Horus-VPS SSH-Keys in shared/ssh aufnehmen.

WireGuard-Zugang VM 101 → 10.1.1.1 dokumentiert, horus-root Set und
Deploy via Sprung-Host jean@192.168.10.10 ergänzt.

Co-authored-by: Cursor <cursoragent@cursor.com>

shared/ssh/install-authorized-keys.sh

@@ -18,10 +18,12 @@ Targets:
   proxmox-root    → /root/.ssh/authorized_keys auf Proxmox-Hosts
   vm101-jean      → jean@192.168.10.10 ~/.ssh/authorized_keys
   pve2-lxc-root   → root in CTs auf pve2 (101 docker, 109 media, 110 aidev)
+  horus-root      → root@10.1.1.1 (Horus VPS, nur via WireGuard — Springt über VM 101)
 
 Options:
   --dest PATH         Lokale Zieldatei (nur proxmox-root, default: /root/.ssh/authorized_keys)
-  --remote USER@HOST  Auf Remote-Host installieren (proxmox-root / vm101-jean)
+  --remote USER@HOST  Auf Remote-Host installieren (proxmox-root / vm101-jean / horus-root)
+  --jump USER@HOST    Sprung-Host für horus-root (default: jean@192.168.10.10)
   --ct VMID           Nur einen CT (pve2-lxc-root, mehrfach möglich)
   --dry-run           Nur anzeigen, nicht schreiben
   -h                  Hilfe
@@ -31,9 +33,12 @@ Beispiele:
   ./install-authorized-keys.sh --remote root@192.168.10.5 proxmox-root
   ./install-authorized-keys.sh vm101-jean
   ./install-authorized-keys.sh pve2-lxc-root --ct 101
+  ./install-authorized-keys.sh horus-root
 EOF
 }
 
+JUMP=""
+
 log() { printf '%s\n' "$*"; }
 
 run() {
@@ -70,6 +75,17 @@ install_remote() {
   log "Installiert auf $remote:$dest"
 }
 
+install_remote_via_jump() {
+  local src="$1" jump="$2" remote="$3" dest="$4"
+  if (( DRY_RUN )); then
+    log "[dry-run] $jump → $remote → $dest ← $src"
+    return
+  fi
+  scp -q "$src" "$jump:/tmp/authorized_keys.new"
+  ssh "$jump" "scp -q /tmp/authorized_keys.new ${remote}:/tmp/authorized_keys.new && ssh -o BatchMode=yes ${remote} 'mkdir -p /root/.ssh && chmod 700 /root/.ssh && install -m 600 /tmp/authorized_keys.new ${dest} && rm -f /tmp/authorized_keys.new' && rm -f /tmp/authorized_keys.new"
+  log "Installiert auf $remote:$dest (via $jump)"
+}
+
 install_pve2_ct() {
   local src="$1" vmid="$2"
   if (( DRY_RUN )); then
@@ -87,6 +103,7 @@ while [[ $# -gt 0 ]]; do
   case "$1" in
     --dest) DEST="$2"; shift 2 ;;
     --remote) REMOTE="$2"; shift 2 ;;
+    --jump) JUMP="$2"; shift 2 ;;
     --ct) CT_IDS+=("$2"); shift 2 ;;
     --dry-run) DRY_RUN=1; shift ;;
     -h|--help) usage; exit 0 ;;
@@ -123,6 +140,13 @@ case "$TARGET" in
       install_pve2_ct "$SRC" "$vmid"
     done
     ;;
+  horus-root)
+    SRC="$SSH_DIR/assembled/horus-root.pub"
+    DEST="${DEST:-/root/.ssh/authorized_keys}"
+    JUMP="${JUMP:-jean@192.168.10.10}"
+    REMOTE="${REMOTE:-root@10.1.1.1}"
+    install_remote_via_jump "$SRC" "$JUMP" "$REMOTE" "$DEST"
+    ;;
   *)
     echo "Unbekanntes Target: $TARGET" >&2
     usage >&2