From 1f59cb6a36c63e46a3495165eff027adb35a8419 Mon Sep 17 00:00:00 2001 From: wagesj45 Date: Thu, 14 Aug 2025 20:41:21 -0500 Subject: [PATCH] setup: make reruns idempotent - Overwrite root and jordanwages authorized_keys each run (deduped) - Replace ad-hoc fstab edits with a managed NFS block - Continue using overwrite for fastfetch profile script --- setup.sh | 80 +++++++++++++++++++++++++++++++++----------------------- 1 file changed, 48 insertions(+), 32 deletions(-) diff --git a/setup.sh b/setup.sh index a9bb791..a8e7e80 100644 --- a/setup.sh +++ b/setup.sh @@ -100,44 +100,44 @@ hostnamectl set-hostname "$NEW_HOST" msg "Hostname set to $NEW_HOST" ############################################################################### -# SSH keys for root # +# SSH keys for root (idempotent overwrite per run) # ############################################################################### install -d -m 700 /root/.ssh chmod 700 /root/.ssh -test -n "$DEFAULT_SSH_KEY" && { - grep -qxF "$DEFAULT_SSH_KEY" /root/.ssh/authorized_keys 2>/dev/null || \ - echo "$DEFAULT_SSH_KEY" >> /root/.ssh/authorized_keys - chmod 600 /root/.ssh/authorized_keys - msg "Default SSH key added for root" -} +TMP_KEYS_ROOT=$(mktemp) +if [[ -n "$DEFAULT_SSH_KEY" ]]; then + printf '%s\n' "$DEFAULT_SSH_KEY" >>"$TMP_KEYS_ROOT" +fi if confirm "Add additional SSH public key for root?"; then KEY=$(whiptail --title "SSH Key (root)" --inputbox "Paste your public key for root:" 12 70 3>&1 1>&2 2>&3) || die "Cancelled" - grep -qxF "$KEY" /root/.ssh/authorized_keys 2>/dev/null || echo "$KEY" >> /root/.ssh/authorized_keys - chmod 600 /root/.ssh/authorized_keys - msg "Additional SSH key added for root" + [[ -n "$KEY" ]] && printf '%s\n' "$KEY" >>"$TMP_KEYS_ROOT" fi +# de-duplicate and overwrite authorized_keys +awk '!seen[$0]++' "$TMP_KEYS_ROOT" > /root/.ssh/authorized_keys +chmod 600 /root/.ssh/authorized_keys +msg "Root authorized_keys updated (overwritten this run)" +rm -f "$TMP_KEYS_ROOT" ############################################################################### -# SSH keys for user jordanwages # +# SSH keys for user jordanwages (idempotent overwrite per run) # ############################################################################### USER_NAME="jordanwages" USER_HOME="/home/$USER_NAME" install -d -m 700 "$USER_HOME/.ssh" chown $USER_NAME:$USER_NAME "$USER_HOME/.ssh" -test -n "$DEFAULT_SSH_KEY" && { - grep -qxF "$DEFAULT_SSH_KEY" "$USER_HOME/.ssh/authorized_keys" 2>/dev/null || \ - echo "$DEFAULT_SSH_KEY" >> "$USER_HOME/.ssh/authorized_keys" - chown $USER_NAME:$USER_NAME "$USER_HOME/.ssh/authorized_keys" - chmod 600 "$USER_HOME/.ssh/authorized_keys" - msg "Default SSH key added for $USER_NAME" -} +TMP_KEYS_USER=$(mktemp) +if [[ -n "$DEFAULT_SSH_KEY" ]]; then + printf '%s\n' "$DEFAULT_SSH_KEY" >>"$TMP_KEYS_USER" +fi if confirm "Add additional SSH public key for $USER_NAME?"; then KEY=$(whiptail --title "SSH Key ($USER_NAME)" --inputbox "Paste public key for $USER_NAME:" 12 70 3>&1 1>&2 2>&3) || die "Cancelled" - grep -qxF "$KEY" "$USER_HOME/.ssh/authorized_keys" 2>/dev/null || echo "$KEY" >> "$USER_HOME/.ssh/authorized_keys" - chown $USER_NAME:$USER_NAME "$USER_HOME/.ssh/authorized_keys" - chmod 600 "$USER_HOME/.ssh/authorized_keys" - msg "Additional SSH key added for $USER_NAME" + [[ -n "$KEY" ]] && printf '%s\n' "$KEY" >>"$TMP_KEYS_USER" fi +awk '!seen[$0]++' "$TMP_KEYS_USER" > "$USER_HOME/.ssh/authorized_keys" +chown $USER_NAME:$USER_NAME "$USER_HOME/.ssh/authorized_keys" +chmod 600 "$USER_HOME/.ssh/authorized_keys" +msg "$USER_NAME authorized_keys updated (overwritten this run)" +rm -f "$TMP_KEYS_USER" ############################################################################### # Optional utilities # @@ -159,7 +159,7 @@ echo 'fastfetch' >/etc/profile.d/90-fastfetch.sh chmod +x /etc/profile.d/90-fastfetch.sh ############################################################################### -# NFS mounts # +# NFS mounts (managed block, idempotent) # ############################################################################### NFS_HOSTS=(jimmu keiko keitai) OPTS=(); for h in "${NFS_HOSTS[@]}"; do OPTS+=("$h" "" OFF); done @@ -169,17 +169,33 @@ SEL_HOSTS=$(whiptail --title "NFS Mounts" --checklist \ mkdir -p /media for host in "${NFS_HOSTS[@]}"; do - TEMPLATE="${host}.wageshouse:/Data /media/${host} nfs4 _netdev,x-systemd.automount,noatime 0 0" - if [[ $SEL_HOSTS == *\"$host\"* ]]; then - mkdir -p "/media/$host" - grep -q "${host}.wageshouse" /etc/fstab && \ - sed -i "#${host}\.wageshouse#d" /etc/fstab - echo "$TEMPLATE" >> /etc/fstab - else - grep -q "${host}.wageshouse" /etc/fstab || echo "# $TEMPLATE" >> /etc/fstab - fi + [[ $SEL_HOSTS == *\"$host\"* ]] && mkdir -p "/media/$host" done +# Clean up legacy lines from prior runs (pre-managed-block versions) +for host in "${NFS_HOSTS[@]}"; do + TEMPLATE="${host}.wageshouse:/Data /media/${host} nfs4 _netdev,x-systemd.automount,noatime 0 0" + sed -i "#^${host}\.wageshouse:/Data /media/${host} nfs4 _netdev,x-systemd.automount,noatime 0 0$#d" /etc/fstab || true + sed -i "#^# ${host}\.wageshouse:/Data /media/${host} nfs4 _netdev,x-systemd.automount,noatime 0 0$#d" /etc/fstab || true +done + +# Replace the managed block with current selections +BLOCK_START="# BEGIN setup.sh managed NFS" +BLOCK_END="# END setup.sh managed NFS" +sed -i "/^$BLOCK_START$/,/^$BLOCK_END$/d" /etc/fstab || true +{ + echo "$BLOCK_START" + for host in "${NFS_HOSTS[@]}"; do + TEMPLATE="${host}.wageshouse:/Data /media/${host} nfs4 _netdev,x-systemd.automount,noatime 0 0" + if [[ $SEL_HOSTS == *\"$host\"* ]]; then + echo "$TEMPLATE" + else + echo "# $TEMPLATE" + fi + done + echo "$BLOCK_END" +} >> /etc/fstab + if ! mount -a 2>>"$LOGFILE"; then msg "⚠️ Some NFS mounts failed. Re-run the script to check configuration." fi