From ded4b31dbb674a1896a760e30be56888f8036826 Mon Sep 17 00:00:00 2001 From: Kevin Baensch Date: Thu, 22 Dec 2022 17:16:05 +0100 Subject: [PATCH] Update setup script. --- setup.sh | 134 ++++++++++++++++++++++++++++++++++++++++++++++ sqlproxy_setup.sh | 65 ---------------------- 2 files changed, 134 insertions(+), 65 deletions(-) create mode 100755 setup.sh delete mode 100755 sqlproxy_setup.sh diff --git a/setup.sh b/setup.sh new file mode 100755 index 0000000..92e9113 --- /dev/null +++ b/setup.sh @@ -0,0 +1,134 @@ +#!/usr/bin/env bash +set -e +PROJECT_PATH=$(dirname $0) +WHOAMI="$(id -un)" + +if [ $(id -u) -eq 0 ] +then + printf 'Do not run this script as root.\n' + exit 1 +fi + +check() { + read -r -p "$1" ANSWER + if [[ "${ANSWER}" =~ ^[Yy] ]] + then + return 0 + fi + return 1 +} + +setup_base() { + mkdir -p "${PROJECT_PATH}/config" "${PROJECT_PATH}/caddy_data" + if [ "$(uname -s)" = 'Darwin' ] && [ ! -w '/etc/hosts' ] + then + printf 'On MacOS docker is run by your local user (not root).\nYour user has no write permission for "/etc/hosts".\nRunning: "sudo chown %s /etc/hosts"\n' "${WHOAMI}" + if check 'Continue? [Y/n] ' + then + sudo chown "${WHOAMI}" '/etc/hosts' + else + printf 'Setup Aborted!\n' + exit 1 + fi + fi +} + +setup_myssh() { + # Always copy newest version to bin + mkdir -p "${HOME}/bin" + cp "${PROJECT_PATH}/script/myssh" "${HOME}/bin/myssh" + + # Detect Shell Init Path + if [[ "${SHELL}" =~ bin/bash$ ]] + then + RC_FILE=".bashrc" + elif [[ "${SHELL}" =~ bin/zsh$ ]] + then + RC_FILE=".zshrc" + else + printf 'Unable to detect Shell Configuration.\nPlease add %s to your PATH variable.\n' "${HOME}/bin" + return 0 + fi + + touch "${HOME}/${RC_FILE}" + + if [ -f "${HOME}/${RC_FILE}" ] && [[ ! "${PATH}" =~ "${HOME}/bin" ]] && ! grep -qe '^PATH="${PATH}:${HOME}/bin"$' "${HOME}/${RC_FILE}" 2> /dev/null + then + printf 'PATH="${PATH}:${HOME}/bin"\n' >> "${HOME}/${RC_FILE}" + fi +} + +setup_sqlproxy() { + if [ ! -f "${PROJECT_PATH}/etc/ssh/ssh_host_ed25519_key" ] + then + printf "Generating sqlproxy SSHD keys\n" + ssh-keygen -f "${PROJECT_PATH}" -A + fi + + if check 'Auto generate client keys+config? [Y/n] ' + then + mkdir -p "${HOME}/.ssh" + read -r -p 'Key Name (default: sqlproxy): ' KEY_NAME + KEY_NAME="${KEY_NAME:-sqlproxy}" + + # Only add key if it does not already exist + if [ ! -f "${HOME}/.ssh/${KEY_NAME}" ] + then + ssh-keygen -t ed25519 -f "${HOME}/.ssh/${KEY_NAME}" -C "$(date +'%Y.%m.%d')_${WHOAMI}@${HOSTNAME}" + else + printf 'Key "%s" already exists. Using existing key.\n' "${HOME}/.ssh/${KEY_NAME}" + fi + + read -r -p 'Target Host (default: "localhost"): ' HOST_NAME + HOST_NAME="${HOST_NAME:-localhost}" + + # Check if there is an entry for $HOST_NAME in the users ssh config + if ! grep -qe "$(printf '^Host %s$' "${HOST_NAME}")" "${HOME}/.ssh/config" 2>/dev/null + then + printf '\nHost %s\n Port 3022\n User sqlproxy\n IdentityFile ~/.ssh/%s' "${HOST_NAME}" "${KEY_NAME}" >> "${HOME}/.ssh/config" + else + printf 'User ssh configuration located in "%s" already has a configuration for host "%s".\nMake sure your configuration matches the following:\n' "${HOME}/.ssh/config" "${HOST_NAME}" + printf '"""\nHost %s\n Port 3022\n User sqlproxy\n IdentityFile ~/.ssh/%s\n"""\n' "${HOST_NAME}" "${KEY_NAME}" + fi + + # Fix permssions if necessary + if [[ ! -w "${PROJECT_PATH}/etc/ssh/.ssh" ]] || [[ ! -w "${PROJECT_PATH}/etc/ssh/.ssh/authorized_keys" ]] + then + printf 'Missing file permissions for authorized key file\nrunning: "sudo chown -R %s %s"\n' "${WHOAMI}:${WHOAMI}" "${PROJECT_PATH}" + if check 'Continue? [Y/n] ' + then + sudo chown -R "${WHOAMI}:${WHOAMI}" "${PROJECT_PATH}" + else + printf 'Setup Aborted!