From d925cd944a16b1ead9eb9159c342673c5f787ef4 Mon Sep 17 00:00:00 2001
From: Justin Oros <JustinOros@gmail.com>
Date: Sat, 18 Apr 2026 14:07:02 -0700
Subject: [PATCH] onboard-spoke.sh: remove comment syntax from manual key
 instructions setup-spoke.sh, setup-network.sh: fix check_permissions false
 alarm on pubkeys, TUNNEL_UP boolean comparison, DNS_YAML trailing newline,
 backup file guard

---
 hub/onboard-spoke.sh   |  4 ++--
 spoke/setup-network.sh | 10 +++++++---
 spoke/setup-spoke.sh   |  8 ++++----
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/hub/onboard-spoke.sh b/hub/onboard-spoke.sh
index 0223783..8349fd2 100755
--- a/hub/onboard-spoke.sh
+++ b/hub/onboard-spoke.sh
@@ -105,8 +105,8 @@ else
     warn "Manually append the hub public key to the spoke's authorized_keys:"
     echo ""
     echo "  cat $KEY_PATH.pub"
-    echo "  # Then on the spoke, append the output to:"
-    echo "  # /home/$SPOKE_USER/.ssh/authorized_keys"
+    echo "  Then on the spoke, append the output to:"
+    echo "  /home/$SPOKE_USER/.ssh/authorized_keys"
     echo ""
     read -rp "Press ENTER once the key has been added to the spoke..."
 fi
diff --git a/spoke/setup-network.sh b/spoke/setup-network.sh
index b744ff5..4eee27c 100755
--- a/spoke/setup-network.sh
+++ b/spoke/setup-network.sh
@@ -78,7 +78,10 @@ DNS_YAML=""
 IFS=',' read -ra DNS_LIST <<< "$DNS_INPUT"
 for DNS in "${DNS_LIST[@]}"; do
     DNS=$(echo "$DNS" | tr -d ' ')
-    DNS_YAML="${DNS_YAML}          - ${DNS}"$'\n'
+    if [ -n "$DNS_YAML" ]; then
+        DNS_YAML="${DNS_YAML}"$'\n'
+    fi
+    DNS_YAML="${DNS_YAML}          - ${DNS}"
 done
 
 info "Current netplan configs:"
@@ -140,7 +143,8 @@ network:
           via: ${GATEWAY}
       nameservers:
         addresses:
-${DNS_YAML}      access-points:
+${DNS_YAML}
+      access-points:
         "${WIFI_SSID}":
           password: "${WIFI_PASS}"
 NETEOF
@@ -182,7 +186,7 @@ if $CONNECTED; then
     info "Network connectivity confirmed — config applied permanently."
 else
     warn "No network connectivity detected after 30 seconds — reverting to backup config."
-    if [ -f "$BACKUP_FILE" ]; then
+    if [ -n "$BACKUP_FILE" ] && [ -f "$BACKUP_FILE" ]; then
         cp "$BACKUP_FILE" "$NETPLAN_FILE"
         netplan apply
         die "Config reverted to backup. Check your settings and try again."
diff --git a/spoke/setup-spoke.sh b/spoke/setup-spoke.sh
index 9721de5..7d99307 100755
--- a/spoke/setup-spoke.sh
+++ b/spoke/setup-spoke.sh
@@ -68,7 +68,7 @@ check_permissions() {
     fi
     local world="${perms: -1}"
     local group="${perms: -2:1}"
-    if [ "$world" != "0" ] || [ "$group" != "0" ]; then
+    if [ "$world" != "0" ]; then
         warn "UNSAFE PERMISSIONS on $label ($file): $perms — should be 600 or 400"
         warn "Fixing permissions automatically..."
         chmod 600 "$file"
@@ -340,7 +340,7 @@ docker build \
     -t spoke-autossh .
 
 header "Starting Containers"
-TUNNEL_UP=false
+TUNNEL_UP="false"
 for ATTEMPT in 1 2 3; do
     docker compose up -d
     info "Waiting for tunnel to establish..."
@@ -359,12 +359,12 @@ for ATTEMPT in 1 2 3; do
             warn "Next port also in use. Waiting before retry..."
         fi
     else
-        TUNNEL_UP=true
+        TUNNEL_UP="true"
         break
     fi
 done
 
-if $TUNNEL_UP; then
+if [ "$TUNNEL_UP" = "true" ]; then
     info "Tunnel is up on port $TUNNEL_PORT."
 else
     die "Tunnel failed after 3 attempts. Run: docker compose down && docker compose up -d"