Move wi-restricted function to base and fix bash version execution

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023-2024 Warén Group
+Copyright (c) 2023-2025 Warén Group
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -3,10 +3,11 @@
 ## Run Command
 ```
 curl https://waren.io/init.sh -o init.sh
-bash init.sh
+chmod +x init.sh
+./init.sh
 ```
 
-## Build Command
+## Maintaining Command
 ```
-bash build.sh
+./maintainer.sh
 ```

init.sh

@@ -1,7 +1,15 @@
 #!/bin/bash
 
 if [ ! "$BASH_VERSION" ] ; then
-    bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
+    sudo curl https://waren.io/init.sh -o $PWD/init.sh
+    sudo bash $PWD/init.sh $1 $2 $3 $4 $5 $6 $7 $8 $9
+    exit 1
+fi
+
+if [[ $USER != "root" ]]
+then
+    sudo curl https://waren.io/init.sh -o $PWD/init.sh
+    sudo bash $PWD/init.sh $1 $2 $3 $4 $5 $6 $7 $8 $9
     exit 1
 fi
 
@@ -65,14 +73,29 @@ wx-header(){
 }
 
 wi-init(){
-    wi-login $1 $2
+    wi-login $1
     wi-header "Init"
 
+    if [[ ! -z $2 && ${#2} -gt 5 ]]
+    then
+        HOSTNAME="$2.$DEVICE_DOMAIN"
+    elif [[ $(hostname -d) ]]
+    then
+        HOSTNAME=$(hostname --fqdn)
+    else
+        echo "Status: Hostname Required"
+        wx-stop
+    fi
+
     mkdir -p ~/.ssh/keys &> /dev/null
 
-    apt-get install -y python3-pip python3-venv jq git curl &> /dev/null
+    apt-get update &> /dev/null
+    apt-get install -y python3-pip python3-venv jq git curl lsb-release &> /dev/null
+    dnf install -y epel-release &> /dev/null
+    dnf install -y python3-pip jq git curl lsb_release &> /dev/null
     python3 -m venv /opt/ansible &> /dev/null
-    /opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null
+    /opt/ansible/bin/pip3 install ansible &> /dev/null
+    /opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect &> /dev/null
 
     curl \
         -H "X-Vault-Token: ${config["login",$ORG]}" \
@@ -85,20 +108,12 @@ wi-init(){
 
     if [ ! -f ~/.ansible/vars.yml ]
     then
-        openssl rand -base64 64 | tr -d '\n' | head -c 64 > ~/.ansible/vault.yml
-
-        ANSIBLE_VAULT_SECRET=$(<~/.ansible/vault.yml)
-
         echo "---" > ~/.ansible/vars.yml
         echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml
-        echo "folder: /$FOLDER/" >> ~/.ansible/vars.yml
+        echo "config:" >> ~/.ansible/vars.yml
-        echo "vault:" >> ~/.ansible/vars.yml
+        echo "  identity:" >> ~/.ansible/vars.yml
-        echo "  ansible:" >> ~/.ansible/vars.yml
+        echo "    vault:" >> ~/.ansible/vars.yml
-        echo "    secret: $ANSIBLE_VAULT_SECRET" >> ~/.ansible/vars.yml
+        echo "      domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
-        echo "  hashicorp:" >> ~/.ansible/vars.yml
-        echo "    domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
-
-        /opt/ansible/bin/ansible-vault encrypt --vault-password-file ~/.ansible/vault.yml ~/.ansible/vars.yml > /dev/null
     fi
 
     GIT_DOMAIN="git.cwinfo.net"
@@ -107,24 +122,19 @@ wi-init(){
 
     export HVT=${config["login",$ORG]}
 
-    /opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils community.crypto community.docker community.general community.hashi_vault community.libvirt community.mysql community.postgresql containers.podman --upgrade &> /dev/null
+    /opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils community.crypto community.dns community.docker community.general community.hashi_vault community.libvirt community.mongodb community.mysql community.postgresql containers.podman --upgrade &> /dev/null
 
