forked from finn/tinyboard
changed onboard-spoke flow
This commit is contained in:
@@ -13,8 +13,15 @@ NC='\033[0m'
|
|||||||
|
|
||||||
info() { echo -e "${GREEN}[+]${NC} $*"; }
|
info() { echo -e "${GREEN}[+]${NC} $*"; }
|
||||||
warn() { echo -e "${YELLOW}[!]${NC} $*"; }
|
warn() { echo -e "${YELLOW}[!]${NC} $*"; }
|
||||||
die() { echo -e "${RED}[ERROR]${NC} $*" >&2; exit 1; }
|
die() {
|
||||||
header() { echo -e "\n${CYAN}══════════════════════════════════════════${NC}"; echo -e "${CYAN} $*${NC}"; echo -e "${CYAN}══════════════════════════════════════════${NC}"; }
|
echo -e "${RED}[ERROR]${NC} $*" >&2
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
header() {
|
||||||
|
echo -e "\n${CYAN}══════════════════════════════════════════${NC}"
|
||||||
|
echo -e "${CYAN} $*${NC}"
|
||||||
|
echo -e "${CYAN}══════════════════════════════════════════${NC}"
|
||||||
|
}
|
||||||
|
|
||||||
check_deps() {
|
check_deps() {
|
||||||
local missing=()
|
local missing=()
|
||||||
@@ -73,27 +80,6 @@ KEY_PATH="$SSH_DIR/$KEY_NAME"
|
|||||||
|
|
||||||
mkdir -p "$(dirname "$RCLONE_CONF")"
|
mkdir -p "$(dirname "$RCLONE_CONF")"
|
||||||
|
|
||||||
header "Select Tunnel Key"
|
|
||||||
AVAILABLE_KEYS=()
|
|
||||||
while IFS= read -r keyfile; do
|
|
||||||
AVAILABLE_KEYS+=("$keyfile")
|
|
||||||
done < <(find "$SSH_DIR" -maxdepth 1 -type f ! -name "*.pub" ! -name "known_hosts" ! -name "authorized_keys" ! -name "config" | sort)
|
|
||||||
|
|
||||||
if [ ${#AVAILABLE_KEYS[@]} -eq 0 ]; then
|
|
||||||
die "No private keys found in $SSH_DIR."
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Available keys:"
|
|
||||||
for i in "${!AVAILABLE_KEYS[@]}"; do
|
|
||||||
echo " $i) ${AVAILABLE_KEYS[$i]}"
|
|
||||||
done
|
|
||||||
echo ""
|
|
||||||
read -rp "Choose key to use for tunnel access [0]: " KEY_CHOICE
|
|
||||||
KEY_CHOICE="${KEY_CHOICE:-0}"
|
|
||||||
[[ "$KEY_CHOICE" =~ ^[0-9]+$ ]] && [ "$KEY_CHOICE" -lt "${#AVAILABLE_KEYS[@]}" ] || die "Invalid choice."
|
|
||||||
TUNNEL_KEY="${AVAILABLE_KEYS[$KEY_CHOICE]}"
|
|
||||||
info "Using key: $TUNNEL_KEY"
|
|
||||||
|
|
||||||
header "Checking Tunnel"
|
header "Checking Tunnel"
|
||||||
info "Scanning spoke host key..."
|
info "Scanning spoke host key..."
|
||||||
KEYSCAN=$(ssh-keyscan -p "$TUNNEL_PORT" -H localhost 2>/dev/null)
|
KEYSCAN=$(ssh-keyscan -p "$TUNNEL_PORT" -H localhost 2>/dev/null)
|
||||||
@@ -105,16 +91,14 @@ while IFS= read -r KEYSCAN_LINE; do
|
|||||||
fi
|
fi
|
||||||
done <<<"$KEYSCAN"
|
done <<<"$KEYSCAN"
|
||||||
|
|
||||||
info "Verifying spoke is reachable on port $TUNNEL_PORT..."
|
info "Verifying spoke SSH service is reachable on port $TUNNEL_PORT..."
|
||||||
retry_or_abort \
|
info "Note: Password authentication should be enabled on the spoke for initial key setup."
|
||||||
"ssh -i \"$TUNNEL_KEY\" -o BatchMode=yes -o ConnectTimeout=10 -p \"$TUNNEL_PORT\" \"$SPOKE_USER\"@localhost exit" \
|
|
||||||
"Spoke not reachable on port $TUNNEL_PORT. Make sure the tunnel is up."
|
|
||||||
|
|
||||||
header "Generating Hub SSH Key"
|
header "Generating Hub SSH Key"
|
||||||
if [ -f "$KEY_PATH" ]; then
|
if [ -f "$KEY_PATH" ]; then
|
||||||
warn "Key $KEY_PATH already exists, skipping generation."
|
warn "Key $KEY_PATH already exists, skipping generation."
