warengroup/init.sh
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactoring Code

Browse Source
This commit is contained in:
Christer Warén
2025-12-04 04:53:44 +02:00
parent 3582fc211a
commit a710bfa4b2
18 changed files with 747 additions and 512 deletions
Download Patch File Download Diff File Expand all files Collapse all files

582
init.sh
View File

@@ -1,104 +1,45 @@
#!/bin/bash #!/bin/bash
if [ ! "$BASH_VERSION" ] ; then #if [ ! "$BASH_VERSION" ] ; then
sudo curl https://waren.io/init.sh -o "$PWD/init.sh" # bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9 # exit 1
exit 1 #fi
fi
if [[ $USER != "root" ]] declare -Ax args
declare -Ax config
declare -Ax messages
wxi-config(){
echo -n ""
}
wx-init(){
wx-login
wxi-header "Init"
if [[ ! -z ${args['hostname']} && ${#args['hostname']} -gt 5 ]]
then then
sudo curl https://waren.io/init.sh -o "$PWD/init.sh" HOSTNAME="${args['hostname']}.$DEVICE_DOMAIN"
sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9
exit 1
fi
wiRed=$(tput setaf 196)
wiGreen=$(tput setaf 46)
wiYellow=$(tput setaf 226)
wiBlue=$(tput setaf 21)
wiPurple=$(tput setaf 165)
wiTurquoise=$(tput setaf 14)
wiPink=$(tput setaf 198)
wiOrange=$(tput setaf 202)
wiBold=$(tput bold)
wiNormal=$(tput sgr0)
wi-header(){
wx-header "$1" "$2"
}
wi-repeat(){
wx-repeat "$1" "$2"
}
wi-login(){
wx-login "$1" "$2"
}
wx-start(){
wi-start
}
wx-stop(){
wi-stop
}
wxBold=$wiBold
wxNormal=$wiNormal
wx-header(){
if [[ $2 == "h1" ]]
then
echo ""
echo ""
echo ""
echo "=============================="
wx-repeat " " $((30/2-${#1}/2))
echo -n "$wxBold"
echo -n "$1"
echo -n "$wxNormal"
echo ""
echo "=============================="
fi
if [[ $2 == "h2" || -z $2 ]]
then
wx-start
wx-repeat " " $((30/2-6/2-${#1}/2))
echo -n ">> $1 <<"
echo ""
echo "------------------------------"
fi
}
wi-init(){
wi-login $1
wi-header "Init"
if [[ ! -z $2 && ${#2} -gt 5 ]]
then
HOSTNAME="$2.$DEVICE_DOMAIN"
elif [[ $(hostname -d) ]] elif [[ $(hostname -d) ]]
then then
HOSTNAME=$(hostname --fqdn) HOSTNAME=$(hostname --fqdn)
else else
echo "Status: Hostname Required" wxi-content status "Hostname" "Required"
wx-stop wxi-stop
fi fi
if [[ ! -z $3 ]] if [[ ! -z ${args['device-type']} ]]
then then
if [[ $3 == "server" || $3 == "workstation" ]] if [[ ${args['device-type']} == "server" || ${args['device-type']} == "workstation" ]]
then then
TYPE="$3" DEVICE_TYPE="${args['device-type']}"
else else
echo "Status: Type Invalid" wxi-content status "Device Type" "Invalid"
wx-stop wxi-stop
fi fi
else else
echo "Status: Type Required" wxi-content status "Device Type" "Required"
wx-stop wxi-stop
fi fi
mkdir -p ~/.ssh/keys &> /dev/null mkdir -p ~/.ssh/keys &> /dev/null
@@ -112,7 +53,7 @@ wi-init(){
/opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect xmltodict &> /dev/null /opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect xmltodict &> /dev/null
curl \ curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \ -H "X-Vault-Token: $TOKEN" \
-X GET \ -X GET \
https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/keys/init https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/keys/init
@@ -136,7 +77,7 @@ wi-init(){
GIT_PORT="2222" GIT_PORT="2222"
GIT_REPOSITORY="warengroup-private/infra-plus" GIT_REPOSITORY="warengroup-private/infra-plus"
export HVT=${config["login",$ORG]} export HVT=$TOKEN
/opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils ansible.windows community.crypto community.dns community.docker community.general community.grafana community.hashi_vault community.libvirt community.mongodb community.mysql community.postgresql community.windows containers.podman --upgrade &> /dev/null /opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils ansible.windows community.crypto community.dns community.docker community.general community.grafana community.hashi_vault community.libvirt community.mongodb community.mysql community.postgresql community.windows containers.podman --upgrade &> /dev/null
@@ -146,178 +87,233 @@ wi-init(){
} }
wx-login(){ wx-login(){
if [[ ! -z $1 ]] wxi-header "Login"
wxi-restricted --user
wxi-restricted --org
wxi-restricted --vault
wxi-header "$ORG_HEADER" h3
if [[ ! -z ${args['auth-method']} ]]
then then
ORG=$1 AUTH_METHOD=${args['auth-method']}
jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp elif [[ ! -z ${args['token']} ]]
