From 128b41ede995aa70fe4eb3aa0d78d390626289f1 Mon Sep 17 00:00:00 2001
From: Justin Oros <JustinOros@gmail.com>
Date: Sat, 18 Apr 2026 14:31:10 -0700
Subject: [PATCH] setup-hub.sh: fix sed delimiter and add file dep,
 onboard-spoke.sh: fix rclone append newline guard and keyscan key-type dedup,
 offboard-spoke.sh: fix crontab empty check and add timestamped backup,
 setup-network.sh: replace single bak with timestamped backup, compose.yaml:
 replace syncthing host network with explicit port bindings

---
 hub/offboard-spoke.sh  | 23 ++++++++++++++++-------
 hub/onboard-spoke.sh   |  3 ++-
 hub/setup-hub.sh       |  4 ++--
 spoke/compose.yaml     |  4 +++-
 spoke/setup-network.sh |  7 +++++--
 spoke/setup-spoke.sh   |  2 +-
 6 files changed, 29 insertions(+), 14 deletions(-)

diff --git a/hub/offboard-spoke.sh b/hub/offboard-spoke.sh
index 6a9d3e2..90b09d0 100755
--- a/hub/offboard-spoke.sh
+++ b/hub/offboard-spoke.sh
@@ -88,15 +88,24 @@ fi
 
 header "Removing Crontab Entry"
 EXISTING=$(crontab -l 2>/dev/null || true)
-UPDATED=$(echo "$EXISTING" | grep -v "${SPOKE_NAME}-remote:" || true)
-if [ "$EXISTING" = "$UPDATED" ]; then
+if [ -z "$EXISTING" ]; then
     warn "No crontab entry found for $SPOKE_NAME."
-elif [ -z "$UPDATED" ]; then
-    crontab -r 2>/dev/null || true
-    info "Crontab entry for $SPOKE_NAME removed (crontab now empty)."
 else
-    echo "$UPDATED" | crontab -
-    info "Crontab entry for $SPOKE_NAME removed."
+    CRONTAB_BACKUP="${HOME}/.config/tinyboard/crontab.$(date +%Y%m%d%H%M%S)"
+    mkdir -p "$(dirname "$CRONTAB_BACKUP")"
+    echo "$EXISTING" > "$CRONTAB_BACKUP"
+    info "Crontab backed up to $CRONTAB_BACKUP"
+    info "To restore: crontab $CRONTAB_BACKUP"
+    UPDATED=$(echo "$EXISTING" | grep -v "${SPOKE_NAME}-remote:" || true)
+    if [ "$EXISTING" = "$UPDATED" ]; then
+        warn "No crontab entry found for $SPOKE_NAME."
+    elif [ -z "$UPDATED" ]; then
+        crontab -r
+        info "Crontab entry for $SPOKE_NAME removed (crontab now empty)."
+    else
+        echo "$UPDATED" | crontab -
+        info "Crontab entry for $SPOKE_NAME removed."
+    fi
 fi
 
 header "Removing rclone Remote"
diff --git a/hub/onboard-spoke.sh b/hub/onboard-spoke.sh
index 5afeb2a..b5f2630 100755
--- a/hub/onboard-spoke.sh
+++ b/hub/onboard-spoke.sh
@@ -78,7 +78,7 @@ info "Scanning spoke host key..."
 KEYSCAN=$(ssh-keyscan -p "$TUNNEL_PORT" -H localhost 2>/dev/null)
 [ -n "$KEYSCAN" ] || die "Spoke not reachable on port $TUNNEL_PORT — is the tunnel up?"
 while IFS= read -r KEYSCAN_LINE; do
-    KEYSCAN_KEY=$(echo "$KEYSCAN_LINE" | awk '{print $3}')
+    KEYSCAN_KEY=$(echo "$KEYSCAN_LINE" | awk '{print $2, $3}')
     if ! grep -qF "$KEYSCAN_KEY" "$SSH_DIR/known_hosts" 2>/dev/null; then
         echo "$KEYSCAN_LINE" >> "$SSH_DIR/known_hosts"
     fi
@@ -125,6 +125,7 @@ header "Adding rclone Remote"
 if grep -q "\[${SPOKE_NAME}-remote\]" "$RCLONE_CONF" 2>/dev/null; then
     warn "Remote [${SPOKE_NAME}-remote] already exists in $RCLONE_CONF, skipping."
 else
+    [ -s "$RCLONE_CONF" ] && tail -c1 "$RCLONE_CONF" | grep -qv $'\n' && echo "" >> "$RCLONE_CONF"
     cat >> "$RCLONE_CONF" <<EOF
 
