forked from finn/tinyboard
changed onboard-spoke flow
This commit is contained in:
@@ -13,8 +13,15 @@ NC='\033[0m'
|
||||
|
||||
info() { echo -e "${GREEN}[+]${NC} $*"; }
|
||||
warn() { echo -e "${YELLOW}[!]${NC} $*"; }
|
||||
die() { echo -e "${RED}[ERROR]${NC} $*" >&2; exit 1; }
|
||||
header() { echo -e "\n${CYAN}══════════════════════════════════════════${NC}"; echo -e "${CYAN} $*${NC}"; echo -e "${CYAN}══════════════════════════════════════════${NC}"; }
|
||||
die() {
|
||||
echo -e "${RED}[ERROR]${NC} $*" >&2
|
||||
exit 1
|
||||
}
|
||||
header() {
|
||||
echo -e "\n${CYAN}══════════════════════════════════════════${NC}"
|
||||
echo -e "${CYAN} $*${NC}"
|
||||
echo -e "${CYAN}══════════════════════════════════════════${NC}"
|
||||
}
|
||||
|
||||
check_deps() {
|
||||
local missing=()
|
||||
@@ -73,27 +80,6 @@ KEY_PATH="$SSH_DIR/$KEY_NAME"
|
||||
|
||||
mkdir -p "$(dirname "$RCLONE_CONF")"
|
||||
|
||||
header "Select Tunnel Key"
|
||||
AVAILABLE_KEYS=()
|
||||
while IFS= read -r keyfile; do
|
||||
AVAILABLE_KEYS+=("$keyfile")
|
||||
done < <(find "$SSH_DIR" -maxdepth 1 -type f ! -name "*.pub" ! -name "known_hosts" ! -name "authorized_keys" ! -name "config" | sort)
|
||||
|
||||
if [ ${#AVAILABLE_KEYS[@]} -eq 0 ]; then
|
||||
die "No private keys found in $SSH_DIR."
|
||||
fi
|
||||
|
||||
echo "Available keys:"
|
||||
for i in "${!AVAILABLE_KEYS[@]}"; do
|
||||
echo " $i) ${AVAILABLE_KEYS[$i]}"
|
||||
done
|
||||
echo ""
|
||||
read -rp "Choose key to use for tunnel access [0]: " KEY_CHOICE
|
||||
KEY_CHOICE="${KEY_CHOICE:-0}"
|
||||
[[ "$KEY_CHOICE" =~ ^[0-9]+$ ]] && [ "$KEY_CHOICE" -lt "${#AVAILABLE_KEYS[@]}" ] || die "Invalid choice."
|
||||
TUNNEL_KEY="${AVAILABLE_KEYS[$KEY_CHOICE]}"
|
||||
info "Using key: $TUNNEL_KEY"
|
||||
|
||||
header "Checking Tunnel"
|
||||
info "Scanning spoke host key..."
|
||||
KEYSCAN=$(ssh-keyscan -p "$TUNNEL_PORT" -H localhost 2>/dev/null)
|
||||
@@ -105,16 +91,14 @@ while IFS= read -r KEYSCAN_LINE; do
|
||||
fi
|
||||
done <<<"$KEYSCAN"
|
||||
|
||||
info "Verifying spoke is reachable on port $TUNNEL_PORT..."
|
||||
retry_or_abort \
|
||||
"ssh -i \"$TUNNEL_KEY\" -o BatchMode=yes -o ConnectTimeout=10 -p \"$TUNNEL_PORT\" \"$SPOKE_USER\"@localhost exit" \
|
||||
"Spoke not reachable on port $TUNNEL_PORT. Make sure the tunnel is up."
|
||||
info "Verifying spoke SSH service is reachable on port $TUNNEL_PORT..."
|
||||
info "Note: Password authentication should be enabled on the spoke for initial key setup."
|
||||
|
||||
header "Generating Hub SSH Key"
|
||||
if [ -f "$KEY_PATH" ]; then
|
||||
warn "Key $KEY_PATH already exists, skipping generation."
|
||||
else
|
||||
ssh-keygen -t ed25519 -f "$KEY_PATH" -N ""
|
||||
ssh-keygen -t ed25519 -f "$KEY_PATH" -N "" -C "$KEY_NAME"
|
||||
info "Key generated: $KEY_PATH"
|
||||
fi
|
||||
chmod 600 "$KEY_PATH"
|
||||
@@ -123,7 +107,7 @@ info "Permissions set: $KEY_PATH is 600"
|
||||
header "Installing Hub Access Key on Spoke"
|
||||
info "Copying hub public key to spoke's authorized_keys so the hub can SSH in for rclone..."
|
||||
info "(You will be prompted for the $SPOKE_USER password on the spoke)"
|
||||
if ssh-copy-id -i "$KEY_PATH.pub" -o "IdentityFile=$TUNNEL_KEY" -p "$TUNNEL_PORT" "$SPOKE_USER"@localhost; then
|
||||
if ssh-copy-id -i "$KEY_PATH.pub" -p "$TUNNEL_PORT" "$SPOKE_USER"@localhost; then
|
||||
info "Key copied."
|
||||
else
|
||||
warn "ssh-copy-id failed — password auth may be disabled on the spoke."
|
||||
@@ -182,7 +166,10 @@ if [[ "${ADD_UNION,,}" == "y" ]]; then
|
||||
1) UPSTREAM_TAG=":ro" ;;
|
||||
2) UPSTREAM_TAG=":nc" ;;
|
||||
3) UPSTREAM_TAG=":writeback" ;;
|
||||
*) warn "Invalid choice, defaulting to full read/write."; UPSTREAM_TAG="" ;;
|
||||
*)
|
||||
warn "Invalid choice, defaulting to full read/write."
|
||||
UPSTREAM_TAG=""
|
||||
;;
|
||||
esac
|
||||
if [ -n "$UNION_PATH" ]; then
|
||||
UPSTREAM="${SPOKE_NAME}-remote:${UNION_PATH}${UPSTREAM_TAG}"
|
||||
@@ -190,7 +177,8 @@ if [[ "${ADD_UNION,,}" == "y" ]]; then
|
||||
UPSTREAM="${SPOKE_NAME}-remote:${UPSTREAM_TAG}"
|
||||
fi
|
||||
if grep -q "^\[${UNION_NAME}\]" "$RCLONE_CONF" 2>/dev/null; then
|
||||
ALREADY=$(python3 - "$RCLONE_CONF" "$UNION_NAME" "${SPOKE_NAME}-remote:" <<'PYEOF'
|
||||
ALREADY=$(
|
||||
python3 - "$RCLONE_CONF" "$UNION_NAME" "${SPOKE_NAME}-remote:" <<'PYEOF'
|
||||
import sys
|
||||
path, section, prefix = sys.argv[1], sys.argv[2], sys.argv[3]
|
||||
with open(path) as f:
|
||||
@@ -267,7 +255,10 @@ else
|
||||
mkdir -p "$(dirname "$CRONTAB_BACKUP")"
|
||||
echo "$EXISTING" >"$CRONTAB_BACKUP"
|
||||
info "Crontab backed up to $CRONTAB_BACKUP"
|
||||
{ echo "$EXISTING"; echo "$CRON_ENTRY"; } | crontab -
|
||||
{
|
||||
echo "$EXISTING"
|
||||
echo "$CRON_ENTRY"
|
||||
} | crontab -
|
||||
info "Auto-mount crontab entry added for ${SPOKE_NAME}."
|
||||
fi
|
||||
info "Starting mount now..."
|
||||
|
||||
Reference in New Issue
Block a user