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
elif [[ $(hostname -d) = *"devices.waren.io" ]]
then then
ORG=warengroup AUTH_METHOD=token
elif [[ $(hostname -d) = *"devices.cwinfo.net" ]] elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]]
then then
ORG=cwinfo AUTH_METHOD=token
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]] elif [[ ! -z ${args['username']} ]]
then then
ORG=cwchristerw AUTH_METHOD=ldap
elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
then
ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
else else
wx-header "Login" AUTH_METHOD=ldap
echo "Status: Organization Required"
wx-stop
fi fi
if [[ $ORG == "warengroup" ]] if [[ ! -z $AUTH_METHOD ]]
then
DOMAIN=waren.io
elif [[ $ORG == "cwinfo" ]]
then
DOMAIN=cwinfo.net
elif [[ $ORG == "cwchristerw" ]]
then
DOMAIN=christerwaren.fi
else
wx-header "Login"
echo "Status: Organization Unsupported"
wx-stop
fi
FOLDER=$ORG
DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.waren.io"
VAULT_DOMAIN="vault.cwinfo.net"
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then
if [[ -z $SUDO_USER ]]
then
if [[ -z LOGNAME ]]
then
wx-header "Login"
echo "Status: Username Required"
wx-stop
else
USERNAME=$LOGNAME
fi
else
USERNAME=$SUDO_USER
fi
else
USERNAME=$USER
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]]
then
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
then
USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
fi
TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]]
then
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
if [[ $IDM_STATUS -eq 301 ]]
then
wx-header "Login"
echo $wxBold$ORG$wxNormal
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
then then
case $AUTH_METHOD in
ldap)
echo -n "Username: " echo -n "Username: "
read USERNAME if [[ ! -z ${args['username']} ]]
then
USERNAME=${args['username']}
wxi-content text "$USERNAME"
else else
echo "Username: $USERNAME" read USERNAME
fi fi
jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
echo -n "Password: " echo -n "Password: "
if [[ ! -z ${args['password']} ]]
then
PASSWORD=${args['password']}
else
read -s PASSWORD read -s PASSWORD
echo "****************" fi
if [[ ! -z $PASSWORD ]]
then
wxi-content text "****************"
else
wxi-content text ""
fi
if [[ -z $USERNAME || -z $PASSWORD ]] if [[ -z $USERNAME || -z $PASSWORD ]]
then then
echo "Status: Username & Password Required" wxi-content status "Username & Password" "Required"
wx-stop wxi-footer
else wxi-stop
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token') VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then then
echo "Status: Login Failed" wxi-content status "Login" "Failed"
wx-stop wxi-stop
fi fi
config["login",${ORG}]=$VAULT_LOGIN TOKEN=$VAULT_LOGIN
wxi-config login
if [[ $USER != "root" && $USER != "local" ]] ;;
then token)
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
else
wx-header "Login"
echo $wxBold$ORG$wxNormal
echo -n "Token: " echo -n "Token: "
read -s TOKEN if [[ ! -z ${args['token']} ]]
echo "****************"
if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
then then
echo "Status: Vault Token Required" if [[ ${args['token']} != "true" ]]
wx-stop then
TOKEN=${args['token']}
fi
elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]]
then
TOKEN=$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)
else
read -s TOKEN
fi fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') if [[ ! -z $TOKEN ]]
then
wxi-content text "***********************************************************************************************"
fi
if [[ -z $TOKEN ]]
then
wxi-content status "Token" "Required"
wxi-footer
wxi-stop
fi
if [[ ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
then
wxi-content status "Token" "Invalid"
wxi-footer
wxi-stop
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew-self -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then then
echo "Status: Login Failed" wxi-content status "Login" "Failed"
wx-stop wxi-stop
fi fi
config["login",${ORG}]=$VAULT_LOGIN TOKEN=$VAULT_LOGIN
wxi-config login
;;
*)
wxi-content status "Login Type" "Unsupported"
wxi-footer
wxi-stop
;;
esac
fi
VAULT_USERNAME=$(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.display_name')
if [[ -z $VAULT_USERNAME ]]
then
wxi-content status "Login" "Username Missing"
wxi-stop
elif [[ $VAULT_USERNAME != ldap* && $VAULT_USERNAME != oidc* ]]
