mrhavens/git-sigil
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test

Browse source
This commit is contained in:
Mark Randall Havens 2025-06-13 01:07:12 -05:00
parent cc31b3c026
commit 98895b2995
2 changed files with 136 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

166
bin/gitfield-netmon
View file

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
set -euo pipefail set -eo pipefail
IFS=$'\n\t' IFS=$'\n\t'
# Configuration # Configuration
@ -15,60 +15,148 @@ MARKDOWN_FILE="$REPO_ROOT/.gitfield/gogs.sigil.md"
DEFAULT_NAME="Mark Randall Havens" DEFAULT_NAME="Mark Randall Havens"
DEFAULT_EMAIL="mark.r.havens@gmail.com" DEFAULT_EMAIL="mark.r.havens@gmail.com"
TOKEN_FILE="$HOME/.gitfield_token_gogs" TOKEN_FILE="$HOME/.gitfield_token_gogs"
CLOUDFLARED_TOKEN_FILE="$HOME/.cloudflared/gogs_tunnel_token"
SSH_KEY="$HOME/.ssh/id_ed25519" SSH_KEY="$HOME/.ssh/id_ed25519"
SCRIPT_VERSION="1.2" SSH_CONFIG_FILE="$HOME/.ssh/config"
SCRIPT_VERSION="1.5"
# Logging functions # Logging functions
info() { echo -e "\e[1;34m[INFO]\e[0m $*"; } info() { echo -e "\e[1;34m[INFO]\e[0m ${*:-}"; }
warn() { echo -e "\e[1;33m[WARN]\e[0m $*"; } warn() { echo -e "\e[1;33m[WARN]\e[0m ${*:-}"; }
error() { echo -e "\e[1;31m[ERROR]\e[0m $*" >&2; exit 1; } error() { echo -e "\e[1;31m[ERROR]\e[0m ${*:-}" >&2; exit 1; }
# Check for required tools # Check for required tools
info "Checking for required tools..." info "Checking for required tools..."
for cmd in git curl jq ssh; do for cmd in git curl jq ssh timeout; do
command -v "$cmd" >/dev/null || { command -v "$cmd" >/dev/null || {
sudo apt update -qq || warn "Failed to update package lists, continuing..." sudo apt update -qq || warn "Failed to update package lists, continuing..."
sudo apt install -y git curl jq openssh-client || error "Failed to install $cmd" sudo apt install -y git curl jq openssh-client timeout || error "Failed to install $cmd"
} }
done done
# Handle authentication # Install cloudflared if not present
if ! command -v cloudflared >/dev/null; then
info "Installing cloudflared..."
sudo apt update -qq || warn "Failed to update package lists, continuing..."
sudo apt install -y wget || error "Failed to install wget"
ARCH=$(uname -m)
case "$ARCH" in
x86_64) CLOUDFLARED_URL="https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64" ;;
arm*) CLOUDFLARED_URL="https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm" ;;
*) error "Unsupported architecture: $ARCH" ;;
esac
wget -q "$CLOUDFLARED_URL" -O /tmp/cloudflared || error "Failed to download cloudflared"
sudo mv /tmp/cloudflared /usr/local/bin/cloudflared || error "Failed to install cloudflared"
sudo chmod +x /usr/local/bin/cloudflared || error "Failed to set cloudflared permissions"
info "cloudflared installed successfully."
fi
# Handle GOGS token
RESET_AUTH=false RESET_AUTH=false
if [[ "${1:-}" == "--reset-auth" ]]; then if [[ "${1:-}" == "--reset-auth" ]]; then
RESET_AUTH=true RESET_AUTH=true
rm -f "$TOKEN_FILE" 2>/dev/null || warn "Failed to remove token file" rm -f "$TOKEN_FILE" "$CLOUDFLARED_TOKEN_FILE" 2>/dev/null || warn "Failed to remove auth files"
info "Authentication reset requested." info "Authentication reset requested."
fi fi
# Token-based authentication
if [[ -f "$TOKEN_FILE" && "$RESET_AUTH" == false ]]; then if [[ -f "$TOKEN_FILE" && "$RESET_AUTH" == false ]]; then
TOKEN=$(cat "$TOKEN_FILE" 2>/dev/null) || error "Failed to read token from $TOKEN_FILE" TOKEN=$(cat "$TOKEN_FILE" 2>/dev/null) || error "Failed to read token from $TOKEN_FILE"
info "Using cached token from $TOKEN_FILE" info "Using cached GOGS token from $TOKEN_FILE"
else else
info "GOGS token required." info "GOGS token required."
