From 85c081df3d204a2866dc9642344bd6033251df69 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Peter=20=C5=A0urda?= <peter@bitmessage.at>
Date: Thu, 23 Feb 2023 13:22:25 +0800
Subject: [PATCH] Replace opessh-server with dropbear

- apparently dropbear now supports ed25519 keys so openssh isn't
  necessary anymore
---
 .buildbot/openwrt/build.sh |  9 ++++-----
 defaults/00-defaults       |  4 ++++
 defaults/50-dropbear       | 17 +++++++++++++++++
 defaults/50-sshd           |  2 --
 4 files changed, 25 insertions(+), 7 deletions(-)
 create mode 100644 defaults/00-defaults
 create mode 100644 defaults/50-dropbear
 delete mode 100644 defaults/50-sshd

diff --git a/.buildbot/openwrt/build.sh b/.buildbot/openwrt/build.sh
index 10b9156..d5aefa5 100755
--- a/.buildbot/openwrt/build.sh
+++ b/.buildbot/openwrt/build.sh
@@ -50,10 +50,10 @@ echo "CONFIG_TARGET_ROOTFS_PARTSIZE=208" >> .config
 echo "CONFIG_TARGET_ROOTFS_EXT4FS=n" >> .config
 
 # Setup files
-mkdir -p files/root/.ssh
-chmod 0700 files/root files/root/.ssh
-cp ${pwd}/authorized_keys files/root/.ssh/
-chmod 0400 files/root/.ssh/authorized_keys
+mkdir -p files/etc/dropbear
+chmod 0750 files/etc/dropbear
+cp ${pwd}/authorized_keys files/etc/dropbear
+chmod 0400 files/etc/dropbear/authorized_keys
 mkdir -p files/etc/uci-defaults
 cp ${pwd}/defaults/* files/etc/uci-defaults
 
@@ -90,7 +90,6 @@ PACKAGES="kmod-nf-nathelper-extra kmod-rtc-ds1307 \
 	  luci-ssl-nginx luci-app-acme \
 	  python3-packages python3-yaml \
 	  wireguard-tools wget-ssl \
-	  openssh-server \
 	 "
 
 make image PROFILE=rpi-4 \
diff --git a/defaults/00-defaults b/defaults/00-defaults
new file mode 100644
index 0000000..9863823
--- /dev/null
+++ b/defaults/00-defaults
@@ -0,0 +1,4 @@
+touch /etc/config/defaults
+
+/sbin/uci get defaults.version || /sbin/uci set defaults.version=version && \
+  /sbin/uci commit defaults
diff --git a/defaults/50-dropbear b/defaults/50-dropbear
new file mode 100644
index 0000000..8468817
--- /dev/null
+++ b/defaults/50-dropbear
@@ -0,0 +1,17 @@
+VERSION=1
+
+[ "$(uci -q get defaults.version.dropbear)" -ge "$VERSION" ] && exit 0
+
+# save version
+/sbin/uci set defaults.version.dropbear="$VERSION"
+
+/sbin/uci -q batch << EOF
+set defaults.version.dropbear="$VERSION"
+commit defaults
+set dropbear.@dropbear[0].PasswordAuth='off'
+set dropbear.@dropbear[0].RootPasswordAuth='off'
+commit dropbear
+EOF
+
+/sbin/service dropbear enable
+/sbin/service dropbear restart
diff --git a/defaults/50-sshd b/defaults/50-sshd
deleted file mode 100644
index 2e6727a..0000000
--- a/defaults/50-sshd
+++ /dev/null
@@ -1,2 +0,0 @@
-echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
-/sbin/service sshd restart
\ No newline at end of file