then
wxi-content status "Login" "Authentication Method Invalid"
wxi-stop
elif [[ $VAULT_USERNAME == ldap* ]]
then
USERNAME=${VAULT_USERNAME#ldap-}
elif [[ $VAULT_USERNAME == oidc* ]]
then
USERNAME=${VAULT_USERNAME#oidc-}
fi
wxi-footer
}
wxi-restricted(){
if [[ -z $1 || $1 == "--user" ]]
then
if [[ $USER != "root" && $USER != "local" ]] if [[ $USER != "root" && $USER != "local" ]]
then then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp wxi-content status "Command" "Restricted"
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null wxi-content text "It's not permitted to execute this command as $USER."
wxi-footer
wxi-repeat "\n" 3
exit 1
fi fi
fi fi
if [[ $1 == "--org" ]]
then
if [[ ! -z ${args['org']} ]]
then
case ${args['org']} in
warengroup)
ORG=warengroup
;;
cwchristerw)
ORG=cwchristerw
;;
*)
wxi-content status "Organization" "Unsupported"
wxi-footer
wxi-stop
;;
esac
elif [[ $(hostname -d) == "devices.waren.io" ]]
then
ORG=warengroup
elif [[ $(hostname -d) == "devices.christerwaren.fi" ]]
then
ORG=cwchristerw
fi fi
if [[ ! -z $ORG ]]
then
case $ORG in
warengroup)
DOMAIN=waren.io
VAULT_DOMAIN=vault.cwinfo.net
ORG_HEADER="Warén Group"
;;
cwchristerw)
DOMAIN=christerwaren.fi
VAULT_DOMAIN=vault.cwinfo.net
ORG_HEADER="Christer Warén"
;;
*)
wxi-content status "Organization" "Unsupported"
wxi-footer
wxi-stop
;;
esac
else else
wx-header "Login" wxi-content status "Organization" "Required"
echo $wxBold$ORG$wxNormal wxi-footer
echo "Status: Vault Offline" wxi-stop
wx-stop fi
fi
if [[ -z $1 || $1 == "--vault" ]]
then
if [[ -z $VAULT_DOMAIN ]]
then
wxi-content status "Vault" "Unavailable"
wxi-footer
wxi-repeat "\n" 3
exit 1
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ ! $VAULT_STATUS -eq 200 ]]
then
wxi-content status "Vault" "Offline"
wxi-footer
wxi-repeat "\n" 3
exit 1
fi
fi fi
} }
wx-repeat() { wxi-start(){
local str=$1 n=$2 spaces wxi-header "Warén Init" h1
printf -v spaces "%*s" $n " "
printf "%s" "${spaces// /$str}"
}
wi-start(){
wi-header "Warén Init" h1
mkdir -p $HOME/.warengroup &> /dev/null mkdir -p $HOME/.warengroup &> /dev/null
@@ -330,22 +326,146 @@ wi-start(){
chmod 700 -R $HOME/.ssh/keys chmod 700 -R $HOME/.ssh/keys
} }
wi-stop (){ wxi-stop (){
echo " "
echo " "
echo " "
rm -rf /.ssh/keys/init &> /dev/null rm -rf /.ssh/keys/init &> /dev/null
wxi-repeat "\n" 3
exit 1 exit 1
} }
wxi-content(){
if [[ ! -f /bin/jq ]] if [[ $1 == "text" ]]
then then
apt update &> /dev/null echo "$2"
apt install -y jq &> /dev/null elif [[ $1 == "status" ]]
then
wxi-repeat "\n" 2
echo -n "$wxiBold"
echo "Status"
echo -n "$wxiNormal"
echo "$2 - $3"
elif [[ $1 == "link" ]]
then
echo "$2 - $3"
fi
}
wxi-footer(){
echo ""
echo "------------------------------"
wxi-repeat " " $((30/2-12/2))
echo -n "$wxiBold"
echo "Warén Group™"
echo -n "$wxiNormal"
wxi-repeat " " $((30/2-17/2))
echo "https://waren.io"
echo "=============================="
}
wxiRed=$(tput setaf 196)
wxiGreen=$(tput setaf 46)
wxiYellow=$(tput setaf 226)
wxiBlue=$(tput setaf 21)
wxiPurple=$(tput setaf 165)
wxiTurquoise=$(tput setaf 14)
wxiPink=$(tput setaf 198)
wxiOrange=$(tput setaf 202)
wxiUnderline=$(tput smul)
wxiBold=$(tput bold)
wxiNormal=$(tput sgr0)
wxi-header(){
if [[ $2 == "h1" ]]
then
wxi-repeat "\n" 3
echo "=============================="
wxi-repeat " " $((30/2-${#1}/2))
echo -n "$wxiBold"
echo "$1"
echo -n "$wxiNormal"
echo "=============================="
fi fi
wi-init $1 $2 $3 if [[ $2 == "h2" || -z $2 ]]
wi-stop then
wxi-start
wxi-repeat " " $((30/2-6/2-${#1}/2))
echo -n "$wxiBold"
echo ">> $1 <<"
echo -n "$wxiNormal"
echo "------------------------------"
echo ""
fi
if [[ $2 == "h3" ]]
then
echo -n "$wxiBold"
echo "$1"
echo -n "$wxiNormal"
fi
}
wxi-repeat() {
if [[ $1 == " " ]]
then
local str=$1 n=$2 spaces
printf -v spaces "%*s" $n " "
printf "%s" "${spaces// /$str}"
else
for i in $(seq 1 $2);
do
echo -en $1
done
fi
}
i=1
while [[ "$1" != "" ]]
do
case $1 in
--*)
key="${1%%=*}"
value="${1#*=}"
if [[ "$value" == "$key" ]]
then
shift
value="$1"
fi
if [[ -z $value ]]
then
value=true
fi
args["${key#--}"]="$value"
;;
-*)
key="${1%=*}"
value="${1#*=}"
if [[ "$value" == "$key" ]]
then
shift
value="$1"
fi
if [[ -z $value ]]
then
value=true
fi
args["${key#-}"]="$value"
;;
*)
args["$i"]="${1%%=*}"
i=$((i + 1))
;;
esac
shift
done
wx-init
wxi-stop