|
||||||
else
|
else
|
||||||
ssh-keygen -t ed25519 -f "$KEY_PATH" -N ""
|
ssh-keygen -t ed25519 -f "$KEY_PATH" -N "" -C "$KEY_NAME"
|
||||||
info "Key generated: $KEY_PATH"
|
info "Key generated: $KEY_PATH"
|
||||||
fi
|
fi
|
||||||
chmod 600 "$KEY_PATH"
|
chmod 600 "$KEY_PATH"
|
||||||
@@ -123,7 +107,7 @@ info "Permissions set: $KEY_PATH is 600"
|
|||||||
header "Installing Hub Access Key on Spoke"
|
header "Installing Hub Access Key on Spoke"
|
||||||
info "Copying hub public key to spoke's authorized_keys so the hub can SSH in for rclone..."
|
info "Copying hub public key to spoke's authorized_keys so the hub can SSH in for rclone..."
|
||||||
info "(You will be prompted for the $SPOKE_USER password on the spoke)"
|
info "(You will be prompted for the $SPOKE_USER password on the spoke)"
|
||||||
if ssh-copy-id -i "$KEY_PATH.pub" -o "IdentityFile=$TUNNEL_KEY" -p "$TUNNEL_PORT" "$SPOKE_USER"@localhost; then
|
if ssh-copy-id -i "$KEY_PATH.pub" -p "$TUNNEL_PORT" "$SPOKE_USER"@localhost; then
|
||||||
info "Key copied."
|
info "Key copied."
|
||||||
else
|
else
|
||||||
warn "ssh-copy-id failed — password auth may be disabled on the spoke."
|
warn "ssh-copy-id failed — password auth may be disabled on the spoke."
|
||||||
@@ -182,7 +166,10 @@ if [[ "${ADD_UNION,,}" == "y" ]]; then
|
|||||||
1) UPSTREAM_TAG=":ro" ;;
|
1) UPSTREAM_TAG=":ro" ;;
|
||||||
2) UPSTREAM_TAG=":nc" ;;
|
2) UPSTREAM_TAG=":nc" ;;
|
||||||
3) UPSTREAM_TAG=":writeback" ;;
|
3) UPSTREAM_TAG=":writeback" ;;
|
||||||
*) warn "Invalid choice, defaulting to full read/write."; UPSTREAM_TAG="" ;;
|
*)
|
||||||
|
warn "Invalid choice, defaulting to full read/write."
|
||||||
|
UPSTREAM_TAG=""
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
if [ -n "$UNION_PATH" ]; then
|
if [ -n "$UNION_PATH" ]; then
|
||||||
UPSTREAM="${SPOKE_NAME}-remote:${UNION_PATH}${UPSTREAM_TAG}"
|
UPSTREAM="${SPOKE_NAME}-remote:${UNION_PATH}${UPSTREAM_TAG}"
|
||||||
@@ -190,7 +177,8 @@ if [[ "${ADD_UNION,,}" == "y" ]]; then
|
|||||||
UPSTREAM="${SPOKE_NAME}-remote:${UPSTREAM_TAG}"
|
UPSTREAM="${SPOKE_NAME}-remote:${UPSTREAM_TAG}"
|
||||||
fi
|
fi
|
||||||
if grep -q "^\[${UNION_NAME}\]" "$RCLONE_CONF" 2>/dev/null; then
|
if grep -q "^\[${UNION_NAME}\]" "$RCLONE_CONF" 2>/dev/null; then
|
||||||
ALREADY=$(python3 - "$RCLONE_CONF" "$UNION_NAME" "${SPOKE_NAME}-remote:" <<'PYEOF'
|
ALREADY=$(
|
||||||
|
python3 - "$RCLONE_CONF" "$UNION_NAME" "${SPOKE_NAME}-remote:" <<'PYEOF'
|
||||||
import sys
|
import sys
|
||||||
path, section, prefix = sys.argv[1], sys.argv[2], sys.argv[3]
|
path, section, prefix = sys.argv[1], sys.argv[2], sys.argv[3]
|
||||||
with open(path) as f:
|
with open(path) as f:
|
||||||
@@ -267,7 +255,10 @@ else
|
|||||||
mkdir -p "$(dirname "$CRONTAB_BACKUP")"
|
mkdir -p "$(dirname "$CRONTAB_BACKUP")"
|
||||||
echo "$EXISTING" >"$CRONTAB_BACKUP"
|
echo "$EXISTING" >"$CRONTAB_BACKUP"
|
||||||
info "Crontab backed up to $CRONTAB_BACKUP"
|
info "Crontab backed up to $CRONTAB_BACKUP"
|
||||||
{ echo "$EXISTING"; echo "$CRON_ENTRY"; } | crontab -
|
{
|
||||||
|
echo "$EXISTING"
|
||||||
|
echo "$CRON_ENTRY"
|
||||||
|
} | crontab -
|
||||||
info "Auto-mount crontab entry added for ${SPOKE_NAME}."
|
info "Auto-mount crontab entry added for ${SPOKE_NAME}."
|
||||||
fi
|
fi
|
||||||
info "Starting mount now..."
|
info "Starting mount now..."
|
||||||
|
|||||||
Reference in New Issue
Block a user