Update setup script.
This commit is contained in:
parent
b215663184
commit
ded4b31dbb
2 changed files with 134 additions and 65 deletions
134
setup.sh
Executable file
134
setup.sh
Executable file
|
@ -0,0 +1,134 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -e
|
||||||
|
PROJECT_PATH=$(dirname $0)
|
||||||
|
WHOAMI="$(id -un)"
|
||||||
|
|
||||||
|
if [ $(id -u) -eq 0 ]
|
||||||
|
then
|
||||||
|
printf 'Do not run this script as root.\n'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
check() {
|
||||||
|
read -r -p "$1" ANSWER
|
||||||
|
if [[ "${ANSWER}" =~ ^[Yy] ]]
|
||||||
|
then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
setup_base() {
|
||||||
|
mkdir -p "${PROJECT_PATH}/config" "${PROJECT_PATH}/caddy_data"
|
||||||
|
if [ "$(uname -s)" = 'Darwin' ] && [ ! -w '/etc/hosts' ]
|
||||||
|
then
|
||||||
|
printf 'On MacOS docker is run by your local user (not root).\nYour user has no write permission for "/etc/hosts".\nRunning: "sudo chown %s /etc/hosts"\n' "${WHOAMI}"
|
||||||
|
if check 'Continue? [Y/n] '
|
||||||
|
then
|
||||||
|
sudo chown "${WHOAMI}" '/etc/hosts'
|
||||||
|
else
|
||||||
|
printf 'Setup Aborted!\n'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
setup_myssh() {
|
||||||
|
# Always copy newest version to bin
|
||||||
|
mkdir -p "${HOME}/bin"
|
||||||
|
cp "${PROJECT_PATH}/script/myssh" "${HOME}/bin/myssh"
|
||||||
|
|
||||||
|
# Detect Shell Init Path
|
||||||
|
if [[ "${SHELL}" =~ bin/bash$ ]]
|
||||||
|
then
|
||||||
|
RC_FILE=".bashrc"
|
||||||
|
elif [[ "${SHELL}" =~ bin/zsh$ ]]
|
||||||
|
then
|
||||||
|
RC_FILE=".zshrc"
|
||||||
|
else
|
||||||
|
printf 'Unable to detect Shell Configuration.\nPlease add %s to your PATH variable.\n' "${HOME}/bin"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
touch "${HOME}/${RC_FILE}"
|
||||||
|
|
||||||
|
if [ -f "${HOME}/${RC_FILE}" ] && [[ ! "${PATH}" =~ "${HOME}/bin" ]] && ! grep -qe '^PATH="${PATH}:${HOME}/bin"$' "${HOME}/${RC_FILE}" 2> /dev/null
|
||||||
|
then
|
||||||
|
printf 'PATH="${PATH}:${HOME}/bin"\n' >> "${HOME}/${RC_FILE}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
setup_sqlproxy() {
|
||||||
|
if [ ! -f "${PROJECT_PATH}/etc/ssh/ssh_host_ed25519_key" ]
|
||||||
|
then
|
||||||
|
printf "Generating sqlproxy SSHD keys\n"
|
||||||
|
ssh-keygen -f "${PROJECT_PATH}" -A
|
||||||
|
fi
|
||||||
|
|
||||||
|
if check 'Auto generate client keys+config? [Y/n] '
|
||||||
|
then
|
||||||
|
mkdir -p "${HOME}/.ssh"
|
||||||
|
read -r -p 'Key Name (default: sqlproxy): ' KEY_NAME
|
||||||
|
KEY_NAME="${KEY_NAME:-sqlproxy}"
|
||||||
|
|
||||||
|
# Only add key if it does not already exist
|
||||||
|
if [ ! -f "${HOME}/.ssh/${KEY_NAME}" ]
|
||||||
|
then
|
||||||
|
ssh-keygen -t ed25519 -f "${HOME}/.ssh/${KEY_NAME}" -C "$(date +'%Y.%m.%d')_${WHOAMI}@${HOSTNAME}"
|
||||||
|
else
|
||||||
|
