From ff00da29c138232f30ed0108c90b9e68302002f1 Mon Sep 17 00:00:00 2001 From: Melora Hugues Date: Sat, 23 Sep 2023 14:05:01 +0200 Subject: [PATCH] Add provisioner-stage1 script --- .gitignore | 1 + Readme.md | 1 + installer.sh | 116 +++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 118 insertions(+) create mode 100644 .gitignore create mode 100644 Readme.md create mode 100755 installer.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4f509e5 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.env \ No newline at end of file diff --git a/Readme.md b/Readme.md new file mode 100644 index 0000000..a4f2b14 --- /dev/null +++ b/Readme.md @@ -0,0 +1 @@ +# Provisioner stage 1 \ No newline at end of file diff --git a/installer.sh b/installer.sh new file mode 100755 index 0000000..e4556f9 --- /dev/null +++ b/installer.sh @@ -0,0 +1,116 @@ +#!/bin/bash + +set -o errexit +set -o pipefail +set -o nounset + +REMOTE_GIT_HOST="git.faercol.me" +REMOTE_GIT_PORT="2222" +REMOTE_GIT_USER="git" +REMOTE_GIT_PUBKEY="[${REMOTE_GIT_HOST}]:${REMOTE_GIT_PORT} ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIMXY7I7Dq9uiBXbqdBX8Q5rdlTNFjGSx0IJxvsxyb9t" + +GITEA_API_HOST="https://git.faercol.me" + +PROVISIONER_DEST="$HOME/.local/provisioner" +PROVISIONER_REPO="ssh://$REMOTE_GIT_USER@$REMOTE_GIT_HOST:$REMOTE_GIT_PORT/faercol/provisioner.git" + + +display_step() { + echo -e "\e[94m - $1\e[0m" +} + +display_category() { + echo -e "\e[34m\e[1m[$1]\e[0m" +} + +display_success() { + echo -e -e "\e[32m\e[1m$1\e[0m" +} + +install_tools() { + sudo pacman --noconfirm -S git curl +} + +configure_git_access() { + display_step "Checking the presence of a SSH keypair" + expected_files=("id_ed25519" "id_ecdsa" "id_rsa") + used_key="" + for expected_file in "${expected_files[@]}"; do + if [[ -f "$HOME/.ssh/$expected_file" ]]; then + display_step "Using ssh key $expected_file" + used_key=$expected_file + break + fi + done + + if [[ -z $used_key ]]; then + display_step "Creating new ssh keypair id_ed25519" + ssh-keygen -t ed25519 -q -f "$HOME/.ssh/id_ed25519" + used_key="id_ed25519" + fi + + if [[ ! -f "$HOME/.ssh/${used_key}.pub" ]]; then + display_step "Private key is present, but public key is missing, generating it" + ssh-keygen -q -f "$HOME/.ssh/$used_key" -y > "$HOME/.ssh/${used_key}.pub" + fi + + key_val="$(cat "$HOME"/.ssh/"${used_key}".pub)" + key_name="$USER-$(cat /etc/hostname)" + key_body="{\"key\":\"$key_val\",\"read_only\":false,\"title\":\"$key_name\"}" + display_step "Posting public key to gitea API" + curl -f -S -o /dev/null -X 'POST' \ + "${GITEA_API_HOST}/api/v1/user/keys" \ + -H 'accept: application/json' \ + -H "Authorization: token ${GITEA_API_TOKEN}" \ + -H 'Content-Type: application/json' \ + -d "$key_body" +} + +check_git_access() { + display_step "Creating correct ssh dir if not present" + install -m 0700 -d "${HOME}/.ssh/" + touch "${HOME}/.ssh/known_hosts" + + display_step "Checking remote git public key" + if grep -q "$REMOTE_GIT_PUBKEY" "${HOME}/.ssh/known_hosts"; then + display_step "git host already known, continuing" + else + display_step "Adding expected remote git server pubkey" + echo "$REMOTE_GIT_PUBKEY" >> "${HOME}/.ssh/known_hosts" + fi + + display_step "Checking SSH private key" + + set +o errexit + ssh -o BatchMode=yes -p "$REMOTE_GIT_PORT" "${REMOTE_GIT_USER}@${REMOTE_GIT_HOST}" > /dev/null 2>&1 + ssh_returncode=$? + set -o errexit + + if [ $ssh_returncode -eq 0 ]; then + display_step "Access is allowed to git server, continuing" + else + display_category "Configuring access to the remote git server" + configure_git_access + fi +} + +download_provisioner() { + display_step "Cloning the provisioner to ${PROVISIONER_DEST}" + git clone "$PROVISIONER_REPO" "$PROVISIONER_DEST" +} + +main() { + display_category "Installing necessary tools" + install_tools + + display_category "Checking access to the remote git server" + check_git_access + + display_category "Downloading and installing the remote installer" + download_provisioner + + display_success "Remote installer ready and configured, passing control to it" + exec "$PROVISIONER_DEST/provisioner.sh" +} + +main \ No newline at end of file