future enhancement will allow encrypted keys
+- `CAPublicKey` - Name of the CA public key.
+- `MaxValidTime` - Maximum lifespan of signed keys, in the normal [go duration format](https://pkg.go.dev/time#ParseDuration)
+- `db.dialect` - Must be `sqlite3`. A future release will add support for other DBs
+- `db.username` - Username of the DB user
+- `db.password` - Password of the DB user
+- `db.connection` - Connection URL for the DB. For sqlite3 this is a file path
+- `db.dbName` - Name of the DB
+
 ## Goals
 
 There are a couple of SSH CA servers out there - I have found them all difficult to use and have specific platform

app/admin_runner.go

@@ -2,9 +2,9 @@ package app
 
 import (
 	log "github.com/sirupsen/logrus"
-	"ssh-sentinel-server/config"
-	"ssh-sentinel-server/model/db"
-	"ssh-sentinel-server/sql"
+	"github.com/st2projects/ssh-sentinel-server/config"
+	"github.com/st2projects/ssh-sentinel-server/model/db"
+	"github.com/st2projects/ssh-sentinel-server/sql"
 )
 
 func RunAdmin(configPath string, createUser bool, name string, username string, principals []string) {

app/initialiser.go

@@ -2,12 +2,13 @@ package app
 
 import (
 	log "github.com/sirupsen/logrus"
-	"ssh-sentinel-server/config"
-	"ssh-sentinel-server/server"
-	"ssh-sentinel-server/sql"
+	"github.com/st2projects/ssh-sentinel-server/config"
+	"github.com/st2projects/ssh-sentinel-server/model"
+	"github.com/st2projects/ssh-sentinel-server/server"
+	"github.com/st2projects/ssh-sentinel-server/sql"
 )
 
-func InitialiseApp(configPath string, devMode bool) {
+func InitialiseApp(configPath string, devMode bool, httpConfig *model.HTTPConfig) {
 
 	customLogFormat := new(log.TextFormatter)
 	customLogFormat.TimestampFormat = "2022-01-01 01:01:01.123"
@@ -19,5 +20,5 @@ func InitialiseApp(configPath string, devMode bool) {
 	config.MakeConfig(configPath, devMode)
 	sql.Connect()
 
-	server.Serve()
+	server.Serve(httpConfig)
 }

cmd/admin.go

@@ -2,7 +2,7 @@ package cmd
 
 import (
 	"github.com/spf13/cobra"
-	"ssh-sentinel-server/app"
+	"github.com/st2projects/ssh-sentinel-server/app"
 )
 
 var create bool

cmd/serve.go

@@ -2,23 +2,29 @@ package cmd
 
 import (
 	"github.com/spf13/cobra"
-	"ssh-sentinel-server/app"
+	"github.com/st2projects/ssh-sentinel-server/app"
+	"github.com/st2projects/ssh-sentinel-server/model"
 )
 
 var devMode bool
 
+var httpConfig = model.HTTPConfig{}.Default()
+
 // serveCmd represents the serve command
 var serveCmd = &cobra.Command{
 	Use:   "serve",
 	Short: "Start the CA server",
 	Run: func(cmd *cobra.Command, args []string) {
-		app.InitialiseApp(configPath, devMode)
+		app.InitialiseApp(configPath, devMode, httpConfig)
 	},
 }
 
 func init() {
+
 	rootCmd.AddCommand(serveCmd)
 	serveCmd.Flags().StringVarP(&configPath, "config", "c", "", "Config file")
+	serveCmd.Flags().IntVarP(&httpConfig.HttpsPort, "https-port", "s", 443, "HTTPS Port")
+	serveCmd.Flags().IntVarP(&httpConfig.HttpPort, "http-port", "i", 80, "HTTP Port")
 	serveCmd.Flags().BoolVarP(&devMode, "dev-mode", "d", false, "Run in DEV mode. See README for implications")
 
 	serveCmd.MarkFlagRequired("config")

go.mod

@@ -1,4 +1,4 @@
-module ssh-sentinel-server
+module github.com/st2projects/ssh-sentinel-server
 
 go 1.18
 
@@ -10,6 +10,7 @@ require (
 	github.com/justinas/alice v1.2.0
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.5.0
+	github.com/st2projects/ssh-sentinel-core v1.0.0
 	golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d
 	golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e
 	gorm.io/driver/sqlite v1.3.6

go.sum

@@ -732,6 +732,8 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
 github.com/spf13/viper v1.7.1/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
+github.com/st2projects/ssh-sentinel-core v1.0.0 h1:9MKquOBeExd660PWkJ221pIa6qw11Bvec9TfA90W1os=
+github.com/st2projects/ssh-sentinel-core v1.0.0/go.mod h1:x7Lj7JO1u4BT0iWnj66eIbn9fqQD1qB2ollTFsVzzHg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.3.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=

install/Makefile

@@ -0,0 +1,8 @@
+install:
+	cp -a samples/config.json .
+	mkdir -p resources
+	cp samples/ssh-sentinel.service /etc/systemd/system/ssh-sentinel.service
+	systemctl daemon-reload
+
+	echo "Config file copied to ${PWD}/config.json. Please edit it before starting the service"
+	echo "To start the service run systemctl start ssh-sentinel - To enable start on boot: systemctl enable ssh-sentinel"