justin/tinyboard
1
0
Fork 0
forked from finn/tinyboard
Code Pull Requests Activity
78 Commits 1 Branch 0 Tags
master
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Justin Oros 8ee67739f7 Update readme
2026-04-16 16:04:43 -07:00
hub
remove stale crontab dep from setup-hub.sh
2026-04-16 14:08:20 -07:00
spoke
remove spoke/README.md
2026-04-16 15:03:47 -07:00
README.md
Update readme
2026-04-16 16:04:43 -07:00
setup.sh
add option 0 to reconfigure network via setup.sh
2026-04-16 15:59:35 -07:00

README.md

TinyBoard

A hub-spoke architecture for secure file sharing over SSH tunnels using autossh and rclone.

Spokes are ARM devices (e.g. OrangePi, Raspberry Pi) running Armbian that establish reverse SSH tunnels to a central hub server. The hub mounts spoke filesystems via SFTP using rclone, making files accessible across all devices without exposing them to the internet.

Quickstart

Setting up a new Hub

On a fresh Debian/Ubuntu VPS or server:

apt install git
git clone https://gut.oily.dad/justin/tinyboard
cd tinyboard
./setup.sh   # option 4 (setup new hub)

Setting up a new Spoke

On a fresh Armbian device:

  1. Modify spoke/armbian.not_logged_in_yet accordingly, then drop it onto the SD card as /root/.not_logged_in_yet before first boot (WiFi credentials) — see Armbian Autoconfig docs
  2. Boot, SSH in as root
  3. Run:
apt install git
git clone https://gut.oily.dad/justin/tinyboard
cd tinyboard
./setup.sh   # option 0 (configure network)
./setup.sh   # option 1 (configure new spoke)

Onboarding a Spoke from the Hub

Once the spoke tunnel is up, run on the hub:

cd tinyboard
./setup.sh   # option 2 (onboard spoke)

Offboarding a Spoke from the Hub

cd tinyboard
./setup.sh   # option 3 (offboard spoke)

Architecture

  [ Spoke ]                        [ Hub ]
  OrangePi / RPi                   VPS / Server
  Armbian                          Any Linux

  autossh container  ──────────►  sshd (GatewayPorts)
  reverse tunnel                   port 111xx

                                   rclone SFTP mount
                                   ~/mnt/<spoke-name>/

Spokes initiate outbound SSH connections to the hub, creating reverse tunnels. The hub then uses rclone to mount each spoke's filesystem over SFTP through the tunnel. No inbound ports need to be open on the spoke.

Directory Structure

tinyboard/
├── setup.sh                  ← entry point
├── spoke/
│   ├── setup-network.sh      ← configure static IP before setup
│   ├── setup-spoke.sh        ← automated spoke setup
│   ├── compose.yaml          ← Docker Compose for autossh + syncthing
│   ├── Dockerfile            ← autossh container
│   └── armbian.not_logged_in_yet ← Armbian first-boot WiFi config template
└── hub/
    ├── setup-hub.sh          ← automated hub setup
    ├── onboard-spoke.sh      ← add a new spoke to the hub
    └── offboard-spoke.sh     ← remove a spoke from the hub

Setup Scripts

setup.sh

Entry point. Presents a menu: 0. Reconfigure network (static IP via netplan — SSH session will drop, reconnect)

  1. Set up this device as a new spoke
  2. Onboard a new spoke from the hub
  3. Offboard a spoke from the hub
  4. Set up this device as a new hub

spoke/setup-network.sh

Run as root on a new spoke before setup.sh. Configures a static IP via netplan. Supports both WiFi and wired interfaces. Automatically reverts if network connectivity is lost after applying the new config.

spoke/setup-spoke.sh

Run as root on a new spoke. Handles:

  • Package installation (apt/dnf/yum/pacman)
  • Docker installation
  • SSH server setup
  • Hostname configuration
  • SSH key generation and hub authorization
  • Tunnel port auto-detection on the hub
  • Docker image build and container start
  • Optional password auth disable

hub/setup-hub.sh

Run as root on a new hub server. Handles:

  • Package installation (apt/dnf/yum/pacman)
  • rclone installation
  • Hub user creation
  • SSH server configuration (GatewayPorts, AllowTcpForwarding)
  • FUSE configuration
  • rclone config directory setup
  • Optional password auth disable

hub/onboard-spoke.sh

Run as the hub user after a spoke connects. Handles:

  • SSH key generation and deployment to spoke
  • rclone remote configuration
  • Spoke registration in ~/.config/tinyboard/spokes
  • Per-spoke crontab entry for auto-mount on reboot

hub/offboard-spoke.sh

Run as the hub user to remove a spoke. Handles:

  • Unmounting the spoke filesystem
  • Removing the crontab entry
  • Removing the rclone remote
  • Optionally removing the hub SSH key
  • Removing from the spoke registry

Spoke Registry

The hub maintains a registry of connected spokes at ~/.config/tinyboard/spokes:

rocky  11113  /home/armbian/.ssh/armbian-rocky-202504  /home/armbian/mnt/rocky
gouda  11114  /home/armbian/.ssh/armbian-gouda-202504  /home/armbian/mnt/gouda

Each spoke gets its own mount point at ~/mnt/<spoke-name>/ and a dedicated rclone crontab entry.

Security

  • All communication is over SSH tunnels — no spoke ports exposed to the internet
  • SSH keys are used for all authentication
  • Scripts check and auto-fix unsafe file permissions (600/400)
  • Password authentication can be disabled during setup
  • Scripts refuse to disable password auth if no authorized keys are present (lockout prevention)
  • Netplan changes are verified with a 30-second connectivity check before being made permanent

Sensitive Files

Before committing, ensure the following do not contain real credentials:

  • spoke/armbian.not_logged_in_yet — contains WiFi SSID, password, and user passwords

Troubleshooting

apt update fails with beta.armbian.com error

On some Armbian images, a beta apt repository is enabled by default and may cause apt update to fail. Comment it out:

grep -r "beta.armbian" /etc/apt/sources.list /etc/apt/sources.list.d/

Open the file that contains it (usually /etc/apt/sources.list.d/armbian.sources) and comment out or remove the line referencing beta.armbian.com, then run apt update again.

Requirements

Spoke: Armbian (Debian-based), ARM device, Docker, autossh, git

Hub: Any Linux server (Debian/Ubuntu/RHEL/Arch), rclone, fuse, openssh-server

View Git Blame Copy Permalink
Description
No description provided
Readme 256 KiB
Languages
Shell 98.8%
Dockerfile 1.2%