#!/usr/bin/env bash set -e PROJECT_PATH=$(dirname $0) WHOAMI="$(id -un)" if [ "$(uname -s)" = "Linux" ] then MYGROUP="${WHOAMI}" else MYGROUP="staff" fi if [ $(id -u) -eq 0 ] then printf 'Do not run this script as root.\n' exit 1 fi check() { while ! [[ "${ANSWER}" =~ ^[YyNn] ]] do read -r -p "$1" ANSWER done if [[ "${ANSWER}" =~ ^[Yy] ]] then return 0 fi return 1 } setup_base() { printf 'Change ownership of "%s" to "%s"? (setup may fail otherwise)\n' "${PROJECT_PATH}" "${WHOAMI}" printf 'running: "sudo chown -R %s %s"\n' "${WHOAMI}:${MYGROUP}" "${PROJECT_PATH}" if check 'Continue? [Y/n] ' then sudo chown -R "${WHOAMI}:${MYGROUP}" "${PROJECT_PATH}" fi mkdir -p "${PROJECT_PATH}/config" "${PROJECT_PATH}/caddy_data" "${PROJECT_PATH}/etc/ssh/.ssh" touch "${PROJECT_PATH}/config/Caddyfile" "${PROJECT_PATH}/etc/ssh/.ssh/authorized_keys" if [ "$(uname -s)" = 'Darwin' ] && [ ! -w '/etc/hosts' ] then printf 'On MacOS docker is run by your local user (not root).\nYour user has no write permission for "/etc/hosts".\nRunning: "sudo chown %s /etc/hosts"\n' "${WHOAMI}" if check 'Continue? [Y/n] ' then sudo chown "${WHOAMI}" '/etc/hosts' fi fi } setup_myssh() { # Always copy newest version to bin mkdir -p "${HOME}/bin" cp "${PROJECT_PATH}/script/myssh" "${HOME}/bin/myssh" # Detect Shell Init Path if [[ "${SHELL}" =~ bin/bash$ ]] then RC_FILE=".bashrc" elif [[ "${SHELL}" =~ bin/zsh$ ]] then RC_FILE=".zshrc" else printf 'Unable to detect Shell Configuration.\nPlease add %s to your PATH variable.\n' "${HOME}/bin" return 0 fi touch "${HOME}/${RC_FILE}" if [ -f "${HOME}/${RC_FILE}" ] && [[ ! "${PATH}" =~ "${HOME}/bin" ]] && ! grep -qe '^PATH="${PATH}:${HOME}/bin"$' "${HOME}/${RC_FILE}" 2> /dev/null then printf 'PATH="${PATH}:${HOME}/bin"\n' >> "${HOME}/${RC_FILE}" fi } setup_sqlproxy() { if [ ! -f "${PROJECT_PATH}/etc/ssh/ssh_host_ed25519_key" ] then printf "Generating sqlproxy SSHD keys\n" ssh-keygen -f "${PROJECT_PATH}" -A fi if check 'Auto generate client keys+config? [Y/n] ' then mkdir -p "${HOME}/.ssh" read -r -p 'Key Name (default: sqlproxy): ' KEY_NAME KEY_NAME="${KEY_NAME:-sqlproxy}" # Only add key if it does not already exist if [ ! -f "${HOME}/.ssh/${KEY_NAME}" ] then ssh-keygen -t ed25519 -f "${HOME}/.ssh/${KEY_NAME}" -C "$(date +'%Y.%m.%d')_${WHOAMI}@${HOSTNAME}" else printf 'Key "%s" already exists. Using existing key.\n' "${HOME}/.ssh/${KEY_NAME}" fi read -r -p 'Target Host (default: "localhost"): ' HOST_NAME HOST_NAME="${HOST_NAME:-localhost}" # Check if there is an entry for $HOST_NAME in the users ssh config if ! grep -qe "$(printf '^Host %s$' "sqlproxy.${HOST_NAME}")" "${HOME}/.ssh/config" 2>/dev/null then printf '\nHost sqlproxy.%s\n HostName %s\n Port 3022\n User sqlproxy\n IdentityFile ~/.ssh/%s' "${HOST_NAME}" "${HOST_NAME}" "${KEY_NAME}" >> "${HOME}/.ssh/config" else printf 'User ssh configuration located in "%s" already has a configuration for host "%s".\nMake sure your configuration matches the following:\n' "${HOME}/.ssh/config" "${HOST_NAME}" printf '"""\nHost sqlproxy.%s\n HostName %s\n Port 3022\n User sqlproxy\n IdentityFile ~/.ssh/%s\n"""\n' "${HOST_NAME}" "${HOST_NAME}" "${KEY_NAME}" fi # Check if public key is already in the containers authorized_keys file PUB_KEY="$(cat ${HOME}/.ssh/${KEY_NAME}.pub)" if ! grep -qe "$(printf '%s$' "${PUB_KEY}")" "${PROJECT_PATH}/etc/ssh/.ssh/authorized_keys" then printf 'command="/sqlproxy_cli.sh" %s\n' "${PUB_KEY}" >> "${PROJECT_PATH}/etc/ssh/.ssh/authorized_keys" fi else printf 'Not generating client ssh key.\nPlease put your desired public keys into %s\nAlso add %s in front of your key\n' "${PROJECT_PATH}/etc/ssh/.ssh/authorized_keys" "'command=\"/sqlproxy_cli.sh\" '" fi } setup_base if check 'Install myssh binary? [Y/n] ' then setup_myssh fi if check 'Configure sql proxy? [Y/n] ' then setup_sqlproxy fi printf 'Restarting sql proxy (if running) to fix permissions.\n' docker compose --project-directory "${PROJECT_PATH}" -f "${PROJECT_PATH}/docker-compose.yml" restart sshd