infra/codestorage/hg-ssh
infra/codestorage/hg-ssh/pullkeys.sh
Use the relative DNS address. Use the relative DNS address when digging for web frontends, which now works thanks to +search on dig. This allows us to transfer between namespaces without needing to change anything. Also makes this, in general, more flexible.
| paddy@1 | 1 #!/bin/bash |
| paddy@1 | 2 DOMAIN=${DOMAIN:-code.secondbit.org} |
| paddy@1 | 3 SSH_KEYS_BUCKET=${SSH_KEYS_BUCKET:-sshkeys.$DOMAIN} |
| paddy@1 | 4 |
| paddy@1 | 5 mkdir -p /tmp/sshkeys |
| paddy@1 | 6 |
| paddy@1 | 7 echo "Cleaning up..." |
| paddy@1 | 8 rm -rf /tmp/sshkeys/* |
| paddy@1 | 9 |
| paddy@1 | 10 echo "Downloading keys from gs://${SSH_KEYS_BUCKET}/" |
| paddy@1 | 11 |
| paddy@1 | 12 output=$(gsutil cp -R gs://$SSH_KEYS_BUCKET/\* /tmp/sshkeys/ 2>&1) |
| paddy@1 | 13 echo $output |
| paddy@1 | 14 |
| paddy@1 | 15 keys=$(find /tmp/sshkeys -name '*.pub') |
| paddy@1 | 16 |
| paddy@1 | 17 for key in $keys |
| paddy@1 | 18 do |
| paddy@1 | 19 dir=$(dirname $key) |
| paddy@1 | 20 stripped=${dir#.} |
| paddy@1 | 21 stripped=${stripped#/tmp/sshkeys} |
| paddy@1 | 22 target=${key#/tmp/sshkeys} |
| paddy@1 | 23 target=${target%.pub} |
| paddy@1 | 24 target=${target#/} |
| paddy@1 | 25 IFS='-' read -ra USERSPEC <<< $target |
| paddy@1 | 26 if [ -d "/home${USERSPEC[0]}" ] |
| paddy@1 | 27 then |
| paddy@1 | 28 echo "User ${USERSPEC[0]} already exists, skipping." |
| paddy@1 | 29 else |
| paddy@1 | 30 echo "Creating user ${USERSPEC[0]} with ID ${USERSPEC[1]}." |
| paddy@1 | 31 /bin/bash /usr/local/bin/helpers/create_user.sh "${USERSPEC[0]}" "${USERSPEC[1]}" |
| paddy@1 | 32 cat $key > /home/${USERSPEC[0]}/.ssh/authorized_keys |
| paddy@1 | 33 fi |
| paddy@1 | 34 done |
| paddy@1 | 35 |
| paddy@1 | 36 echo "Cleaning up..." |
| paddy@1 | 37 rm -rf /tmp/sshkeys/* |
| paddy@1 | 38 |
| paddy@1 | 39 echo "SSH key pull complete." |