echo "🔐 Generate a token at https://$GOGS_DOMAIN/user/settings/applications (scopes: write:repository, write:ssh_key)" echo "🔐 Generate a token at https://$GOGS_DOMAIN/user/settings/applications (scopes: write:repository, write:ssh_key)"
echo "🔐 Paste your GOGS Personal Access Token (will not be echoed):" echo "🔐 Paste your GOGS Personal Access Token (will not be echoed):"
read -rsp "Token: " TOKEN read -rsp "Token: " TOKEN
echo echo
[[ -z "$TOKEN" ]] && error "Token cannot be empty" [[ -z "$TOKEN" ]] && error "GOGS token cannot be empty"
echo "$TOKEN" > "$TOKEN_FILE" || error "Failed to write token to $TOKEN_FILE" echo "$TOKEN" > "$TOKEN_FILE" || error "Failed to write token to $TOKEN_FILE"
chmod 600 "$TOKEN_FILE" || error "Failed to set permissions on $TOKEN_FILE" chmod 600 "$TOKEN_FILE" || error "Failed to set permissions on $TOKEN_FILE"
info "Token saved at $TOKEN_FILE" info "GOGS token saved at $TOKEN_FILE"
fi fi
# Verify token # Verify GOGS token
info "Verifying token..." info "Verifying GOGS token..."
TOKEN_TEST=$(curl -k -s -H "Authorization: token $TOKEN" "$GOGS_API/user" | jq -r .login 2>/dev/null || echo "") TOKEN_TEST=$(curl -k -s -H "Authorization: token $TOKEN" "$GOGS_API/user" | jq -r .login 2>/dev/null || echo "")
if [[ "$TOKEN_TEST" != "$USERNAME" ]]; then if [[ "$TOKEN_TEST" != "$USERNAME" ]]; then
warn "Token verification failed. Please generate a new token at https://$GOGS_DOMAIN/user/settings/applications" warn "GOGS token verification failed. Please generate a new token at https://$GOGS_DOMAIN/user/settings/applications"
rm -f "$TOKEN_FILE" rm -f "$TOKEN_FILE"
echo "🔐 Paste your GOGS Personal Access Token (will not be echoed):" echo "🔐 Paste your GOGS Personal Access Token (will not be echoed):"
read -rsp "Token: " TOKEN read -rsp "Token: " TOKEN
echo echo
[[ -z "$TOKEN" ]] && error "Token cannot be empty" [[ -z "$TOKEN" ]] && error "GOGS token cannot be empty"
echo "$TOKEN" > "$TOKEN_FILE" || error "Failed to write token to $TOKEN_FILE" echo "$TOKEN" > "$TOKEN_FILE" || error "Failed to write token to $TOKEN_FILE"
chmod 600 "$TOKEN_FILE" || error "Failed to set permissions on $TOKEN_FILE" chmod 600 "$TOKEN_FILE" || error "Failed to set permissions on $TOKEN_FILE"
info "Token saved at $TOKEN_FILE" info "GOGS token saved at $TOKEN_FILE"
fi
# Handle Cloudflare Tunnel token
if [[ -f "$CLOUDFLARED_TOKEN_FILE" && "$RESET_AUTH" == false ]]; then
CLOUDFLARED_TOKEN=$(cat "$CLOUDFLARED_TOKEN_FILE" 2>/dev/null) || error "Failed to read Cloudflare Tunnel token from $CLOUDFLARED_TOKEN_FILE"
info "Using cached Cloudflare Tunnel token from $CLOUDFLARED_TOKEN_FILE"
else
info "Cloudflare Tunnel token required."
echo "🔐 Follow these steps to generate a Cloudflare Tunnel token:"
echo " 1. Log into Cloudflare Zero Trust: https://dash.teams.cloudflare.com"
echo " 2. Navigate to Access > Tunnels."
echo " 3. Click 'Create a tunnel', select 'Cloudflared' connector, and name it (e.g., 'gogs-ssh-tunnel')."
echo " 4. Copy the token (starts with 'eyJ') from the 'Connect an application' step."
echo " 5. In Public Hostnames, add 'netmon.thefoldwithin.earth' (or a subdomain), set Service to 'SSH', and URL to 'localhost:22'."
echo " 6. Ensure the tunnel is running on your Raspberry Pi (see: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/install-and-setup/tunnel-guide/)"
echo "🔐 Paste your Cloudflare Tunnel token (will not be echoed):"
read -rsp "Token: " CLOUDFLARED_TOKEN
echo
[[ -z "$CLOUDFLARED_TOKEN" ]] && error "Cloudflare Tunnel token cannot be empty"
[[ ! "$CLOUDFLARED_TOKEN" =~ ^eyJ ]] && warn "Cloudflare Tunnel token does not start with 'eyJ'. It may be invalid."