-    /opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --accept-host-key --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/keys/init playbooks/init.yml -t init
+    /opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY -d ~/.ansible/pull/infra --accept-host-key --private-key ~/.ssh/keys/init --extra-vars @~/.ansible/vars.yml playbooks/init.yml -t init
 
     unset HVT
 }
 
 wx-login(){
-    if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
-    then
-        wx-header "Login"
-        echo "Status: Hostname Required"
-        wx-stop
-    fi
-
     if [[ ! -z $1 ]]
     then
         ORG=$1
+        jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
+        mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
     elif [[ $(hostname -d) = *"devices.waren.io" ]]
     then
         ORG=warengroup
@@ -134,6 +144,9 @@ wx-login(){
     elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
     then
         ORG=cwchristerw
+    elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
+    then
+        ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
     else
         wx-header "Login"
         echo "Status: Organization Required"
@@ -157,21 +170,9 @@ wx-login(){
 
     FOLDER=$ORG
     DEVICE_DOMAIN="devices.$DOMAIN"
-    IDM_DOMAIN="idm.cwinfo.net"
+    IDM_DOMAIN="idm.waren.io"
     VAULT_DOMAIN="vault.cwinfo.net"
 
-    if [[ ! -z $2 ]]
-    then
-        HOSTNAME="$2.$DEVICE_DOMAIN"
-    elif [[ $(hostname -d) ]]
-    then
-        HOSTNAME=$(hostname --fqdn)
-    else
-        wx-header "Login"
-        echo "Status: Hostname Required"
-        wx-stop
-    fi
-
     if [[ -z $USER || $USER == "root" || $USER == "local" ]]
     then
         if [[ -z $SUDO_USER ]]
@@ -195,9 +196,13 @@ wx-login(){
     if [[ $VAULT_STATUS -eq 200 ]]
     then
 
-        if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]]
+        if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
         then
-            TOKEN="$(cat $HOME/.config/warengroup/config.json | jq -r .login.$ORG)"
+            if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
+            then
+                USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
+            fi
+            TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
         fi
 
         VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
@@ -206,8 +211,8 @@ wx-login(){
             config["login",${ORG}]=$VAULT_LOGIN
             if [[ $USER != "root" && $USER != "local" ]]
             then
-                jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json 1> $HOME/.config/warengroup/config.json.tmp
+                jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
-                mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
+                mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
             fi
         else
             IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
@@ -216,7 +221,7 @@ wx-login(){
                 wx-header "Login"
                 echo $wxBold$ORG$wxNormal
 
-                if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" ]]
+                if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
                 then
                     echo -n "Username: "
                     read USERNAME
@@ -224,6 +229,9 @@ wx-login(){
                     echo "Username: $USERNAME"
                 fi
 
+                jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
+                mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
+
                 echo -n "Password: "
                 read -s PASSWORD
                 echo "****************"
@@ -244,8 +252,8 @@ wx-login(){
 
                     if [[ $USER != "root" && $USER != "local" ]]
                     then
-                        jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
+                        jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
-                        mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
+                        mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
                     fi
                 fi
             else
@@ -273,8 +281,8 @@ wx-login(){
 
                 if [[ $USER != "root" && $USER != "local" ]]
                 then
-                    jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
+                    jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
-                    mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
+                    mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
                 fi
             fi
         fi
@@ -292,16 +300,18 @@ wx-repeat() {
     printf "%s" "${spaces// /$str}"
 }
 
-wi-restricted(){
-    if [[ $USER != "root" && $USER != "local" ]]
-    then
-        sudo $1
-        exit 1
-    fi
-}
-
 wi-start(){
-    wi-header "Warén Group" h1
+    wi-header "Warén Init" h1
+
+    mkdir -p $HOME/.warengroup &> /dev/null
+
+    if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
+    then
+        echo '{}' | jq > $HOME/.warengroup/config.json
+    fi
+
+    mkdir -p $HOME/.ssh/keys
+    chmod 700 -R $HOME/.ssh/keys
 }
 
 wi-stop (){
@@ -315,6 +325,11 @@ wi-stop (){
 }
 
 
-wi-restricted "$0 $1 $2"
+if [[ ! -f /bin/jq ]]
+then
+    apt update &> /dev/null
+    apt install -y jq &> /dev/null
+fi
+
 wi-init $1 $2
 wi-stop