5
maintainer.sh
View File

@@ -26,9 +26,8 @@ case $1 in
;; ;;
update) update)
echo "Updating..." echo "Updating..."
cp ../wx/src/functions/header.sh src/functions/header.sh cp -r ../wx/src/ui src
cp ../wx/src/functions/repeat.sh src/functions/repeat.sh cp -r ../wx/src/commands/auth/login.sh src/functions/login.sh
cp ../wx/src/commands/auth/login.sh src/functions/login.sh
;; ;;
ready) ready)
echo "Ready" echo "Ready"

80
src/base.sh
View File

@@ -1,36 +1,62 @@
#!/bin/bash #!/bin/bash
if [ ! "$BASH_VERSION" ] ; then #if [ ! "$BASH_VERSION" ] ; then
sudo curl https://waren.io/init.sh -o "$PWD/init.sh" # bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9 # exit 1
exit 1 #fi
fi
if [[ $USER != "root" ]] declare -Ax args
declare -Ax config
declare -Ax messages
{{ FUNCTIONS }}
{{ UI }}
i=1
while [[ "$1" != "" ]]
do
case $1 in
--*)
key="${1%%=*}"
value="${1#*=}"
if [[ "$value" == "$key" ]]
then then
sudo curl https://waren.io/init.sh -o "$PWD/init.sh" shift
sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9 value="$1"
exit 1
fi fi
wiRed=$(tput setaf 196) if [[ -z $value ]]
wiGreen=$(tput setaf 46)
wiYellow=$(tput setaf 226)
wiBlue=$(tput setaf 21)
wiPurple=$(tput setaf 165)
wiTurquoise=$(tput setaf 14)
wiPink=$(tput setaf 198)
wiOrange=$(tput setaf 202)
wiBold=$(tput bold)
wiNormal=$(tput sgr0)
{{ CODES }}
if [[ ! -f /bin/jq ]]
then then
apt update &> /dev/null value=true
apt install -y jq &> /dev/null
fi fi
wi-init $1 $2 $3 args["${key#--}"]="$value"
wi-stop ;;
-*)
key="${1%=*}"
value="${1#*=}"
if [[ "$value" == "$key" ]]
then
shift
value="$1"
fi
if [[ -z $value ]]
then
value=true
fi
args["${key#-}"]="$value"
;;
*)
args["$i"]="${1%%=*}"
i=$((i + 1))
;;
esac
shift
done
wx-init
wxi-stop

22
src/functions/compatibility.sh
View File

@@ -1,22 +0,0 @@
wi-header(){
wx-header "$1" "$2"
}
wi-repeat(){
wx-repeat "$1" "$2"
}
wi-login(){
wx-login "$1" "$2"
}
wx-start(){
wi-start
}
wx-stop(){
wi-stop
}
wxBold=$wiBold
wxNormal=$wiNormal

3
src/functions/config.sh Normal file
View File

@@ -0,0 +1,3 @@
wxi-config(){
echo -n ""
}

24
src/functions/header.sh
View File

@@ -1,24 +0,0 @@
wx-header(){
if [[ $2 == "h1" ]]
then
echo ""
echo ""
echo ""
echo "=============================="
wx-repeat " " $((30/2-${#1}/2))
echo -n "$wxBold"
echo -n "$1"
echo -n "$wxNormal"
echo ""
echo "=============================="
fi
if [[ $2 == "h2" || -z $2 ]]
then
wx-start
wx-repeat " " $((30/2-6/2-${#1}/2))
echo -n ">> $1 <<"
echo ""
echo "------------------------------"
fi
}

