Add provisioner-stage1 script

2023-09-23 14:05:01 +02:00 · 2023-09-23 14:05:01 +02:00 · ff00da29c1
commit ff00da29c1
3 changed files with 118 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+*.env
--- a/Readme.md
+++ b/Readme.md
@ -0,0 +1 @@
+# Provisioner stage 1
--- a/installer.sh
+++ b/installer.sh
@ -0,0 +1,116 @@
+#!/bin/bash
+
+set -o errexit
+set -o pipefail
+set -o nounset
+
+REMOTE_GIT_HOST="git.faercol.me"
+REMOTE_GIT_PORT="2222"
+REMOTE_GIT_USER="git"
+REMOTE_GIT_PUBKEY="[${REMOTE_GIT_HOST}]:${REMOTE_GIT_PORT} ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIMXY7I7Dq9uiBXbqdBX8Q5rdlTNFjGSx0IJxvsxyb9t"
+
+GITEA_API_HOST="https://git.faercol.me"
+
+PROVISIONER_DEST="$HOME/.local/provisioner"
+PROVISIONER_REPO="ssh://$REMOTE_GIT_USER@$REMOTE_GIT_HOST:$REMOTE_GIT_PORT/faercol/provisioner.git"
+
+
+display_step() {
+    echo -e "\e[94m  - $1\e[0m"
+}
+
+display_category() {
+    echo -e "\e[34m\e[1m[$1]\e[0m"
+}
+
+display_success() {
+    echo -e -e "\e[32m\e[1m$1\e[0m"
+}
+
+install_tools() {
+    sudo pacman --noconfirm -S git curl
+}
+
+configure_git_access() {
+    display_step "Checking the presence of a SSH keypair"
+    expected_files=("id_ed25519" "id_ecdsa" "id_rsa")
+    used_key=""
+    for expected_file in "${expected_files[@]}"; do
+        if [[ -f "$HOME/.ssh/$expected_file" ]]; then
+            display_step "Using ssh key $expected_file"
+            used_key=$expected_file
+            break
+        fi
+    done
+
+    if [[ -z $used_key ]]; then
+        display_step "Creating new ssh keypair id_ed25519"
+        ssh-keygen -t ed25519 -q -f "$HOME/.ssh/id_ed25519"
+        used_key="id_ed25519"
+    fi
+
+    if [[ ! -f "$HOME/.ssh/${used_key}.pub" ]]; then
+        display_step "Private key is present, but public key is missing, generating it"
+        ssh-keygen -q -f "$HOME/.ssh/$used_key" -y > "$HOME/.ssh/${used_key}.pub"
+    fi
+
+    key_val="$(cat "$HOME"/.ssh/"${used_key}".pub)"
+    key_name="$USER-$(cat /etc/hostname)"
+    key_body="{\"key\":\"$key_val\",\"read_only\":false,\"title\":\"$key_name\"}"
+    display_step "Posting public key to gitea API"
+    curl -f -S -o /dev/null -X 'POST' \
+  "${GITEA_API_HOST}/api/v1/user/keys" \
+  -H 'accept: application/json' \
+  -H "Authorization: token ${GITEA_API_TOKEN}" \
+  -H 'Content-Type: application/json' \
+  -d "$key_body"
+}
+
+check_git_access() {
+    display_step "Creating correct ssh dir if not present"
+    install -m 0700 -d "${HOME}/.ssh/"
+    touch "${HOME}/.ssh/known_hosts"
+
+    display_step "Checking remote git public key"
+    if grep -q "$REMOTE_GIT_PUBKEY" "${HOME}/.ssh/known_hosts"; then
+        display_step "git host already known, continuing"
+    else
+        display_step "Adding expected remote git server pubkey"
+        echo "$REMOTE_GIT_PUBKEY" >> "${HOME}/.ssh/known_hosts"
+    fi
+
+    display_step "Checking SSH private key"
+
+    set +o errexit
+    ssh -o BatchMode=yes -p "$REMOTE_GIT_PORT" "${REMOTE_GIT_USER}@${REMOTE_GIT_HOST}" > /dev/null 2>&1
+    ssh_returncode=$?
+    set -o errexit
+
+    if [ $ssh_returncode -eq 0 ]; then
+        display_step "Access is allowed to git server, continuing"
+    else
+        display_category "Configuring access to the remote git server"
+        configure_git_access
+    fi
+}
+
+download_provisioner() {
+    display_step "Cloning the provisioner to ${PROVISIONER_DEST}"
+    git clone "$PROVISIONER_REPO" "$PROVISIONER_DEST"
+}
+
+main() {
+    display_category "Installing necessary tools"
+    install_tools
+
+    display_category "Checking access to the remote git server"
+    check_git_access
+
+    display_category "Downloading and installing the remote installer"
+    download_provisioner
+
+    display_success "Remote installer ready and configured, passing control to it"
+    exec "$PROVISIONER_DEST/provisioner.sh"
+}
+
+main