justin/tinyboard
1
0
Fork 0
forked from finn/tinyboard
Code Pull Requests Activity

Compare commits

base: justin:7bdafd316cbe49ed149a898fa67e359b17198ae3
Branches Tags
justin:master finn:master
...
compare: justin:c86dca283f59ec75ea593fca6410780b52ddf458
Branches Tags
justin:master finn:master

3 Commits
7bdafd316c ... c86dca283f

Author SHA1 Message Date
Justin Oros
c86dca283f add retry or abort prompt to all connection tests 2026-04-16 09:30:47 -07:00
Justin Oros
9015ff46c9 fix root check to use if block instead of fragile && chain 2026-04-16 09:23:36 -07:00
Justin Oros
87c08fb543 fix known_hosts ownership, ssh dir creation, and root user guard 2026-04-16 09:22:19 -07:00
2 changed files with 59 additions and 16 deletions
Expand all files Collapse all files

43
hub/onboard-spoke.sh
View File

@@ -4,12 +4,40 @@ set -euo pipefail
RCLONE_CONF="${HOME}/.config/rclone/rclone.conf" RCLONE_CONF="${HOME}/.config/rclone/rclone.conf"
SSH_DIR="${HOME}/.ssh" SSH_DIR="${HOME}/.ssh"
if [ "$(id -u)" -eq 0 ]; then
echo -e "\033[0;31m[WARNING]\033[0m Running as root — keys will be written to /root/.ssh. Run as armbian instead."
exit 1
fi
mkdir -p "$SSH_DIR"
touch "$SSH_DIR/known_hosts"
chmod 700 "$SSH_DIR"
chmod 600 "$SSH_DIR/known_hosts"
RED='\033[0;31m' RED='\033[0;31m'
GREEN='\033[0;32m' GREEN='\033[0;32m'
YELLOW='\033[1;33m' YELLOW='\033[1;33m'
CYAN='\033[0;36m' CYAN='\033[0;36m'
NC='\033[0m' NC='\033[0m'
retry_or_abort() {
local test_cmd="$1"
local fail_msg="$2"
while true; do
if eval "$test_cmd" 2>/dev/null; then
return 0
fi
echo ""
warn "$fail_msg"
echo -e " ${YELLOW}[R]${NC} Retry ${RED}[A]${NC} Abort"
read -rp "Choice: " CHOICE
case "${CHOICE,,}" in
r) info "Retrying..." ;;
a) die "Aborted." ;;
*) warn "Press R to retry or A to abort." ;;
esac
done
}
info() { echo -e "${GREEN}[+]${NC} $*"; } info() { echo -e "${GREEN}[+]${NC} $*"; }
warn() { echo -e "${YELLOW}[!]${NC} $*"; } warn() { echo -e "${YELLOW}[!]${NC} $*"; }
die() { echo -e "${RED}[ERROR]${NC} $*" >&2; exit 1; } die() { echo -e "${RED}[ERROR]${NC} $*" >&2; exit 1; }
@@ -36,11 +64,9 @@ KEYSCAN=$(ssh-keyscan -p "$TUNNEL_PORT" -H localhost 2>/dev/null)
echo "$KEYSCAN" >> "$SSH_DIR/known_hosts" echo "$KEYSCAN" >> "$SSH_DIR/known_hosts"
info "Verifying spoke is reachable on port $TUNNEL_PORT..." info "Verifying spoke is reachable on port $TUNNEL_PORT..."
if ssh -o BatchMode=yes -o ConnectTimeout=10 -p "$TUNNEL_PORT" armbian@localhost exit 2>/dev/null; then retry_or_abort \
info "Spoke is reachable." "ssh -o BatchMode=yes -o ConnectTimeout=10 -p \"$TUNNEL_PORT\" armbian@localhost exit" \
else "Spoke not reachable on port $TUNNEL_PORT. Make sure the tunnel is up."
warn "Could not verify spoke without a key yet — proceeding to key setup."
fi
header "Generating Hub SSH Key" header "Generating Hub SSH Key"
if [ -f "$KEY_PATH" ]; then if [ -f "$KEY_PATH" ]; then
@@ -57,11 +83,10 @@ ssh-copy-id -i "$KEY_PATH.pub" -p "$TUNNEL_PORT" armbian@localhost
info "Key copied." info "Key copied."
header "Testing Hub -> Spoke Key Auth" header "Testing Hub -> Spoke Key Auth"
if ssh -i "$KEY_PATH" -o BatchMode=yes -o ConnectTimeout=10 -p "$TUNNEL_PORT" armbian@localhost exit 2>/dev/null; then retry_or_abort \
"ssh -i \"$KEY_PATH\" -o BatchMode=yes -o ConnectTimeout=10 -p \"$TUNNEL_PORT\" armbian@localhost exit" \
"Key auth failed. Check authorized_keys on the spoke."
info "Key auth to spoke successful." info "Key auth to spoke successful."
else
die "Key auth failed. Check authorized_keys on the spoke."
fi
header "Adding rclone Remote" header "Adding rclone Remote"
if grep -q "\[${SPOKE_NAME}-remote\]" "$RCLONE_CONF" 2>/dev/null; then if grep -q "\[${SPOKE_NAME}-remote\]" "$RCLONE_CONF" 2>/dev/null; then

