V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-07-18 20:31:00 +02:00
parent c7930b9f28
commit 34193a5a02
8 changed files with 411 additions and 405 deletions
--- a/func/4195_setup_dropbear.sh
+++ b/func/4195_setup_dropbear.sh
@@ -27,15 +27,14 @@ guard_sourcing
 #   VAR_SETUP_PATH
 #   network_static_ipv4nameserver_0
 #   network_static_ipv4nameserver_1
-#   user_bastion_enable
-#   user_bastion_ipv4_0
+#   ssh_allow_ipv4_0
 #   dropbear_dhcp
 #   dropbear_firewall
 #   user_root_ssh_pubkeys_0
 #   user_root_ssh_pubkeys_1
 #   user_root_ssh_pubkeys_2
 #   user_root_ssh_pubkeys_3
-#   user_ssh_port
+#   ssh_port
 # Arguments:
 #   None
 # Returns:
@@ -138,15 +137,14 @@ EOF
  install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/initramfs-tools/files/dropbear_fw.sh" \
    "${TARGET}/includes/initramfs-tools/files/"

-  if [[ "${dropbear_firewall,,}" == "true" && -n "${user_bastion_ipv4_0}" ]]; then
+  if [[ "${dropbear_firewall,,}" == "true" && -n "${ssh_allow_ipv4_0}" ]]; then

    sed -i 's/^DROPBEAR_FIREWALL_ENABLED=0$/DROPBEAR_FIREWALL_ENABLED=1/' "${TARGET}/includes/initramfs-tools/files/dropbear_fw.cnf"
    sed -i '/^# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh$/d' "${TARGET}/includes/initramfs-tools/files/dropbear_fw.cnf"

    cat << EOF >> "${TARGET}/includes/initramfs-tools/files/dropbear_fw.cnf"
 DROPBEAR_PORT=${dropbear_port}
-DROPBEAR_JUMP_SERVER_IP=${user_bastion_ipv4_0}
-DROPBEAR_BASTION_ENABLE=${user_bastion_enable}
+DROPBEAR_JUMP_SERVER_IP=${ssh_allow_ipv4_0}

 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
 EOF
@@ -165,7 +163,7 @@ EOF
 # Write '/etc/dropbear/initramfs/dropbear.conf'.
 # Globals:
 #   TARGET
-#   user_ssh_port
+#   ssh_port
 # Arguments:
 #   None
 # Returns:
@@ -188,7 +186,7 @@ write_dropbear_conf() {
 # -K: Keepalive interval in seconds
 # -p: Specify port (and optionally address)
 # -w: Disable root login (SHOULD NOT be implemented for initramfs)
-DROPBEAR_OPTIONS="-b /etc/dropbear/initramfs/banner -c /usr/local/bin/unlock_wrapper.sh -E -I 300 -K 60 -p ${user_ssh_port:-2222}"
+DROPBEAR_OPTIONS="-b /etc/dropbear/initramfs/banner -c /usr/local/bin/unlock_wrapper.sh -E -I 300 -K 60 -p ${dropbear_port:-2222}"

 #
 # On local (non-NFS) mounts, interfaces matching this pattern are