mkdir -p "$(dirname "$CLOUDFLARED_TOKEN_FILE")" || error "Failed to create .cloudflared directory"
echo "$CLOUDFLARED_TOKEN" > "$CLOUDFLARED_TOKEN_FILE" || error "Failed to write token to $CLOUDFLARED_TOKEN_FILE"
chmod 600 "$CLOUDFLARED_TOKEN_FILE" || error "Failed to set permissions on $CLOUDFLARED_TOKEN_FILE"
info "Cloudflare Tunnel token saved at $CLOUDFLARED_TOKEN_FILE"
fi
# Validate Cloudflare Tunnel token
info "Validating Cloudflare Tunnel token..."
CLOUDFLARED_TEST=$(timeout 10s cloudflared tunnel --no-autoupdate info --token "$CLOUDFLARED_TOKEN" 2>&1 || echo "Timeout or error")
if echo "$CLOUDFLARED_TEST" | grep -qi "error"; then
warn "Cloudflare Tunnel token validation failed: $CLOUDFLARED_TEST"
rm -f "$CLOUDFLARED_TOKEN_FILE"
echo "🔐 Follow the steps above or visit https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/install-and-setup/tunnel-guide/"
echo "🔐 Paste your Cloudflare Tunnel token (will not be echoed):"
read -rsp "Token: " CLOUDFLARED_TOKEN
echo
[[ -z "$CLOUDFLARED_TOKEN" ]] && error "Cloudflare Tunnel token cannot be empty"
[[ ! "$CLOUDFLARED_TOKEN" =~ ^eyJ ]] && warn "Cloudflare Tunnel token does not start with 'eyJ'. It may be invalid."
echo "$CLOUDFLARED_TOKEN" > "$CLOUDFLARED_TOKEN_FILE" || error "Failed to write token to $CLOUDFLARED_TOKEN_FILE"
chmod 600 "$CLOUDFLARED_TOKEN_FILE" || error "Failed to set permissions on $CLOUDFLARED_TOKEN_FILE"
info "Cloudflare Tunnel token saved at $CLOUDFLARED_TOKEN_FILE"
fi
# Configure Cloudflare Tunnel
info "Configuring Cloudflare Tunnel for SSH..."
killall cloudflared 2>/dev/null || true
timeout 10s cloudflared tunnel --no-autoupdate run --token "$CLOUDFLARED_TOKEN" --loglevel error >/dev/null 2>&1 & sleep 2
if ! pgrep -f "cloudflared.*$CLOUDFLARED_TOKEN" >/dev/null; then
warn "Failed to start Cloudflare Tunnel. Falling back to HTTPS..."
USE_HTTPS=true
else
info "Cloudflare Tunnel running."
fi
# Configure SSH with Cloudflare Tunnel
if ! grep -q "Host $GOGS_DOMAIN" "$SSH_CONFIG_FILE" 2>/dev/null; then
info "Configuring SSH with Cloudflare Tunnel..."
mkdir -p "$(dirname "$SSH_CONFIG_FILE")" && chmod 700 "$(dirname "$SSH_CONFIG_FILE")"
cat >> "$SSH_CONFIG_FILE" <<EOF
Host $GOGS_DOMAIN
HostName $GOGS_DOMAIN
User git
Port $GOGS_SSH_PORT
IdentityFile $SSH_KEY
ProxyCommand cloudflared access ssh --hostname %h
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
EOF
chmod 600 "$SSH_CONFIG_FILE" || warn "Failed to set permissions on SSH config file"
info "Added SSH config for $GOGS_DOMAIN with Cloudflare Tunnel"
fi fi
# Set git user info # Set git user info
@ -90,28 +178,13 @@ fi
eval "$(ssh-agent -s)" >/dev/null 2>&1 || error "Failed to start ssh-agent" eval "$(ssh-agent -s)" >/dev/null 2>&1 || error "Failed to start ssh-agent"
ssh-add "$SSH_KEY" >/dev/null 2>&1 || warn "SSH key already added or could not be added" ssh-add "$SSH_KEY" >/dev/null 2>&1 || warn "SSH key already added or could not be added"
# Configure SSH
SSH_CONFIG_FILE="$HOME/.ssh/config"
if ! grep -q "Host $GOGS_DOMAIN" "$SSH_CONFIG_FILE" 2>/dev/null; then
mkdir -p "$HOME/.ssh" && chmod 700 "$HOME/.ssh"
cat >> "$SSH_CONFIG_FILE" <<EOF
Host $GOGS_DOMAIN
HostName $GOGS_DOMAIN
User git
Port $GOGS_SSH_PORT
IdentityFile $SSH_KEY
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
EOF
chmod 600 "$SSH_CONFIG_FILE" || warn "Failed to set permissions on SSH config file"
info "Added SSH config for $GOGS_DOMAIN with port $GOGS_SSH_PORT"
fi
# Upload SSH key to GOGS # Upload SSH key to GOGS
if [[ "$USE_HTTPS" != true ]]; then
info "Testing SSH connection..." info "Testing SSH connection..."
