Add provisioner-stage1 script
This commit is contained in:
commit
ff00da29c1
3 changed files with 118 additions and 0 deletions
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
*.env
|
1
Readme.md
Normal file
1
Readme.md
Normal file
|
@ -0,0 +1 @@
|
|||
# Provisioner stage 1
|
116
installer.sh
Executable file
116
installer.sh
Executable file
|
@ -0,0 +1,116 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -o errexit
|
||||
set -o pipefail
|
||||
set -o nounset
|
||||
|
||||
REMOTE_GIT_HOST="git.faercol.me"
|
||||
REMOTE_GIT_PORT="2222"
|
||||
REMOTE_GIT_USER="git"
|
||||
REMOTE_GIT_PUBKEY="[${REMOTE_GIT_HOST}]:${REMOTE_GIT_PORT} ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIMXY7I7Dq9uiBXbqdBX8Q5rdlTNFjGSx0IJxvsxyb9t"
|
||||
|
||||
GITEA_API_HOST="https://git.faercol.me"
|
||||
|
||||
PROVISIONER_DEST="$HOME/.local/provisioner"
|
||||
PROVISIONER_REPO="ssh://$REMOTE_GIT_USER@$REMOTE_GIT_HOST:$REMOTE_GIT_PORT/faercol/provisioner.git"
|
||||
|
||||
|
||||
display_step() {
|
||||
echo -e "\e[94m - $1\e[0m"
|
||||
}
|
||||
|
||||
display_category() {
|
||||
echo -e "\e[34m\e[1m[$1]\e[0m"
|
||||
}
|
||||
|
||||
display_success() {
|
||||
echo -e -e "\e[32m\e[1m$1\e[0m"
|
||||
}
|
||||
|
||||
install_tools() {
|
||||
sudo pacman --noconfirm -S git curl
|
||||
}
|
||||
|
||||
configure_git_access() {
|
||||
display_step "Checking the presence of a SSH keypair"
|
||||
expected_files=("id_ed25519" "id_ecdsa" "id_rsa")
|
||||
used_key=""
|
||||
for expected_file in "${expected_files[@]}"; do
|
||||
if [[ -f "$HOME/.ssh/$expected_file" ]]; then
|
||||
display_step "Using ssh key $expected_file"
|
||||
used_key=$expected_file
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ -z $used_key ]]; then
|
||||
display_step "Creating new ssh keypair id_ed25519"
|
||||
ssh-keygen -t ed25519 -q -f "$HOME/.ssh/id_ed25519"
|
||||
used_key="id_ed25519"
|
||||
fi
|
||||
|
||||
if [[ ! -f "$HOME/.ssh/${used_key}.pub" ]]; then
|
||||
display_step "Private key is present, but public key is missing, generating it"
|
||||
ssh-keygen -q -f "$HOME/.ssh/$used_key" -y > "$HOME/.ssh/${used_key}.pub"
|
||||
fi
|
||||
|
||||
key_val="$(cat "$HOME"/.ssh/"${used_key}".pub)"
|
||||
key_name="$USER-$(cat /etc/hostname)"
|
||||
key_body="{\"key\":\"$key_val\",\"read_only\":false,\"title\":\"$key_name\"}"
|
||||
display_step "Posting public key to gitea API"
|
||||
curl -f -S -o /dev/null -X 'POST' \
|
||||
"${GITEA_API_HOST}/api/v1/user/keys" \
|
||||
-H 'accept: application/json' \
|
||||
-H "Authorization: token ${GITEA_API_TOKEN}" \
|
||||
-H 'Content-Type: application/json' \
|
||||
-d "$key_body"
|
||||
}
|
||||
|
||||
check_git_access() {
|
||||
display_step "Creating correct ssh dir if not present"
|
||||
install -m 0700 -d "${HOME}/.ssh/"
|
||||
touch "${HOME}/.ssh/known_hosts"
|
||||
|
||||
display_step "Checking remote git public key"
|
||||
if grep -q "$REMOTE_GIT_PUBKEY" "${HOME}/.ssh/known_hosts"; then
|
||||
display_step "git host already known, continuing"
|
||||
else
|
||||
display_step "Adding expected remote git server pubkey"
|
||||
echo "$REMOTE_GIT_PUBKEY" >> "${HOME}/.ssh/known_hosts"
|
||||
fi
|
||||
|
||||
display_step "Checking SSH private key"
|
||||
|
||||
set +o errexit
|
||||
ssh -o BatchMode=yes -p "$REMOTE_GIT_PORT" "${REMOTE_GIT_USER}@${REMOTE_GIT_HOST}" > /dev/null 2>&1
|
||||
ssh_returncode=$?
|
||||
set -o errexit
|
||||
|
||||
if [ $ssh_returncode -eq 0 ]; then
|
||||
display_step "Access is allowed to git server, continuing"
|
||||
else
|
||||
display_category "Configuring access to the remote git server"
|
||||
configure_git_access
|
||||
fi
|
||||
}
|
||||
|
||||
download_provisioner() {
|
||||
display_step "Cloning the provisioner to ${PROVISIONER_DEST}"
|
||||
git clone "$PROVISIONER_REPO" "$PROVISIONER_DEST"
|
||||
}
|
||||
|
||||
main() {
|
||||
display_category "Installing necessary tools"
|
||||
install_tools
|
||||
|
||||
display_category "Checking access to the remote git server"
|
||||
check_git_access
|
||||
|
||||
display_category "Downloading and installing the remote installer"
|
||||
download_provisioner
|
||||
|
||||
display_success "Remote installer ready and configured, passing control to it"
|
||||
exec "$PROVISIONER_DEST/provisioner.sh"
|
||||
}
|
||||
|
||||
main
|
Loading…
Reference in a new issue