From 1c88eb775d624a672a3b1fd51831c26275c09ea8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jorge=20E=2E=20G=C3=B3mez?= <jegomez@agofer.com.co>
Date: Fri, 8 Apr 2022 19:57:33 -0500
Subject: [PATCH] [DOC] Adds instructions for manual setup of remote access

---
 README.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/README.md b/README.md
index a37040f..ca7f6e7 100644
--- a/README.md
+++ b/README.md
@@ -31,3 +31,28 @@ This container should listen to external connections, in order to allow
 **Let's Encrypt** certificates to be assigned and renewed. It's strongly
 suggested to protect it using **fail2ban**, Geo-IP restrictions, or
 other security measures.
+
+## Further configuration
+
+Some of these steps could be handled by Ansible as well:
+
+* Setup port redirect from host to container, according to the sequence:
+
+```sh
+lxc config device add newodoocontainer ssh_redir proxy \
+    listen=tcp:0.0.0.0:23025 connect=tcp:127.0.0.1:22
+```
+
+* Add authorized public keys to `/home/odoo/.ssh/authorized_keys` file
+* Return file ownership of `/opt/odoo` to odoo user:
+
+```sh
+chown -R odoo:odoo /opt/odoo
+```
+
+* Allow odoo to run `sudo` without a password:
+
+```sh
+echo "odoo ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/10-odoo
+```
+