32
src/functions/init.sh
View File

@@ -1,30 +1,30 @@
wi-init(){ wx-init(){
wi-login $1 wx-login
wi-header "Init" wxi-header "Init"
if [[ ! -z $2 && ${#2} -gt 5 ]] if [[ ! -z ${args['hostname']} && ${#args['hostname']} -gt 5 ]]
then then
HOSTNAME="$2.$DEVICE_DOMAIN" HOSTNAME="${args['hostname']}.$DEVICE_DOMAIN"
elif [[ $(hostname -d) ]] elif [[ $(hostname -d) ]]
then then
HOSTNAME=$(hostname --fqdn) HOSTNAME=$(hostname --fqdn)
else else
echo "Status: Hostname Required" wxi-content status "Hostname" "Required"
wx-stop wxi-stop
fi fi
if [[ ! -z $3 ]] if [[ ! -z ${args['device-type']} ]]
then then
if [[ $3 == "server" || $3 == "workstation" ]] if [[ ${args['device-type']} == "server" || ${args['device-type']} == "workstation" ]]
then then
TYPE="$3" DEVICE_TYPE="${args['device-type']}"
else else
echo "Status: Type Invalid" wxi-content status "Device Type" "Invalid"
wx-stop wxi-stop
fi fi
else else
echo "Status: Type Required" wxi-content status "Device Type" "Required"
wx-stop wxi-stop
fi fi
mkdir -p ~/.ssh/keys &> /dev/null mkdir -p ~/.ssh/keys &> /dev/null
@@ -38,7 +38,7 @@ wi-init(){
/opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect xmltodict &> /dev/null /opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect xmltodict &> /dev/null
curl \ curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \ -H "X-Vault-Token: $TOKEN" \
-X GET \ -X GET \
https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/keys/init https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/keys/init
@@ -62,7 +62,7 @@ wi-init(){
GIT_PORT="2222" GIT_PORT="2222"
GIT_REPOSITORY="warengroup-private/infra-plus" GIT_REPOSITORY="warengroup-private/infra-plus"
export HVT=${config["login",$ORG]} export HVT=$TOKEN
/opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils ansible.windows community.crypto community.dns community.docker community.general community.grafana community.hashi_vault community.libvirt community.mongodb community.mysql community.postgresql community.windows containers.podman --upgrade &> /dev/null /opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils ansible.windows community.crypto community.dns community.docker community.general community.grafana community.hashi_vault community.libvirt community.mongodb community.mysql community.postgresql community.windows containers.podman --upgrade &> /dev/null

234
src/functions/login.sh
View File

@@ -1,164 +1,140 @@
wx-login(){ wx-login(){
if [[ ! -z $1 ]] wxi-header "Login"
wxi-restricted --user
wxi-restricted --org
wxi-restricted --vault
wxi-header "$ORG_HEADER" h3
if [[ ! -z ${args['auth-method']} ]]
then then
ORG=$1 AUTH_METHOD=${args['auth-method']}
jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp elif [[ ! -z ${args['token']} ]]
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
elif [[ $(hostname -d) = *"devices.waren.io" ]]
then then
ORG=warengroup AUTH_METHOD=token
elif [[ $(hostname -d) = *"devices.cwinfo.net" ]] elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]]
then then
ORG=cwinfo AUTH_METHOD=token
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]] elif [[ ! -z ${args['username']} ]]
then then
ORG=cwchristerw AUTH_METHOD=ldap
elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
then
ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
else else
wx-header "Login" AUTH_METHOD=ldap
echo "Status: Organization Required"
wx-stop
fi fi
if [[ $ORG == "warengroup" ]] if [[ ! -z $AUTH_METHOD ]]
then
DOMAIN=waren.io
elif [[ $ORG == "cwinfo" ]]
then
DOMAIN=cwinfo.net
elif [[ $ORG == "cwchristerw" ]]
then
DOMAIN=christerwaren.fi
else
wx-header "Login"
echo "Status: Organization Unsupported"
wx-stop
fi
FOLDER=$ORG
DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.waren.io"
VAULT_DOMAIN="vault.cwinfo.net"
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then
if [[ -z $SUDO_USER ]]
