signstar_configure_build/
cli.rs1use clap::{Parser, crate_name};
2use signstar_common::{
3 config::{
4 get_default_config_file_path,
5 get_etc_override_config_file_path,
6 get_run_override_config_file_path,
7 get_usr_local_override_config_file_path,
8 },
9 ssh::{get_ssh_authorized_key_base_dir, get_sshd_config_dropin_dir},
10 system_user::get_home_base_dir_path,
11};
12use strum::VariantNames;
13
14use crate::{ConfigPath, SshForceCommand};
15
16pub const BIN_NAME: &str = crate_name!();
17const SSH_FORCE_COMMAND_VARIANTS: &[&str] = SshForceCommand::VARIANTS;
18
19#[derive(Debug, Parser)]
20#[command(
21 about = "A command-line interface for Signstar image build configuration",
22 name = BIN_NAME,
23 long_about = format!("A command-line interface for Signstar image build configuration
24
25NOTE: This command must be run as root!
26
27This executable is meant to be used to configure relevant system users of a Signstar system during build.
28
29It creates system users and their integration based on a central configuration file.
30
31By default, one of the following configuration files is used if it exists, in the following order:
32
33- {:?}
34
35- {:?}
36
37- {:?}
38
39If none of the above are found, the default location {:?} is used.
40Alternatively a custom configuration file location can be specified using the \"--config\"/ \"-c\" option.
41
42System users, if they don't exist already, are created with the help of `useradd`.
43The users are created without a passphrase and setup with a home below {:?}.
44However, their home directory is not created automatically.
45The system user accounts are then unlocked with the help of `usermod`.
46For each system user a tmpfiles.d integration is provided below \"/usr/lib/tmpfiles.d\", to allow automatic creation of their home directory.
47
48If the used configuration file associates the system user with SSH public keys, a dedicated \"authorized_keys\" file containing the SSH public keys for the user is created below {:?}.
49Additionally, an \"sshd_config\" drop-in configuration is created below {:?}.
50This \"sshd_config\" drop-in configuration enforces the use of the user's \"authorized_keys\" and the use of a specific command (i.e. one of {SSH_FORCE_COMMAND_VARIANTS:?}) depending on the user's role.",
51 get_usr_local_override_config_file_path(),
52 get_run_override_config_file_path(),
53 get_etc_override_config_file_path(),
54 get_default_config_file_path(),
55 get_home_base_dir_path(),
56 get_ssh_authorized_key_base_dir(),
57 get_sshd_config_dropin_dir(),
58 )
59)]
60pub struct Cli {
61 #[arg(
62 env = "SIGNSTAR_CONFIG",
63 global = true,
64 help = "The path to a custom configuration file",
65 long_help = format!("The path to a custom configuration file
66
67If specified, the custom configuration file is used instead of the default configuration file location.
68
69If unspecified, one of the following configuration files is used if it exists, in the following order:
70
71- {:?}
72
73- {:?}
74
75- {:?}
76
77If none of the above are found, the default location {:?} is used.",
78 get_usr_local_override_config_file_path(),
79 get_run_override_config_file_path(),
80 get_etc_override_config_file_path(),
81 get_default_config_file_path(),
82),
83 long,
84 short
85 )]
86 pub config: Option<ConfigPath>,
87
88 #[arg(
89 global = true,
90 help = "Return the name and version of the application",
91 long,
92 short
93 )]
94 pub version: bool,
95}