setup-hub.sh: fix sed delimiter and add file dep, onboard-spoke.sh: fix rclone append newline guard and keyscan key-type dedup, offboard-spoke.sh: fix crontab empty check and add timestamped backup, setup-network.sh: replace single bak with timestamped backup, compose.yaml: replace syncthing host network with explicit port bindings

hub/offboard-spoke.sh

@@ -88,16 +88,25 @@ fi
 
 header "Removing Crontab Entry"
 EXISTING=$(crontab -l 2>/dev/null || true)
+if [ -z "$EXISTING" ]; then
+    warn "No crontab entry found for $SPOKE_NAME."
+else
+    CRONTAB_BACKUP="${HOME}/.config/tinyboard/crontab.$(date +%Y%m%d%H%M%S)"
+    mkdir -p "$(dirname "$CRONTAB_BACKUP")"
+    echo "$EXISTING" > "$CRONTAB_BACKUP"
+    info "Crontab backed up to $CRONTAB_BACKUP"
+    info "To restore: crontab $CRONTAB_BACKUP"
     UPDATED=$(echo "$EXISTING" | grep -v "${SPOKE_NAME}-remote:" || true)
     if [ "$EXISTING" = "$UPDATED" ]; then
         warn "No crontab entry found for $SPOKE_NAME."
     elif [ -z "$UPDATED" ]; then
-    crontab -r 2>/dev/null || true
+        crontab -r
         info "Crontab entry for $SPOKE_NAME removed (crontab now empty)."
     else
         echo "$UPDATED" | crontab -
         info "Crontab entry for $SPOKE_NAME removed."
     fi
+fi
 
 header "Removing rclone Remote"
 if grep -q "\[${SPOKE_NAME}-remote\]" "$RCLONE_CONF" 2>/dev/null; then

hub/onboard-spoke.sh

@@ -78,7 +78,7 @@ info "Scanning spoke host key..."
 KEYSCAN=$(ssh-keyscan -p "$TUNNEL_PORT" -H localhost 2>/dev/null)
 [ -n "$KEYSCAN" ] || die "Spoke not reachable on port $TUNNEL_PORT — is the tunnel up?"
 while IFS= read -r KEYSCAN_LINE; do
-    KEYSCAN_KEY=$(echo "$KEYSCAN_LINE" | awk '{print $3}')
+    KEYSCAN_KEY=$(echo "$KEYSCAN_LINE" | awk '{print $2, $3}')
     if ! grep -qF "$KEYSCAN_KEY" "$SSH_DIR/known_hosts" 2>/dev/null; then
         echo "$KEYSCAN_LINE" >> "$SSH_DIR/known_hosts"
     fi
@@ -125,6 +125,7 @@ header "Adding rclone Remote"
 if grep -q "\[${SPOKE_NAME}-remote\]" "$RCLONE_CONF" 2>/dev/null; then
     warn "Remote [${SPOKE_NAME}-remote] already exists in $RCLONE_CONF, skipping."
 else
+    [ -s "$RCLONE_CONF" ] && tail -c1 "$RCLONE_CONF" | grep -qv $'\n' && echo "" >> "$RCLONE_CONF"
     cat >> "$RCLONE_CONF" <<EOF
 
 [${SPOKE_NAME}-remote]

hub/setup-hub.sh

@@ -51,7 +51,7 @@ check_permissions() {
 
 [ "$(id -u)" -eq 0 ] || die "Run as root"
 
-check_deps ssh ssh-keygen systemctl useradd groupadd
+check_deps ssh ssh-keygen systemctl useradd groupadd file
 
 header "TinyBoard Hub Setup"
 
@@ -154,7 +154,7 @@ SSHD_CONF="/etc/ssh/sshd_config"
 for DIRECTIVE in "GatewayPorts yes" "AllowTcpForwarding yes" "ClientAliveInterval 60" "ClientAliveCountMax 3"; do
     KEY="${DIRECTIVE%% *}"
     if grep -q "^$KEY" "$SSHD_CONF"; then
-        sed -i "s/^$KEY.*/$DIRECTIVE/" "$SSHD_CONF"
+        sed -i "s|^$KEY.*|$DIRECTIVE|" "$SSHD_CONF"
     else
         echo "$DIRECTIVE" >> "$SSHD_CONF"
     fi

spoke/compose.yaml

@@ -21,9 +21,11 @@ services:
     container_name: spoke-syncthing
     hostname: spoke-syncthing
     restart: unless-stopped
-    network_mode: host
     environment:
       - PUID=1000
       - PGID=1000
+    ports:
+      - "127.0.0.1:8384:8384"
+      - "22000:22000"
     volumes:
       - /home/armbian/st:/var/syncthing

spoke/setup-network.sh

@@ -124,9 +124,12 @@ fi
 header "Writing Netplan Config"
 BACKUP_FILE=""
 if [ -f "$NETPLAN_FILE" ]; then
-    BACKUP_FILE="/root/$(basename "${NETPLAN_FILE}").bak"
+    NETPLAN_BACKUP_DIR="/root/.config/tinyboard/netplan-backups"
+    mkdir -p "$NETPLAN_BACKUP_DIR"
+    BACKUP_FILE="$NETPLAN_BACKUP_DIR/$(basename "${NETPLAN_FILE}").$(date +%Y%m%d%H%M%S)"
     cp "$NETPLAN_FILE" "$BACKUP_FILE"
-    info "Backup saved to $BACKUP_FILE"
+    info "Netplan config backed up to $BACKUP_FILE"
+    info "To restore: cp $BACKUP_FILE $NETPLAN_FILE && netplan apply"
 fi
 
 if $IS_WIFI; then

spoke/setup-spoke.sh

@@ -278,7 +278,7 @@ chmod 600 "$SSH_DIR/known_hosts"
 HUB_KEYSCAN=$(ssh-keyscan -H "$HUB_HOST" 2>/dev/null)
 if [ -n "$HUB_KEYSCAN" ]; then
     while IFS= read -r KEYSCAN_LINE; do
-        KEYSCAN_KEY=$(echo "$KEYSCAN_LINE" | awk '{print $3}')
+        KEYSCAN_KEY=$(echo "$KEYSCAN_LINE" | awk '{print $2, $3}')
         if ! grep -qF "$KEYSCAN_KEY" "$SSH_DIR/known_hosts" 2>/dev/null; then
             echo "$KEYSCAN_LINE" >> "$SSH_DIR/known_hosts"
         fi