src/base.sh

@@ -1,7 +1,15 @@
 #!/bin/bash
 
 if [ ! "$BASH_VERSION" ] ; then
-    bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
+    sudo curl https://waren.io/init.sh -o $PWD/init.sh
+    sudo bash $PWD/init.sh $1 $2 $3 $4 $5 $6 $7 $8 $9
+    exit 1
+fi
+
+if [[ $USER != "root" ]]
+then
+    sudo curl https://waren.io/init.sh -o $PWD/init.sh
+    sudo bash $PWD/init.sh $1 $2 $3 $4 $5 $6 $7 $8 $9
     exit 1
 fi
 
@@ -18,6 +26,11 @@ wiNormal=$(tput sgr0)
 
 {{ CODES }}
 
-wi-restricted "$0 $1 $2"
+if [[ ! -f /bin/jq ]]
+then
+    apt update &> /dev/null
+    apt install -y jq &> /dev/null
+fi
+
 wi-init $1 $2
 wi-stop

src/functions/init.sh

@@ -1,12 +1,27 @@
 wi-init(){
-    wi-login $1 $2
+    wi-login $1
     wi-header "Init"
 
+    if [[ ! -z $2 && ${#2} -gt 5 ]]
+    then
+        HOSTNAME="$2.$DEVICE_DOMAIN"
+    elif [[ $(hostname -d) ]]
+    then
+        HOSTNAME=$(hostname --fqdn)
+    else
+        echo "Status: Hostname Required"
+        wx-stop
+    fi
+
     mkdir -p ~/.ssh/keys &> /dev/null
 
-    apt-get install -y python3-pip python3-venv jq git curl &> /dev/null
+    apt-get update &> /dev/null
+    apt-get install -y python3-pip python3-venv jq git curl lsb-release &> /dev/null
+    dnf install -y epel-release &> /dev/null
+    dnf install -y python3-pip jq git curl lsb_release &> /dev/null
     python3 -m venv /opt/ansible &> /dev/null
-    /opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null
+    /opt/ansible/bin/pip3 install ansible &> /dev/null
+    /opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect &> /dev/null
 
     curl \
         -H "X-Vault-Token: ${config["login",$ORG]}" \
@@ -19,20 +34,12 @@ wi-init(){
 
     if [ ! -f ~/.ansible/vars.yml ]
     then
-        openssl rand -base64 64 | tr -d '\n' | head -c 64 > ~/.ansible/vault.yml
-
-        ANSIBLE_VAULT_SECRET=$(<~/.ansible/vault.yml)
-
         echo "---" > ~/.ansible/vars.yml
         echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml
-        echo "folder: /$FOLDER/" >> ~/.ansible/vars.yml
+        echo "config:" >> ~/.ansible/vars.yml
-        echo "vault:" >> ~/.ansible/vars.yml
+        echo "  identity:" >> ~/.ansible/vars.yml
-        echo "  ansible:" >> ~/.ansible/vars.yml
+        echo "    vault:" >> ~/.ansible/vars.yml
-        echo "    secret: $ANSIBLE_VAULT_SECRET" >> ~/.ansible/vars.yml
+        echo "      domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
-        echo "  hashicorp:" >> ~/.ansible/vars.yml
-        echo "    domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
-
-        /opt/ansible/bin/ansible-vault encrypt --vault-password-file ~/.ansible/vault.yml ~/.ansible/vars.yml > /dev/null
     fi
 
     GIT_DOMAIN="git.cwinfo.net"
@@ -41,9 +48,9 @@ wi-init(){
 
     export HVT=${config["login",$ORG]}
 
-    /opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils community.crypto community.docker community.general community.hashi_vault community.libvirt community.mysql community.postgresql containers.podman --upgrade &> /dev/null
+    /opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils community.crypto community.dns community.docker community.general community.hashi_vault community.libvirt community.mongodb community.mysql community.postgresql containers.podman --upgrade &> /dev/null
 