then
if [[ -z LOGNAME ]]
then
wx-header "Login"
echo "Status: Username Required"
wx-stop
else
USERNAME=$LOGNAME
fi
else
USERNAME=$SUDO_USER
fi
else
USERNAME=$USER
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]]
then
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
then
USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
fi
TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]]
then
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
if [[ $IDM_STATUS -eq 301 ]]
then
wx-header "Login"
echo $wxBold$ORG$wxNormal
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
then then
case $AUTH_METHOD in
ldap)
echo -n "Username: " echo -n "Username: "
read USERNAME if [[ ! -z ${args['username']} ]]
then
USERNAME=${args['username']}
wxi-content text "$USERNAME"
else else
echo "Username: $USERNAME" read USERNAME
fi fi
jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
echo -n "Password: " echo -n "Password: "
if [[ ! -z ${args['password']} ]]
then
PASSWORD=${args['password']}
else
read -s PASSWORD read -s PASSWORD
echo "****************" fi
if [[ ! -z $PASSWORD ]]
then
wxi-content text "****************"
else
wxi-content text ""
fi
if [[ -z $USERNAME || -z $PASSWORD ]] if [[ -z $USERNAME || -z $PASSWORD ]]
then then
echo "Status: Username & Password Required" wxi-content status "Username & Password" "Required"
wx-stop wxi-footer
else wxi-stop
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token') VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then then
echo "Status: Login Failed" wxi-content status "Login" "Failed"
wx-stop wxi-stop
fi fi
config["login",${ORG}]=$VAULT_LOGIN TOKEN=$VAULT_LOGIN
wxi-config login
if [[ $USER != "root" && $USER != "local" ]] ;;
then token)
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
else
wx-header "Login"
echo $wxBold$ORG$wxNormal
echo -n "Token: " echo -n "Token: "
read -s TOKEN if [[ ! -z ${args['token']} ]]
echo "****************"
if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
then then
echo "Status: Vault Token Required" if [[ ${args['token']} != "true" ]]
wx-stop then
TOKEN=${args['token']}
fi
elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]]
then
TOKEN=$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)
else
read -s TOKEN
fi fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token') if [[ ! -z $TOKEN ]]
then
wxi-content text "***********************************************************************************************"
fi
if [[ -z $TOKEN ]]
then
wxi-content status "Token" "Required"
wxi-footer
wxi-stop
fi
if [[ ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
then
wxi-content status "Token" "Invalid"
wxi-footer
wxi-stop
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew-self -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]] if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then then
echo "Status: Login Failed" wxi-content status "Login" "Failed"
wx-stop wxi-stop
fi fi
config["login",${ORG}]=$VAULT_LOGIN TOKEN=$VAULT_LOGIN
wxi-config login
;;
*)
wxi-content status "Login Type" "Unsupported"
wxi-footer
wxi-stop
;;
esac
fi
if [[ $USER != "root" && $USER != "local" ]] VAULT_USERNAME=$(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.display_name')
if [[ -z $VAULT_USERNAME ]]
then then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp wxi-content status "Login" "Username Missing"
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null wxi-stop
fi elif [[ $VAULT_USERNAME != ldap* && $VAULT_USERNAME != oidc* ]]
fi then
fi wxi-content status "Login" "Authentication Method Invalid"
else wxi-stop
wx-header "Login" elif [[ $VAULT_USERNAME == ldap* ]]
echo $wxBold$ORG$wxNormal then
echo "Status: Vault Offline" USERNAME=${VAULT_USERNAME#ldap-}
wx-stop elif [[ $VAULT_USERNAME == oidc* ]]
then
USERNAME=${VAULT_USERNAME#oidc-}
fi fi
wxi-footer
} }

