116 lines
3.3 KiB
Bash
116 lines
3.3 KiB
Bash
|
#!/bin/bash
|
||
|
|
||
|
set -o errexit
|
||
|
set -o pipefail
|
||
|
set -o nounset
|
||
|
|
||
|
REMOTE_GIT_HOST="git.faercol.me"
|
||
|
REMOTE_GIT_PORT="2222"
|
||
|
REMOTE_GIT_USER="git"
|
||
|
REMOTE_GIT_PUBKEY="[${REMOTE_GIT_HOST}]:${REMOTE_GIT_PORT} ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIMXY7I7Dq9uiBXbqdBX8Q5rdlTNFjGSx0IJxvsxyb9t"
|
||
|
|
||
|
GITEA_API_HOST="https://git.faercol.me"
|
||
|
|
||
|
PROVISIONER_DEST="$HOME/.local/provisioner"
|
||
|
PROVISIONER_REPO="ssh://$REMOTE_GIT_USER@$REMOTE_GIT_HOST:$REMOTE_GIT_PORT/faercol/provisioner.git"
|
||
|
|
||
|
|
||
|
display_step() {
|
||
|
echo -e "\e[94m - $1\e[0m"
|
||
|
}
|
||
|
|
||
|
display_category() {
|
||
|
echo -e "\e[34m\e[1m[$1]\e[0m"
|
||
|
}
|
||
|
|
||
|
display_success() {
|
||
|
echo -e -e "\e[32m\e[1m$1\e[0m"
|
||
|
}
|
||
|
|
||
|
install_tools() {
|
||
|
sudo pacman --noconfirm -S git curl
|
||
|
}
|
||
|
|
||
|
configure_git_access() {
|
||
|
display_step "Checking the presence of a SSH keypair"
|
||
|
expected_files=("id_ed25519" "id_ecdsa" "id_rsa")
|
||
|
used_key=""
|
||
|
for expected_file in "${expected_files[@]}"; do
|
||
|
if [[ -f "$HOME/.ssh/$expected_file" ]]; then
|
||
|
display_step "Using ssh key $expected_file"
|
||
|
used_key=$expected_file
|
||
|
break
|
||
|
fi
|
||
|
done
|
||
|
|
||
|
if [[ -z $used_key ]]; then
|
||
|
display_step "Creating new ssh keypair id_ed25519"
|
||
|
ssh-keygen -t ed25519 -q -f "$HOME/.ssh/id_ed25519"
|
||
|
used_key="id_ed25519"
|
||
|
fi
|
||
|
|
||
|
if [[ ! -f "$HOME/.ssh/${used_key}.pub" ]]; then
|
||
|
display_step "Private key is present, but public key is missing, generating it"
|
||
|
ssh-keygen -q -f "$HOME/.ssh/$used_key" -y > "$HOME/.ssh/${used_key}.pub"
|
||
|
fi
|
||
|
|
||
|
key_val="$(cat "$HOME"/.ssh/"${used_key}".pub)"
|
||
|
key_name="$USER-$(cat /etc/hostname)"
|
||
|
key_body="{\"key\":\"$key_val\",\"read_only\":false,\"title\":\"$key_name\"}"
|
||
|
display_step "Posting public key to gitea API"
|
||
|
curl -f -S -o /dev/null -X 'POST' \
|
||
|
"${GITEA_API_HOST}/api/v1/user/keys" \
|
||
|
-H 'accept: application/json' \
|
||
|
-H "Authorization: token ${GITEA_API_TOKEN}" \
|
||
|
-H 'Content-Type: application/json' \
|
||
|
-d "$key_body"
|
||
|
}
|
||
|
|
||
|
check_git_access() {
|
||
|
display_step "Creating correct ssh dir if not present"
|
||
|
install -m 0700 -d "${HOME}/.ssh/"
|
||
|
touch "${HOME}/.ssh/known_hosts"
|
||
|
|
||
|
display_step "Checking remote git public key"
|
||
|
if grep -q "$REMOTE_GIT_PUBKEY" "${HOME}/.ssh/known_hosts"; then
|
||
|
display_step "git host already known, continuing"
|
||
|
else
|
||
|
display_step "Adding expected remote git server pubkey"
|
||
|
echo "$REMOTE_GIT_PUBKEY" >> "${HOME}/.ssh/known_hosts"
|
||
|
fi
|
||
|
|
||
|
display_step "Checking SSH private key"
|
||
|
|
||
|
set +o errexit
|
||
|
ssh -o BatchMode=yes -p "$REMOTE_GIT_PORT" "${REMOTE_GIT_USER}@${REMOTE_GIT_HOST}" > /dev/null 2>&1
|
||
|
ssh_returncode=$?
|
||
|
set -o errexit
|
||
|
|
||
|
if [ $ssh_returncode -eq 0 ]; then
|
||
|
display_step "Access is allowed to git server, continuing"
|
||
|
else
|
||
|
display_category "Configuring access to the remote git server"
|
||
|
configure_git_access
|
||
|
fi
|
||
|
}
|
||
|
|
||
|
download_provisioner() {
|
||
|
display_step "Cloning the provisioner to ${PROVISIONER_DEST}"
|
||
|
git clone "$PROVISIONER_REPO" "$PROVISIONER_DEST"
|
||
|
}
|
||
|
|
||
|
main() {
|
||
|
display_category "Installing necessary tools"
|
||
|
install_tools
|
||
|
|
||
|
display_category "Checking access to the remote git server"
|
||
|
check_git_access
|
||
|
|
||
|
display_category "Downloading and installing the remote installer"
|
||
|
download_provisioner
|
||
|
|
||
|
display_success "Remote installer ready and configured, passing control to it"
|
||
|
exec "$PROVISIONER_DEST/provisioner.sh"
|
||
|
}
|
||
|
|
||
|
main
|