-    /opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --accept-host-key --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/keys/init playbooks/init.yml -t init
+    /opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY -d ~/.ansible/pull/infra --accept-host-key --private-key ~/.ssh/keys/init --extra-vars @~/.ansible/vars.yml playbooks/init.yml -t init
 
     unset HVT
 }

src/functions/login.sh

@@ -1,14 +1,9 @@
 wx-login(){
-    if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
-    then
-        wx-header "Login"
-        echo "Status: Hostname Required"
-        wx-stop
-    fi
-
     if [[ ! -z $1 ]]
     then
         ORG=$1
+        jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
+        mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
     elif [[ $(hostname -d) = *"devices.waren.io" ]]
     then
         ORG=warengroup
@@ -18,6 +13,9 @@ wx-login(){
     elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
     then
         ORG=cwchristerw
+    elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
+    then
+        ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
     else
         wx-header "Login"
         echo "Status: Organization Required"
@@ -41,21 +39,9 @@ wx-login(){
 
     FOLDER=$ORG
     DEVICE_DOMAIN="devices.$DOMAIN"
-    IDM_DOMAIN="idm.cwinfo.net"
+    IDM_DOMAIN="idm.waren.io"
     VAULT_DOMAIN="vault.cwinfo.net"
 
-    if [[ ! -z $2 ]]
-    then
-        HOSTNAME="$2.$DEVICE_DOMAIN"
-    elif [[ $(hostname -d) ]]
-    then
-        HOSTNAME=$(hostname --fqdn)
-    else
-        wx-header "Login"
-        echo "Status: Hostname Required"
-        wx-stop
-    fi
-
     if [[ -z $USER || $USER == "root" || $USER == "local" ]]
     then
         if [[ -z $SUDO_USER ]]
@@ -79,9 +65,13 @@ wx-login(){
     if [[ $VAULT_STATUS -eq 200 ]]
     then
 
-        if [[ $USER != "root" && $USER != "local" && -f "$HOME/.config/warengroup/config.json" ]]
+        if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
         then
-            TOKEN="$(cat $HOME/.config/warengroup/config.json | jq -r .login.$ORG)"
+            if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
+            then
+                USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
+            fi
+            TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
         fi
 
         VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
@@ -90,8 +80,8 @@ wx-login(){
             config["login",${ORG}]=$VAULT_LOGIN
             if [[ $USER != "root" && $USER != "local" ]]
             then
-                jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json 1> $HOME/.config/warengroup/config.json.tmp
+                jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
-                mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
+                mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
             fi
         else
             IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
@@ -100,7 +90,7 @@ wx-login(){
                 wx-header "Login"
                 echo $wxBold$ORG$wxNormal
 
-                if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" ]]
+                if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
                 then
                     echo -n "Username: "
                     read USERNAME
@@ -108,6 +98,9 @@ wx-login(){
                     echo "Username: $USERNAME"
                 fi
 
+                jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
+                mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
+
                 echo -n "Password: "
                 read -s PASSWORD
                 echo "****************"
@@ -128,8 +121,8 @@ wx-login(){
 
                     if [[ $USER != "root" && $USER != "local" ]]
                     then
-                        jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
+                        jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
-                        mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
+                        mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
                     fi
                 fi
             else
@@ -157,8 +150,8 @@ wx-login(){
 
                 if [[ $USER != "root" && $USER != "local" ]]
                 then
-                    jq '.login.'$ORG' = "'$VAULT_LOGIN'"' $HOME/.config/warengroup/config.json &> $HOME/.config/warengroup/config.json.tmp
+                    jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
-                    mv $HOME/.config/warengroup/config.json.tmp $HOME/.config/warengroup/config.json &> /dev/null
+                    mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
                 fi
             fi
         fi

src/functions/restricted.sh

@@ -1,7 +0,0 @@
-wi-restricted(){
-    if [[ $USER != "root" && $USER != "local" ]]
-    then
-        sudo $1
-        exit 1
-    fi
-}

src/functions/start.sh

@@ -1,3 +1,13 @@
 wi-start(){
-    wi-header "Warén Group" h1
+    wi-header "Warén Init" h1
+
+    mkdir -p $HOME/.warengroup &> /dev/null
+
+    if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
+    then
+        echo '{}' | jq > $HOME/.warengroup/config.json
+    fi
+
+    mkdir -p $HOME/.ssh/keys
+    chmod 700 -R $HOME/.ssh/keys
 }