 [${SPOKE_NAME}-remote]
diff --git a/hub/setup-hub.sh b/hub/setup-hub.sh
index 39243c1..1ee9e8c 100755
--- a/hub/setup-hub.sh
+++ b/hub/setup-hub.sh
@@ -51,7 +51,7 @@ check_permissions() {
 
 [ "$(id -u)" -eq 0 ] || die "Run as root"
 
-check_deps ssh ssh-keygen systemctl useradd groupadd
+check_deps ssh ssh-keygen systemctl useradd groupadd file
 
 header "TinyBoard Hub Setup"
 
@@ -154,7 +154,7 @@ SSHD_CONF="/etc/ssh/sshd_config"
 for DIRECTIVE in "GatewayPorts yes" "AllowTcpForwarding yes" "ClientAliveInterval 60" "ClientAliveCountMax 3"; do
     KEY="${DIRECTIVE%% *}"
     if grep -q "^$KEY" "$SSHD_CONF"; then
-        sed -i "s/^$KEY.*/$DIRECTIVE/" "$SSHD_CONF"
+        sed -i "s|^$KEY.*|$DIRECTIVE|" "$SSHD_CONF"
     else
         echo "$DIRECTIVE" >> "$SSHD_CONF"
     fi
diff --git a/spoke/compose.yaml b/spoke/compose.yaml
index 4ba46b9..8113022 100644
--- a/spoke/compose.yaml
+++ b/spoke/compose.yaml
@@ -21,9 +21,11 @@ services:
     container_name: spoke-syncthing
     hostname: spoke-syncthing
     restart: unless-stopped
-    network_mode: host
     environment:
       - PUID=1000
       - PGID=1000
+    ports:
+      - "127.0.0.1:8384:8384"
+      - "22000:22000"
     volumes:
       - /home/armbian/st:/var/syncthing
diff --git a/spoke/setup-network.sh b/spoke/setup-network.sh
index 23fc0e6..820f19e 100755
--- a/spoke/setup-network.sh
+++ b/spoke/setup-network.sh
@@ -124,9 +124,12 @@ fi
 header "Writing Netplan Config"
 BACKUP_FILE=""
 if [ -f "$NETPLAN_FILE" ]; then
-    BACKUP_FILE="/root/$(basename "${NETPLAN_FILE}").bak"
+    NETPLAN_BACKUP_DIR="/root/.config/tinyboard/netplan-backups"
+    mkdir -p "$NETPLAN_BACKUP_DIR"
+    BACKUP_FILE="$NETPLAN_BACKUP_DIR/$(basename "${NETPLAN_FILE}").$(date +%Y%m%d%H%M%S)"
     cp "$NETPLAN_FILE" "$BACKUP_FILE"
-    info "Backup saved to $BACKUP_FILE"
+    info "Netplan config backed up to $BACKUP_FILE"
+    info "To restore: cp $BACKUP_FILE $NETPLAN_FILE && netplan apply"
 fi
 
 if $IS_WIFI; then
diff --git a/spoke/setup-spoke.sh b/spoke/setup-spoke.sh
index 874d193..f134b4c 100755
--- a/spoke/setup-spoke.sh
+++ b/spoke/setup-spoke.sh
@@ -278,7 +278,7 @@ chmod 600 "$SSH_DIR/known_hosts"
 HUB_KEYSCAN=$(ssh-keyscan -H "$HUB_HOST" 2>/dev/null)
 if [ -n "$HUB_KEYSCAN" ]; then
     while IFS= read -r KEYSCAN_LINE; do
-        KEYSCAN_KEY=$(echo "$KEYSCAN_LINE" | awk '{print $3}')
+        KEYSCAN_KEY=$(echo "$KEYSCAN_LINE" | awk '{print $2, $3}')
         if ! grep -qF "$KEYSCAN_KEY" "$SSH_DIR/known_hosts" 2>/dev/null; then
             echo "$KEYSCAN_LINE" >> "$SSH_DIR/known_hosts"
         fi