printf 'Key "%s" already exists. Using existing key.\n' "${HOME}/.ssh/${KEY_NAME}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
read -r -p 'Target Host (default: "localhost"): ' HOST_NAME
|
||||||
|
HOST_NAME="${HOST_NAME:-localhost}"
|
||||||
|
|
||||||
|
# Check if there is an entry for $HOST_NAME in the users ssh config
|
||||||
|
if ! grep -qe "$(printf '^Host %s$' "${HOST_NAME}")" "${HOME}/.ssh/config" 2>/dev/null
|
||||||
|
then
|
||||||
|
printf '\nHost %s\n Port 3022\n User sqlproxy\n IdentityFile ~/.ssh/%s' "${HOST_NAME}" "${KEY_NAME}" >> "${HOME}/.ssh/config"
|
||||||
|
else
|
||||||
|
printf 'User ssh configuration located in "%s" already has a configuration for host "%s".\nMake sure your configuration matches the following:\n' "${HOME}/.ssh/config" "${HOST_NAME}"
|
||||||
|
printf '"""\nHost %s\n Port 3022\n User sqlproxy\n IdentityFile ~/.ssh/%s\n"""\n' "${HOST_NAME}" "${KEY_NAME}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Fix permssions if necessary
|
||||||
|
if [[ ! -w "${PROJECT_PATH}/etc/ssh/.ssh" ]] || [[ ! -w "${PROJECT_PATH}/etc/ssh/.ssh/authorized_keys" ]]
|
||||||
|
then
|
||||||
|
printf 'Missing file permissions for authorized key file\nrunning: "sudo chown -R %s %s"\n' "${WHOAMI}:${WHOAMI}" "${PROJECT_PATH}"
|
||||||
|
if check 'Continue? [Y/n] '
|
||||||
|
then
|
||||||
|
sudo chown -R "${WHOAMI}:${WHOAMI}" "${PROJECT_PATH}"
|
||||||
|
else
|
||||||
|
printf 'Setup Aborted!\n'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if public key is already in the containers authorized_keys file
|
||||||
|
PUB_KEY="$(cat ${HOME}/.ssh/${KEY_NAME}.pub)"
|
||||||
|
if ! grep -qe "$(printf '%s$' "${PUB_KEY}")" "${PROJECT_PATH}/etc/ssh/.ssh/authorized_keys"
|
||||||
|
then
|
||||||
|
printf 'command="/sqlproxy_cli.sh" %s' "${PUB_KEY}" >> "${PROJECT_PATH}/etc/ssh/.ssh/authorized_keys"
|
||||||
|
fi
|
||||||
|
# Restart sshd if permissions were changed
|
||||||
|
if [ ! -z "${WHOAMI}" ]
|
||||||
|
then
|
||||||
|
printf 'Restarting sql proxy (if running) to fix permissions.\n'
|
||||||
|
docker compose --project-directory "${PROJECT_PATH}" -f "${PROJECT_PATH}/docker-compose.yml" -f "${PROJECT_PATH}/docker-compose-sqlproxy.yml" restart sshd
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
printf 'Not generating client ssh key.\nPlease put your desired public keys into %s\nAlso add %s in front of your key\n' "${PROJECT_PATH}/etc/ssh/.ssh/authorized_keys" "'command=\"/sqlproxy_cli.sh\" '"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
setup_base
|
||||||
|
|
||||||
|
if check 'Install myssh binary? [Y/n] '
|
||||||
|
then
|
||||||
|
setup_myssh
|
||||||
|
fi
|
||||||
|
|
||||||
|
if check 'Configure sql proxy? [Y/n] '
|
||||||
|
then
|
||||||
|
setup_sqlproxy
|
||||||
|
fi
|
|
@ -1,65 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
PROJECT_PATH=$(dirname $0)
|
|
||||||
|
|
||||||
# Always copy newest version to bin
|
|
||||||
mkdir -p $HOME/bin
|
|
||||||
