justin/tinyboard
1
0
Fork 0
forked from finn/tinyboard
Code Pull Requests Activity

setup-hub.sh: fix sed delimiter for PasswordAuthentication/PubkeyAuthentication, guard authorized_keys creation, setup-spoke.sh: fix sed delimiter, validate spoke name charset, make find_free_port vars local, offboard-spoke.sh: validate spoke name charset, setup-network.sh: replace brittle SSID grep with python3 regex

Browse Source
This commit is contained in:
Justin Oros
2026-04-18 14:39:01 -07:00
parent 128b41ede9
commit 63197799b8
2 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hub/offboard-spoke.sh
View File

@@ -58,6 +58,7 @@ echo ""
read -rp "Spoke name to offboard: " SPOKE_NAME read -rp "Spoke name to offboard: " SPOKE_NAME
[ -n "$SPOKE_NAME" ] || die "Spoke name cannot be empty" [ -n "$SPOKE_NAME" ] || die "Spoke name cannot be empty"
[[ "$SPOKE_NAME" =~ ^[a-zA-Z0-9._-]+$ ]] || die "Invalid spoke name — use only letters, numbers, dots, underscores, hyphens."
SPOKE_LINE=$(grep "^$SPOKE_NAME " "$REGISTRY" 2>/dev/null || true) SPOKE_LINE=$(grep "^$SPOKE_NAME " "$REGISTRY" 2>/dev/null || true)
[ -n "$SPOKE_LINE" ] || die "Spoke '$SPOKE_NAME' not found in registry." [ -n "$SPOKE_LINE" ] || die "Spoke '$SPOKE_NAME' not found in registry."

16
spoke/setup-spoke.sh
View File

@@ -176,6 +176,7 @@ CURRENT_HOSTNAME=$(hostname)
echo -e "Current hostname: ${YELLOW}$CURRENT_HOSTNAME${NC}" echo -e "Current hostname: ${YELLOW}$CURRENT_HOSTNAME${NC}"
read -rp "Enter a hostname for this spoke (e.g. rocky, gouda, camembert): " SPOKE_NAME read -rp "Enter a hostname for this spoke (e.g. rocky, gouda, camembert): " SPOKE_NAME
SPOKE_NAME="${SPOKE_NAME:-$CURRENT_HOSTNAME}" SPOKE_NAME="${SPOKE_NAME:-$CURRENT_HOSTNAME}"
[[ "$SPOKE_NAME" =~ ^[a-zA-Z0-9._-]+$ ]] || die "Spoke name '$SPOKE_NAME' contains invalid characters. Use only letters, numbers, dots, underscores, hyphens."
hostnamectl set-hostname "$SPOKE_NAME" hostnamectl set-hostname "$SPOKE_NAME"
echo "$SPOKE_NAME" > /etc/hostname echo "$SPOKE_NAME" > /etc/hostname
info "Hostname set to: $SPOKE_NAME" info "Hostname set to: $SPOKE_NAME"
@@ -243,12 +244,12 @@ if [[ "${DISABLE_PASS,,}" == "y" ]]; then
warn "No key found at $KEY_PATH — skipping password auth disable to avoid lockout." warn "No key found at $KEY_PATH — skipping password auth disable to avoid lockout."
else else
if grep -q "^PasswordAuthentication" "$SSHD_CONF"; then if grep -q "^PasswordAuthentication" "$SSHD_CONF"; then
sed -i "s/^PasswordAuthentication.*/PasswordAuthentication no/" "$SSHD_CONF" sed -i "s|^PasswordAuthentication.*|PasswordAuthentication no|" "$SSHD_CONF"
else else
echo "PasswordAuthentication no" >> "$SSHD_CONF" echo "PasswordAuthentication no" >> "$SSHD_CONF"
fi fi
if grep -q "^PubkeyAuthentication" "$SSHD_CONF"; then if grep -q "^PubkeyAuthentication" "$SSHD_CONF"; then
sed -i "s/^PubkeyAuthentication.*/PubkeyAuthentication yes/" "$SSHD_CONF" sed -i "s|^PubkeyAuthentication.*|PubkeyAuthentication yes|" "$SSHD_CONF"
else else
echo "PubkeyAuthentication yes" >> "$SSHD_CONF" echo "PubkeyAuthentication yes" >> "$SSHD_CONF"
fi fi
@@ -297,13 +298,14 @@ info "Scanning for a free port on $HUB_HOST starting from $START_PORT..."
find_free_port() { find_free_port() {
local start="$1" local start="$1"
for PORT in $(seq "$start" $((start + 99))); do local port result
RESULT=$(sudo -u "$SPOKE_USER" ssh -i "$KEY_PATH" "$HUB_USER@$HUB_HOST" "ss -tlnp | grep :$PORT" 2>/dev/null || true) for port in $(seq "$start" $((start + 99))); do
if [ -z "$RESULT" ]; then result=$(sudo -u "$SPOKE_USER" ssh -i "$KEY_PATH" "$HUB_USER@$HUB_HOST" "ss -tlnp | grep :$port" 2>/dev/null || true)
echo "$PORT" if [ -z "$result" ]; then
echo "$port"
return 0 return 0
fi fi
warn "Port $PORT is in use, trying next..." warn "Port $port is in use, trying next..."
done done
return 1 return 1
} }