5
src/functions/repeat.sh
View File

@@ -1,5 +0,0 @@
wx-repeat() {
local str=$1 n=$2 spaces
printf -v spaces "%*s" $n " "
printf "%s" "${spaces// /$str}"
}

84
src/functions/restricted.sh Normal file
View File

@@ -0,0 +1,84 @@
wxi-restricted(){
if [[ -z $1 || $1 == "--user" ]]
then
if [[ $USER != "root" && $USER != "local" ]]
then
wxi-content status "Command" "Restricted"
wxi-content text "It's not permitted to execute this command as $USER."
wxi-footer
wxi-repeat "\n" 3
exit 1
fi
fi
if [[ $1 == "--org" ]]
then
if [[ ! -z ${args['org']} ]]
then
case ${args['org']} in
warengroup)
ORG=warengroup
;;
cwchristerw)
ORG=cwchristerw
;;
*)
wxi-content status "Organization" "Unsupported"
wxi-footer
wxi-stop
;;
esac
elif [[ $(hostname -d) == "devices.waren.io" ]]
then
ORG=warengroup
elif [[ $(hostname -d) == "devices.christerwaren.fi" ]]
then
ORG=cwchristerw
fi
if [[ ! -z $ORG ]]
then
case $ORG in
warengroup)
DOMAIN=waren.io
VAULT_DOMAIN=vault.cwinfo.net
ORG_HEADER="Warén Group"
;;
cwchristerw)
DOMAIN=christerwaren.fi
VAULT_DOMAIN=vault.cwinfo.net
ORG_HEADER="Christer Warén"
;;
*)
wxi-content status "Organization" "Unsupported"
wxi-footer
wxi-stop
;;
esac
else
wxi-content status "Organization" "Required"
wxi-footer
wxi-stop
fi
fi
if [[ -z $1 || $1 == "--vault" ]]
then
if [[ -z $VAULT_DOMAIN ]]
then
wxi-content status "Vault" "Unavailable"
wxi-footer
wxi-repeat "\n" 3
exit 1
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ ! $VAULT_STATUS -eq 200 ]]
then
wxi-content status "Vault" "Offline"
wxi-footer
wxi-repeat "\n" 3
exit 1
fi
fi
}

