.cirrus.yml

# Test the documentation on SSH hardening
server_task:
  matrix:
    - name: Server 12.4-RELEASE
      freebsd_instance:
        image_family: freebsd-12-4
    - name: Server 12.4-STABLE
      freebsd_instance:
        image_family: freebsd-12-4-snap
    - name: Server 13.2-RELEASE
      freebsd_instance:
        image_family: freebsd-13-2
    - name: Server 13.2-STABLE
      freebsd_instance:
        image_family: freebsd-13-2-snap
    - name: Server 14.0-RELEASE
      freebsd_instance:
        image_family: freebsd-14-0
    - name: Server 14.0-STABLE
      freebsd_instance:
        image_family: freebsd-14-0-snap
    - name: Server 15.0-CURRENT
      freebsd_instance:
        image_family: freebsd-15-0-snap
  ssh-hardening_script:
    - sed -i '' 's/^/#/' server.md
    - sed -i '' '/^#         .*$/d' server.md
    - sed -i '' 's/^#    //' server.md
    - printf "#\!/bin/sh\n%s\n" "$(cat server.md)" > ssh-hardening.sh
    - sh ./ssh-hardening.sh
    - sh .cirrus/check_for_recommendations.sh

  always:
    ssh-audit.out_artifacts:
      path: ssh-audit.out
      type: text/plain

client_task:
  matrix:
    - name: Client 12.4-RELEASE
      freebsd_instance:
        image_family: freebsd-12-4
    - name: Client 12.4-STABLE
      freebsd_instance:
        image_family: freebsd-12-4-snap
    - name: Client 13.2-RELEASE
      freebsd_instance:
        image_family: freebsd-13-2
    - name: Client 13.2-STABLE
      freebsd_instance:
        image_family: freebsd-13-2-snap
    - name: Client 14.0-RELEASE
      freebsd_instance:
        image_family: freebsd-14-0
    - name: Client 14.0-STABLE
      freebsd_instance:
        image_family: freebsd-14-0-snap
    - name: Client 15.0-CURRENT
      freebsd_instance:
        image_family: freebsd-15-0-snap
  install_ssh-audit_script: pkg install -y security/py-ssh-audit
  ssh-audit_background_script: ssh-audit -c --no-colors | tee ssh-audit-client.out
  ssh-hardening_script:
    - grep printf client.md > client.subr
    - sed -i '' 's|~|/root|g' client.subr
    - printf "#\!/bin/sh\nset -e\n%s\n" "$(cat client.subr)" > ssh-client-hardening.sh
    - sh ./ssh-client-hardening.sh
  test_ssh_client_script:
    - ssh localhost -p 2222 -T || true
  always:
    ssh-audit-client.out_artifacts:
      path: ssh-audit-client.out
      type: text/plain