30
setup.sh
View File

@@ -16,6 +16,25 @@ YELLOW='\033[1;33m'
CYAN='\033[0;36m' CYAN='\033[0;36m'
NC='\033[0m' NC='\033[0m'
retry_or_abort() {
local test_cmd="$1"
local fail_msg="$2"
while true; do
if eval "$test_cmd" 2>/dev/null; then
return 0
fi
echo ""
warn "$fail_msg"
echo -e " ${YELLOW}[R]${NC} Retry ${RED}[A]${NC} Abort"
read -rp "Choice: " CHOICE
case "${CHOICE,,}" in
r) info "Retrying..." ;;
a) die "Aborted." ;;
*) warn "Press R to retry or A to abort." ;;
esac
done
}
info() { echo -e "${GREEN}[+]${NC} $*"; } info() { echo -e "${GREEN}[+]${NC} $*"; }
warn() { echo -e "${YELLOW}[!]${NC} $*"; } warn() { echo -e "${YELLOW}[!]${NC} $*"; }
die() { echo -e "${RED}[ERROR]${NC} $*" >&2; exit 1; } die() { echo -e "${RED}[ERROR]${NC} $*" >&2; exit 1; }
@@ -100,17 +119,16 @@ case "$KEY_CHOICE" in
esac esac
info "Scanning hub host key..." info "Scanning hub host key..."
sudo -u armbian ssh-keyscan -H "$HUB_HOST" >> "$SSH_DIR/known_hosts" 2>/dev/null sudo -u armbian touch "$SSH_DIR/known_hosts"
chown armbian:armbian "$SSH_DIR/known_hosts" chown armbian:armbian "$SSH_DIR/known_hosts"
chmod 600 "$SSH_DIR/known_hosts" chmod 600 "$SSH_DIR/known_hosts"
sudo -u armbian ssh-keyscan -H "$HUB_HOST" >> "$SSH_DIR/known_hosts" 2>/dev/null
header "Testing SSH Connection" header "Testing SSH Connection"
info "Testing connection to $HUB_HOST..." info "Testing connection to $HUB_HOST..."
if sudo -u armbian ssh -i "$KEY_PATH" -o BatchMode=yes -o ConnectTimeout=10 "$HUB_USER@$HUB_HOST" exit 2>/dev/null; then retry_or_abort \
info "SSH connection successful." "sudo -u armbian ssh -i \"$KEY_PATH\" -o BatchMode=yes -o ConnectTimeout=10 \"$HUB_USER@$HUB_HOST\" exit" \
else "SSH connection to $HUB_HOST failed. Check that finn added your public key."
die "SSH connection to $HUB_HOST failed. Check that finn added your public key."
fi
header "Finding Available Tunnel Port" header "Finding Available Tunnel Port"
info "Scanning for a free port on $HUB_HOST starting from $START_PORT..." info "Scanning for a free port on $HUB_HOST starting from $START_PORT..."