root
1accea28c6
WireGuard-Zugang VM 101 → 10.1.1.1 dokumentiert, horus-root Set und Deploy via Sprung-Host jean@192.168.10.10 ergänzt. Co-authored-by: Cursor <cursoragent@cursor.com>
156 lines
4.6 KiB
Bash
Executable File
156 lines
4.6 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# authorized_keys aus docu/shared/ssh deployen
|
|
set -euo pipefail
|
|
|
|
DOCU_ROOT="${DOCU_ROOT:-/root/docu}"
|
|
SSH_DIR="$DOCU_ROOT/shared/ssh"
|
|
DRY_RUN=0
|
|
TARGET=""
|
|
DEST=""
|
|
REMOTE=""
|
|
CT_IDS=()
|
|
|
|
usage() {
|
|
cat <<'EOF'
|
|
Usage: install-authorized-keys.sh [options] <target>
|
|
|
|
Targets:
|
|
proxmox-root → /root/.ssh/authorized_keys auf Proxmox-Hosts
|
|
vm101-jean → jean@192.168.10.10 ~/.ssh/authorized_keys
|
|
pve2-lxc-root → root in CTs auf pve2 (101 docker, 109 media, 110 aidev)
|
|
horus-root → root@10.1.1.1 (Horus VPS, nur via WireGuard — Springt über VM 101)
|
|
|
|
Options:
|
|
--dest PATH Lokale Zieldatei (nur proxmox-root, default: /root/.ssh/authorized_keys)
|
|
--remote USER@HOST Auf Remote-Host installieren (proxmox-root / vm101-jean / horus-root)
|
|
--jump USER@HOST Sprung-Host für horus-root (default: jean@192.168.10.10)
|
|
--ct VMID Nur einen CT (pve2-lxc-root, mehrfach möglich)
|
|
--dry-run Nur anzeigen, nicht schreiben
|
|
-h Hilfe
|
|
|
|
Beispiele:
|
|
./install-authorized-keys.sh proxmox-root
|
|
./install-authorized-keys.sh --remote root@192.168.10.5 proxmox-root
|
|
./install-authorized-keys.sh vm101-jean
|
|
./install-authorized-keys.sh pve2-lxc-root --ct 101
|
|
./install-authorized-keys.sh horus-root
|
|
EOF
|
|
}
|
|
|
|
JUMP=""
|
|
|
|
log() { printf '%s\n' "$*"; }
|
|
|
|
run() {
|
|
if (( DRY_RUN )); then
|
|
log "[dry-run] $*"
|
|
else
|
|
"$@"
|
|
fi
|
|
}
|
|
|
|
install_local_file() {
|
|
local src="$1" dest="$2"
|
|
run mkdir -p "$(dirname "$dest")"
|
|
run chmod 700 "$(dirname "$dest")"
|
|
if (( DRY_RUN )); then
|
|
log "[dry-run] cp $src → $dest"
|
|
head -3 "$src"
|
|
log "… ($(wc -l <"$src") Zeilen)"
|
|
else
|
|
install -m 600 -o root -g root "$src" "$dest"
|
|
log "Installiert: $dest ($(wc -l <"$dest") Keys)"
|
|
fi
|
|
}
|
|
|
|
install_remote() {
|
|
local src="$1" remote="$2" dest="$3"
|
|
if (( DRY_RUN )); then
|
|
log "[dry-run] ssh $remote install -m 600 … ← $src"
|
|
return
|
|
fi
|
|
ssh "$remote" "mkdir -p $(dirname "$dest") && chmod 700 $(dirname "$dest")"
|
|
scp -q "$src" "$remote:/tmp/authorized_keys.new"
|
|
ssh "$remote" "install -m 600 -o \$(id -un) -g \$(id -gn) /tmp/authorized_keys.new '$dest' && rm -f /tmp/authorized_keys.new"
|
|
log "Installiert auf $remote:$dest"
