offboard-spoke.sh: run as root, remove sudo from python3 install

spoke/setup-spoke.sh

@@ -157,12 +157,13 @@ usermod -aG docker "$SPOKE_USER" 2>/dev/null || true
 
 info "Enabling SSH server..."
 SSH_SVC=""
-if systemctl list-unit-files ssh.service >/dev/null 2>&1 && systemctl enable ssh 2>/dev/null; then
+if systemctl list-unit-files ssh.service >/dev/null 2>&1; then
     SSH_SVC="ssh"
-elif systemctl list-unit-files sshd.service >/dev/null 2>&1 && systemctl enable sshd 2>/dev/null; then
+elif systemctl list-unit-files sshd.service >/dev/null 2>&1; then
     SSH_SVC="sshd"
 fi
 if [ -n "$SSH_SVC" ]; then
+    systemctl enable "$SSH_SVC" 2>/dev/null || true
     systemctl start "$SSH_SVC"
 else
     warn "Could not enable SSH service — please start it manually."
@@ -322,14 +323,13 @@ sed -i "s|-R [0-9]*:localhost:22|-R ${TUNNEL_PORT}:localhost:22|g" "$COMPOSE"
 sed -i "s|-i /home/[^ ]*/\.ssh/[^ ]*|-i ${SSH_DIR}/${KEY_NAME}|g" "$COMPOSE"
 sed -i "/known_hosts/!s|/home/[^/]*/\.ssh/[^:]*:/home/[^/]*/\.ssh/[^:]*:ro|${SSH_DIR}/${KEY_NAME}:${SSH_DIR}/${KEY_NAME}:ro|g" "$COMPOSE"
 sed -i "s|/home/[^/]*/\.ssh/known_hosts|${SSH_DIR}/known_hosts|g" "$COMPOSE"
-sed -i "s|[a-zA-Z0-9._-]*@[a-zA-Z0-9._-]*\.[a-zA-Z0-9._-]*$|${HUB_USER}@${HUB_HOST}|g" "$COMPOSE"
+sed -i "s| [a-zA-Z0-9._-]*@[a-zA-Z0-9._-]*\.[a-zA-Z0-9._-]*$| ${HUB_USER}@${HUB_HOST}|g" "$COMPOSE"
 sed -i "s|/home/[^/]*/st:|${SYNCTHING_MOUNT}:|g" "$COMPOSE"
 sed -i "s|PUID=[0-9]*|PUID=${SPOKE_UID}|g" "$COMPOSE"
 sed -i "s|PGID=[0-9]*|PGID=${SPOKE_GID}|g" "$COMPOSE"
 sed -i "s|container_name: spoke-autossh|container_name: ${SPOKE_NAME}-autossh|g" "$COMPOSE"
 sed -i "s|container_name: spoke-syncthing|container_name: ${SPOKE_NAME}-syncthing|g" "$COMPOSE"
 sed -i "s|hostname: spoke-syncthing|hostname: ${SPOKE_NAME}-syncthing|g" "$COMPOSE"
-sed -i '/^version:/d' "$COMPOSE"
 
 
 header "Building Docker Image"
@@ -340,17 +340,34 @@ docker build \
     -t spoke-autossh .
 
 header "Starting Containers"
-docker compose up -d
-info "Waiting for tunnel to establish..."
-sleep 6
+TUNNEL_UP=false
+for ATTEMPT in 1 2 3; do
+    docker compose up -d
+    info "Waiting for tunnel to establish..."
+    sleep 6
+    LOGS=$(docker logs "${SPOKE_NAME}-autossh" 2>&1 || true)
+    if echo "$LOGS" | grep -q "remote port forwarding failed"; then
+        warn "Tunnel failed on attempt $ATTEMPT — port $TUNNEL_PORT may have been taken."
+        docker compose down 2>/dev/null || true
+        NEXT_PORT=$((TUNNEL_PORT + 1))
+        RESULT=$(sudo -u "$SPOKE_USER" ssh -i "$KEY_PATH" "$HUB_USER@$HUB_HOST" "ss -tlnp | grep :$NEXT_PORT" 2>/dev/null || true)
+        if [ -z "$RESULT" ]; then
+            TUNNEL_PORT=$NEXT_PORT
+            warn "Retrying with port $TUNNEL_PORT..."
+            sed -i "s|-R [0-9]*:localhost:22|-R ${TUNNEL_PORT}:localhost:22|g" "$COMPOSE"
+        else
+            warn "Next port also in use. Waiting before retry..."
+        fi
+    else
+        TUNNEL_UP=true
+        break
+    fi
+done
 
-LOGS=$(docker logs "${SPOKE_NAME}-autossh" 2>&1 || true)
-if echo "$LOGS" | grep -q "remote port forwarding failed"; then
-    warn "Tunnel failed — port $TUNNEL_PORT may have been taken between check and connect."
-    warn "Try running: docker compose down && docker compose up -d"
-    warn "Or re-run this script."
-else
+if $TUNNEL_UP; then
     info "Tunnel is up on port $TUNNEL_PORT."
+else
+    die "Tunnel failed after 3 attempts. Run: docker compose down && docker compose up -d"
 fi
 
 header "Setup Complete"