4
src/functions/start.sh
View File

@@ -1,5 +1,5 @@
wi-start(){ wxi-start(){
wi-header "Warén Init" h1 wxi-header "Warén Init" h1
mkdir -p $HOME/.warengroup &> /dev/null mkdir -p $HOME/.warengroup &> /dev/null

7
src/functions/stop.sh
View File

@@ -1,9 +1,6 @@
wi-stop (){ wxi-stop (){
echo " "
echo " "
echo " "
rm -rf /.ssh/keys/init &> /dev/null rm -rf /.ssh/keys/init &> /dev/null
wxi-repeat "\n" 3
exit 1 exit 1
} }

16
src/ui/content.sh Normal file
View File

@@ -0,0 +1,16 @@
wxi-content(){
if [[ $1 == "text" ]]
then
echo "$2"
elif [[ $1 == "status" ]]
then
wxi-repeat "\n" 2
echo -n "$wxiBold"
echo "Status"
echo -n "$wxiNormal"
echo "$2 - $3"
elif [[ $1 == "link" ]]
then
echo "$2 - $3"
fi
}

11
src/ui/footer.sh Normal file
View File

@@ -0,0 +1,11 @@
wxi-footer(){
echo ""
echo "------------------------------"
wxi-repeat " " $((30/2-12/2))
echo -n "$wxiBold"
echo "Warén Group™"
echo -n "$wxiNormal"
wxi-repeat " " $((30/2-17/2))
echo "https://waren.io"
echo "=============================="
}

11
src/ui/formatting.sh Normal file
View File

@@ -0,0 +1,11 @@
wxiRed=$(tput setaf 196)
wxiGreen=$(tput setaf 46)
wxiYellow=$(tput setaf 226)
wxiBlue=$(tput setaf 21)
wxiPurple=$(tput setaf 165)
wxiTurquoise=$(tput setaf 14)
wxiPink=$(tput setaf 198)
wxiOrange=$(tput setaf 202)
wxiUnderline=$(tput smul)
wxiBold=$(tput bold)
wxiNormal=$(tput sgr0)

30
src/ui/header.sh Normal file
View File

@@ -0,0 +1,30 @@
wxi-header(){
if [[ $2 == "h1" ]]
then
wxi-repeat "\n" 3
echo "=============================="
wxi-repeat " " $((30/2-${#1}/2))
echo -n "$wxiBold"
echo "$1"
echo -n "$wxiNormal"
echo "=============================="
fi
if [[ $2 == "h2" || -z $2 ]]
then
wxi-start
wxi-repeat " " $((30/2-6/2-${#1}/2))
echo -n "$wxiBold"
echo ">> $1 <<"
echo -n "$wxiNormal"
echo "------------------------------"
echo ""
fi
if [[ $2 == "h3" ]]
then
echo -n "$wxiBold"
echo "$1"
echo -n "$wxiNormal"
fi
}

0
src/ui/messages.sh Normal file
View File

13
src/ui/repeat.sh Normal file
View File

@@ -0,0 +1,13 @@
wxi-repeat() {
if [[ $1 == " " ]]
then
local str=$1 n=$2 spaces
printf -v spaces "%*s" $n " "
printf "%s" "${spaces// /$str}"
else
for i in $(seq 1 $2);
do
echo -en $1
done
fi
}