|
|
}
|
|
|
|
install_remote_via_jump() {
|
|
local src="$1" jump="$2" remote="$3" dest="$4"
|
|
if (( DRY_RUN )); then
|
|
log "[dry-run] $jump → $remote → $dest ← $src"
|
|
return
|
|
fi
|
|
scp -q "$src" "$jump:/tmp/authorized_keys.new"
|
|
ssh "$jump" "scp -q /tmp/authorized_keys.new ${remote}:/tmp/authorized_keys.new && ssh -o BatchMode=yes ${remote} 'mkdir -p /root/.ssh && chmod 700 /root/.ssh && install -m 600 /tmp/authorized_keys.new ${dest} && rm -f /tmp/authorized_keys.new' && rm -f /tmp/authorized_keys.new"
|
|
log "Installiert auf $remote:$dest (via $jump)"
|
|
}
|
|
|
|
install_pve2_ct() {
|
|
local src="$1" vmid="$2"
|
|
if (( DRY_RUN )); then
|
|
log "[dry-run] pct exec $vmid → /root/.ssh/authorized_keys"
|
|
return
|
|
fi
|
|
pct exec "$vmid" -- mkdir -p /root/.ssh
|
|
pct exec "$vmid" -- chmod 700 /root/.ssh
|
|
pct push "$vmid" "$src" /root/.ssh/authorized_keys
|
|
pct exec "$vmid" -- chmod 600 /root/.ssh/authorized_keys
|
|
log "CT $vmid: /root/.ssh/authorized_keys ($(wc -l <"$src") Keys)"
|
|
}
|
|
|
|
while [[ $# -gt 0 ]]; do
|
|
case "$1" in
|
|
--dest) DEST="$2"; shift 2 ;;
|
|
--remote) REMOTE="$2"; shift 2 ;;
|
|
--jump) JUMP="$2"; shift 2 ;;
|
|
--ct) CT_IDS+=("$2"); shift 2 ;;
|
|
--dry-run) DRY_RUN=1; shift ;;
|
|
-h|--help) usage; exit 0 ;;
|
|
-*) echo "Unbekannte Option: $1" >&2; usage >&2; exit 1 ;;
|
|
*) TARGET="$1"; shift ;;
|
|
esac
|
|
done
|
|
|
|
[[ -n "$TARGET" ]] || { usage >&2; exit 1; }
|
|
[[ -d "$SSH_DIR/assembled" ]] || { echo "Fehlt: $SSH_DIR (git pull?)" >&2; exit 1; }
|
|
|
|
case "$TARGET" in
|
|
proxmox-root)
|
|
SRC="$SSH_DIR/assembled/proxmox-root.pub"
|
|
DEST="${DEST:-/root/.ssh/authorized_keys}"
|
|
if [[ -n "$REMOTE" ]]; then
|
|
install_remote "$SRC" "$REMOTE" "$DEST"
|
|
else
|
|
install_local_file "$SRC" "$DEST"
|
|
fi
|
|
;;
|
|
vm101-jean)
|
|
SRC="$SSH_DIR/assembled/vm101-jean.pub"
|
|
DEST="${DEST:-/home/jean/.ssh/authorized_keys}"
|
|
REMOTE="${REMOTE:-jean@192.168.10.10}"
|
|
install_remote "$SRC" "$REMOTE" "$DEST"
|
|
;;
|
|
pve2-lxc-root)
|
|
SRC="$SSH_DIR/assembled/pve2-lxc-root.pub"
|
|
if [[ ${#CT_IDS[@]} -eq 0 ]]; then
|
|
CT_IDS=(101 109 110)
|
|
fi
|
|
for vmid in "${CT_IDS[@]}"; do
|
|
install_pve2_ct "$SRC" "$vmid"
|
|
done
|
|
;;
|
|
horus-root)
|
|
SRC="$SSH_DIR/assembled/horus-root.pub"
|
|
DEST="${DEST:-/root/.ssh/authorized_keys}"
|
|
JUMP="${JUMP:-jean@192.168.10.10}"
|
|
REMOTE="${REMOTE:-root@10.1.1.1}"
|
|
install_remote_via_jump "$SRC" "$JUMP" "$REMOTE" "$DEST"
|
|
;;
|
|
*)
|
|
echo "Unbekanntes Target: $TARGET" >&2
|
|
usage >&2
|
|
exit 1
|
|
;;
|
|
esac
|