onboard-spoke.sh: remove comment syntax from manual key instructions

setup-spoke.sh, setup-network.sh: fix check_permissions false alarm on pubkeys, TUNNEL_UP boolean comparison, DNS_YAML trailing newline, backup file guard
2026-04-18 14:07:02 -07:00
parent 74e1a9d1a0
commit d925cd944a
3 changed files with 13 additions and 9 deletions
--- a/hub/onboard-spoke.sh
+++ b/hub/onboard-spoke.sh
@@ -105,8 +105,8 @@ else
    warn "Manually append the hub public key to the spoke's authorized_keys:"
    echo ""
    echo "  cat $KEY_PATH.pub"
-    echo "  # Then on the spoke, append the output to:"
-    echo "  # /home/$SPOKE_USER/.ssh/authorized_keys"
+    echo "  Then on the spoke, append the output to:"
+    echo "  /home/$SPOKE_USER/.ssh/authorized_keys"
    echo ""
    read -rp "Press ENTER once the key has been added to the spoke..."
 fi
--- a/spoke/setup-network.sh
+++ b/spoke/setup-network.sh
@@ -78,7 +78,10 @@ DNS_YAML=""
 IFS=',' read -ra DNS_LIST <<< "$DNS_INPUT"
 for DNS in "${DNS_LIST[@]}"; do
    DNS=$(echo "$DNS" | tr -d ' ')
-    DNS_YAML="${DNS_YAML}          - ${DNS}"$'\n'
+    if [ -n "$DNS_YAML" ]; then
+        DNS_YAML="${DNS_YAML}"$'\n'
+    fi
+    DNS_YAML="${DNS_YAML}          - ${DNS}"
 done

 info "Current netplan configs:"
@@ -140,7 +143,8 @@ network:
          via: ${GATEWAY}
      nameservers:
        addresses:
-${DNS_YAML}      access-points:
+${DNS_YAML}
+      access-points:
        "${WIFI_SSID}":
          password: "${WIFI_PASS}"
 NETEOF
@@ -182,7 +186,7 @@ if $CONNECTED; then
    info "Network connectivity confirmed — config applied permanently."
 else
    warn "No network connectivity detected after 30 seconds — reverting to backup config."
-    if [ -f "$BACKUP_FILE" ]; then
+    if [ -n "$BACKUP_FILE" ] && [ -f "$BACKUP_FILE" ]; then
        cp "$BACKUP_FILE" "$NETPLAN_FILE"
        netplan apply
        die "Config reverted to backup. Check your settings and try again."
--- a/spoke/setup-spoke.sh
+++ b/spoke/setup-spoke.sh
@@ -68,7 +68,7 @@ check_permissions() {
    fi
    local world="${perms: -1}"
    local group="${perms: -2:1}"
-    if [ "$world" != "0" ] || [ "$group" != "0" ]; then
+    if [ "$world" != "0" ]; then
        warn "UNSAFE PERMISSIONS on $label ($file): $perms — should be 600 or 400"
        warn "Fixing permissions automatically..."
        chmod 600 "$file"
@@ -340,7 +340,7 @@ docker build \
    -t spoke-autossh .

 header "Starting Containers"
-TUNNEL_UP=false
+TUNNEL_UP="false"
 for ATTEMPT in 1 2 3; do
    docker compose up -d
    info "Waiting for tunnel to establish..."
@@ -359,12 +359,12 @@ for ATTEMPT in 1 2 3; do
            warn "Next port also in use. Waiting before retry..."
        fi
    else
-        TUNNEL_UP=true
+        TUNNEL_UP="true"
        break
    fi
 done

-if $TUNNEL_UP; then
+if [ "$TUNNEL_UP" = "true" ]; then
    info "Tunnel is up on port $TUNNEL_PORT."
 else
    die "Tunnel failed after 3 attempts. Run: docker compose down && docker compose up -d"