\n' + exit 1 + fi + fi + + # Check if public key is already in the containers authorized_keys file + PUB_KEY="$(cat ${HOME}/.ssh/${KEY_NAME}.pub)" + if ! grep -qe "$(printf '%s$' "${PUB_KEY}")" "${PROJECT_PATH}/etc/ssh/.ssh/authorized_keys" + then + printf 'command="/sqlproxy_cli.sh" %s' "${PUB_KEY}" >> "${PROJECT_PATH}/etc/ssh/.ssh/authorized_keys" + fi + # Restart sshd if permissions were changed + if [ ! -z "${WHOAMI}" ] + then + printf 'Restarting sql proxy (if running) to fix permissions.\n' + docker compose --project-directory "${PROJECT_PATH}" -f "${PROJECT_PATH}/docker-compose.yml" -f "${PROJECT_PATH}/docker-compose-sqlproxy.yml" restart sshd + fi + else + printf 'Not generating client ssh key.\nPlease put your desired public keys into %s\nAlso add %s in front of your key\n' "${PROJECT_PATH}/etc/ssh/.ssh/authorized_keys" "'command=\"/sqlproxy_cli.sh\" '" + fi +} + +setup_base + +if check 'Install myssh binary? [Y/n] ' +then + setup_myssh +fi + +if check 'Configure sql proxy? [Y/n] ' +then + setup_sqlproxy +fi diff --git a/sqlproxy_setup.sh b/sqlproxy_setup.sh deleted file mode 100755 index 4224c0b..0000000 --- a/sqlproxy_setup.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/usr/bin/env bash -PROJECT_PATH=$(dirname $0) - -# Always copy newest version to bin -mkdir -p $HOME/bin -cp $PROJECT_PATH/script/myssh $HOME/bin/myssh - -# Detect Shell Init Path -if [[ $SHELL =~ bin/bash$ ]] -then - RC_FILE=.bashrc -elif [[ $SHELL =~ bin/zsh$ ]] -then - RC_FILE=.zshrc -fi - -grep -qe '^PATH=$PATH:$HOME/bin$' $HOME/$RC_FILE 2> /dev/null -if [ ! -z $HOME/$RC_FILE ] && [[ ! $PATH =~ $HOME/bin ]] && [ $? -ne 0 ] -then - echo -e 'PATH=$PATH:$HOME/bin' >> $HOME/$RC_FILE -fi - -if [ ! -f $PROJECT_PATH/etc/ssh/ssh_host_ed25519_key ] -then - echo "Generating sqlproxy SSHD keys" - ssh-keygen -f $PROJECT_PATH -A -fi - -read -r -p "Auto generate client keys+config? [Y/n] " GEN_KEYS -case $GEN_KEYS in - [yY]*) - mkdir -p $HOME/.ssh - read -r -p "Key Name (will not be overridden if it already exists in ~/.ssh): " KEY_NAME - # Only add key if it does not already exist - if [ ! -f $HOME/.ssh/$KEY_NAME.key ] - then - ssh-keygen -t ed25519 -f $HOME/.ssh/$KEY_NAME.key -C "$(date --iso-8601)_$(whoami)@$HOSTNAME" - fi - read -r -p "Target Host: " HOST_NAME - # Check if there is an entry for $HOST_NAME in the users ssh config - grep -qe "^Host $HOST_NAME$" $HOME/.ssh/config - if [ $? -ne 0 ] - then - echo -ne "\nHost $HOST_NAME\n Port 3022\n User sqlproxy\n IdentityFile ~/.ssh/$KEY_NAME.key" >> $HOME/.ssh/config - fi - # Fix permssions if necessary - if [[ ! -w $PROJECT_PATH/etc/ssh/.ssh ]] || [[ ! $PROJECT_PATH/etc/ssh/.ssh/authorized_keys ]] - then - WHOAMI=$(id -un) - echo -e "Missing file permissions for authorized key file\nrunning: 'sudo chown -R $WHOAMI:$WHOAMI $PROJECT_PATH'" - sudo chown -R $WHOAMI:$WHOAMI $PROJECT_PATH - fi - # Check if public key is already in the containers authorized_keys file - grep -qe "$(cat $HOME/.ssh/$KEY_NAME.key.pub)$" $PROJECT_PATH/etc/ssh/.ssh/authorized_keys - if [ $? -ne 0 ] - then - echo -e command=\"/sqlproxy_cli.sh\" $(cat $HOME/.ssh/$KEY_NAME.key.pub) >> $PROJECT_PATH/etc/ssh/.ssh/authorized_keys - fi - # Restart sshd if permissions were changed - if [ ! -z $WHOAMI ] - then - docker compose --project-directory $PROJECT_PATH -f $PROJECT_PATH/docker-compose.yml -f $PROJECT_PATH/docker-compose-sqlproxy.yml restart sshd - fi;; - *) echo -e "Not generating client ssh key.\nPlease put your desired public keys into $PROJECT_PATH/etc/ssh/.ssh/authorized_keys\nAlso add 'command=\"/sqlproxy_cli.sh\" ' in front of your key";; -esac