SSH_TEST_OUTPUT=$(ssh -T -p "$GOGS_SSH_PORT" "$GOGS_SSH" 2>&1) SSH_TEST_OUTPUT=$(timeout 10s ssh -T -p "$GOGS_SSH_PORT" "$GOGS_SSH" 2>&1 || echo "Timeout or error")
if ! echo "$SSH_TEST_OUTPUT" | grep -q "success"; then if ! echo "$SSH_TEST_OUTPUT" | grep -q "success"; then
warn "SSH test failed, uploading SSH key..." warn "SSH test failed: $SSH_TEST_OUTPUT"
info "Uploading SSH key to GOGS..."
PUBKEY=$(cat "${SSH_KEY}.pub" 2>/dev/null) || error "Failed to read SSH public key" PUBKEY=$(cat "${SSH_KEY}.pub" 2>/dev/null) || error "Failed to read SSH public key"
TITLE="AutoKey-$(hostname)-$(date +%s)" TITLE="AutoKey-$(hostname)-$(date +%s)"
CURL_OUTPUT=$(curl -k -s --fail -X POST "$GOGS_API/user/keys" \ CURL_OUTPUT=$(curl -k -s --fail -X POST "$GOGS_API/user/keys" \
@ -120,21 +193,28 @@ if ! echo "$SSH_TEST_OUTPUT" | grep -q "success"; then
-d "{\"title\": \"$TITLE\", \"key\": \"$PUBKEY\"}" 2>&1) -d "{\"title\": \"$TITLE\", \"key\": \"$PUBKEY\"}" 2>&1)
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
warn "SSH key upload failed: $CURL_OUTPUT" warn "SSH key upload failed: $CURL_OUTPUT"
USE_HTTPS=true
else else
info "SSH key uploaded successfully." info "SSH key uploaded successfully."
sleep 2 sleep 2
SSH_TEST_OUTPUT=$(ssh -T -p "$GOGS_SSH_PORT" "$GOGS_SSH" 2>&1) SSH_TEST_OUTPUT=$(timeout 10s ssh -T -p "$GOGS_SSH_PORT" "$GOGS_SSH" 2>&1 || echo "Timeout or error")
[[ ! "$SSH_TEST_OUTPUT" =~ "success" ]] && warn "SSH test still failing: $SSH_TEST_OUTPUT" if ! echo "$SSH_TEST_OUTPUT" | grep -q "success"; then
warn "SSH test still failing: $SSH_TEST_OUTPUT"
USE_HTTPS=true
else
info "SSH test passed: $SSH_TEST_OUTPUT"
fi
fi fi
else else
info "SSH test passed: $SSH_TEST_OUTPUT" info "SSH test passed: $SSH_TEST_OUTPUT"
fi fi
else
warn "Skipping SSH test due to HTTPS fallback."
fi
# Fallback to HTTPS if SSH fails # Fallback to HTTPS if SSH fails
USE_HTTPS=false if [[ "$USE_HTTPS" == true ]]; then
if ! ssh -T -p "$GOGS_SSH_PORT" "$GOGS_SSH" 2>&1 | grep -q "success"; then warn "Using HTTPS due to SSH failure."
warn "SSH authentication failed, falling back to HTTPS..."
USE_HTTPS=true
git config --global credential.helper store git config --global credential.helper store
echo "https://$USERNAME:$TOKEN@$GOGS_DOMAIN" > "$HOME/.git-credentials" || error "Failed to write git credentials" echo "https://$USERNAME:$TOKEN@$GOGS_DOMAIN" > "$HOME/.git-credentials" || error "Failed to write git credentials"
chmod 600 "$HOME/.git-credentials" || error "Failed to set permissions on git credentials" chmod 600 "$HOME/.git-credentials" || error "Failed to set permissions on git credentials"

0
test Normal file
View file