cp $PROJECT_PATH/script/myssh $HOME/bin/myssh
|
|
||||||
|
|
||||||
# Detect Shell Init Path
|
|
||||||
if [[ $SHELL =~ bin/bash$ ]]
|
|
||||||
then
|
|
||||||
RC_FILE=.bashrc
|
|
||||||
elif [[ $SHELL =~ bin/zsh$ ]]
|
|
||||||
then
|
|
||||||
RC_FILE=.zshrc
|
|
||||||
fi
|
|
||||||
|
|
||||||
grep -qe '^PATH=$PATH:$HOME/bin$' $HOME/$RC_FILE 2> /dev/null
|
|
||||||
if [ ! -z $HOME/$RC_FILE ] && [[ ! $PATH =~ $HOME/bin ]] && [ $? -ne 0 ]
|
|
||||||
then
|
|
||||||
echo -e 'PATH=$PATH:$HOME/bin' >> $HOME/$RC_FILE
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -f $PROJECT_PATH/etc/ssh/ssh_host_ed25519_key ]
|
|
||||||
then
|
|
||||||
echo "Generating sqlproxy SSHD keys"
|
|
||||||
ssh-keygen -f $PROJECT_PATH -A
|
|
||||||
fi
|
|
||||||
|
|
||||||
read -r -p "Auto generate client keys+config? [Y/n] " GEN_KEYS
|
|
||||||
case $GEN_KEYS in
|
|
||||||
[yY]*)
|
|
||||||
mkdir -p $HOME/.ssh
|
|
||||||
read -r -p "Key Name (will not be overridden if it already exists in ~/.ssh): " KEY_NAME
|
|
||||||
# Only add key if it does not already exist
|
|
||||||
if [ ! -f $HOME/.ssh/$KEY_NAME.key ]
|
|
||||||
then
|
|
||||||
ssh-keygen -t ed25519 -f $HOME/.ssh/$KEY_NAME.key -C "$(date --iso-8601)_$(whoami)@$HOSTNAME"
|
|
||||||
fi
|
|
||||||
read -r -p "Target Host: " HOST_NAME
|
|
||||||
# Check if there is an entry for $HOST_NAME in the users ssh config
|
|
||||||
grep -qe "^Host $HOST_NAME$" $HOME/.ssh/config
|
|
||||||
if [ $? -ne 0 ]
|
|
||||||
then
|
|
||||||
echo -ne "\nHost $HOST_NAME\n Port 3022\n User sqlproxy\n IdentityFile ~/.ssh/$KEY_NAME.key" >> $HOME/.ssh/config
|
|
||||||
fi
|
|
||||||
# Fix permssions if necessary
|
|
||||||
if [[ ! -w $PROJECT_PATH/etc/ssh/.ssh ]] || [[ ! $PROJECT_PATH/etc/ssh/.ssh/authorized_keys ]]
|
|
||||||
then
|
|
||||||
WHOAMI=$(id -un)
|
|
||||||
echo -e "Missing file permissions for authorized key file\nrunning: 'sudo chown -R $WHOAMI:$WHOAMI $PROJECT_PATH'"
|
|
||||||
sudo chown -R $WHOAMI:$WHOAMI $PROJECT_PATH
|
|
||||||
fi
|
|
||||||
# Check if public key is already in the containers authorized_keys file
|
|
||||||
grep -qe "$(cat $HOME/.ssh/$KEY_NAME.key.pub)$" $PROJECT_PATH/etc/ssh/.ssh/authorized_keys
|
|
||||||
if [ $? -ne 0 ]
|
|
||||||
then
|
|
||||||
echo -e command=\"/sqlproxy_cli.sh\" $(cat $HOME/.ssh/$KEY_NAME.key.pub) >> $PROJECT_PATH/etc/ssh/.ssh/authorized_keys
|
|
||||||
fi
|
|
||||||
# Restart sshd if permissions were changed
|
|
||||||
if [ ! -z $WHOAMI ]
|
|
||||||
then
|
|
||||||
docker compose --project-directory $PROJECT_PATH -f $PROJECT_PATH/docker-compose.yml -f $PROJECT_PATH/docker-compose-sqlproxy.yml restart sshd
|
|
||||||
fi;;
|
|
||||||
*) echo -e "Not generating client ssh key.\nPlease put your desired public keys into $PROJECT_PATH/etc/ssh/.ssh/authorized_keys\nAlso add 'command=\"/sqlproxy_cli.sh\" ' in front of your key";;
|
|
||||||
esac
|
|
Loading…
Reference in a new issue