Init.ps1 Update

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 Warén Group
+Copyright (c) 2023-2025 Warén Group
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -0,0 +1,16 @@
+# Warén Group - Init.sh
+
+## Linux - Run Command
+```
+bash <(https://waren.io/init.sh)
+```
+
+## Windows - Run Command
+```
+curl.exe https://waren.io/init.ps1 | powershell -
+```
+
+## Maintaining Command
+```
+./maintainer.sh
+```

generator.php

@@ -0,0 +1,28 @@
+<?php
+
+$base = file_get_contents(__DIR__."/src/base.sh");
+
+
+$dirs = [
+    __DIR__.'/src/functions/*.sh'
+];
+
+$codes = [];
+
+foreach($dirs as $dir){
+    foreach(glob($dir) as $file){
+        $codes[$file] = file_get_contents($file);
+    }
+}
+
+$code = str_replace("{{ CODES }}", implode("\n", $codes), $base);
+
+try {
+    $file = __DIR__.'/init.sh';
+    $file = fopen($file, "w");
+    fwrite($file, $code);
+    fclose($file);
+} catch (\Error $e) {
+}
+
+?>

init.ps1

@@ -0,0 +1,33 @@
+echo ""
+echo ""
+echo ""
+echo "=============================="
+echo ""
+echo "Waren Init"
+echo ""
+echo "=============================="
+echo ""
+echo ""
+echo "Generating SSH Key"
+New-Item -ItemType Directory -Path "$Env:USERPROFILE\.ssh\keys" -Force
+ssh-keygen -f "$Env:USERPROFILE\.ssh\keys\infra" -t ed25519 -C "$Env:USERDOMAIN"
+echo ""
+echo ""
+echo "Copy SSH Key"
+Get-Content "$Env:USERPROFILE\.ssh\keys\infra.pub"
+echo ""
+echo ""
+echo "Install OpenSSH Server"
+Add-WindowsCapability -Online -Name OpenSSH.Server
+echo ""
+echo ""
+echo "Enable OpenSSH Server"
+Set-Service -Name sshd -StartupType 'Automatic'
+echo ""
+echo ""
+echo "Start OpenSSH Server"
+Start-Service -Name sshd
+echo ""
+echo ""
+echo "Install Debian"
+wsl --install Debian

init.sh

@@ -1,165 +1,351 @@
 #!/bin/bash
 
 if [ ! "$BASH_VERSION" ] ; then
+    sudo curl https://waren.io/init.sh -o "$PWD/init.sh"
+    sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9
     exit 1
 fi
 
-echo "
+if [[ $USER != "root" ]]
-==============================
+then
-
+    sudo curl https://waren.io/init.sh -o "$PWD/init.sh"
-Warén Group
+    sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9
-Init Script
-
-------------------------------
-"
-
-stop () {
-unset HVT
-
-echo "
-==============================
-"
-
     exit 1
+fi
 
+wiRed=$(tput setaf 196)
+wiGreen=$(tput setaf 46)
+wiYellow=$(tput setaf 226)
+wiBlue=$(tput setaf 21)
+wiPurple=$(tput setaf 165)
+wiTurquoise=$(tput setaf 14)
+wiPink=$(tput setaf 198)
+wiOrange=$(tput setaf 202)
+wiBold=$(tput bold)
+wiNormal=$(tput sgr0)
+
+wi-header(){
+    wx-header "$1" "$2"
 }
 
-mkdir -p ~/.ssh &> /dev/null
+wi-repeat(){
+    wx-repeat "$1" "$2"
+}
 
-apt-get install -y python3-pip python3-venv jq git curl &> /dev/null
+wi-login(){
+    wx-login "$1" "$2"
+}
+
+wx-start(){
+    wi-start
+}
+
+wx-stop(){
+    wi-stop
+}
+
+wxBold=$wiBold
+wxNormal=$wiNormal
+
+wx-header(){
+    if [[ $2 == "h1" ]]
+    then
+        echo ""
+        echo ""
+        echo ""
+        echo "=============================="
+        wx-repeat " " $((30/2-${#1}/2))
+        echo -n "$wxBold"
+        echo -n "$1"
+        echo -n "$wxNormal"
+        echo ""
+        echo "=============================="
+    fi
+
+    if [[ $2 == "h2" || -z $2 ]]
+    then
+        wx-start
+        wx-repeat " " $((30/2-6/2-${#1}/2))
+        echo -n ">> $1 <<"
+        echo ""
+        echo "------------------------------"
+    fi
+}
+
+wi-init(){
+    wi-login $1
+    wi-header "Init"
+
+    if [[ ! -z $2 && ${#2} -gt 5 ]]
+    then
+        HOSTNAME="$2.$DEVICE_DOMAIN"
+    elif [[ $(hostname -d) ]]
+    then
+        HOSTNAME=$(hostname --fqdn)
+    else
+        echo "Status: Hostname Required"
+        wx-stop
+    fi
+
+    if [[ ! -z $3 ]]
+    then
+        if [[ $3 == "server" || $3 == "workstation" ]]
+        then
+            TYPE="$3"
+        else
+            echo "Status: Type Invalid"
+            wx-stop
+        fi
+    else
+        echo "Status: Type Required"
+        wx-stop
+    fi
+
+    mkdir -p ~/.ssh/keys &> /dev/null
+
+    apt-get update &> /dev/null
+    apt-get install -y python3-pip python3-venv jq git curl lsb-release &> /dev/null
+    dnf install -y epel-release &> /dev/null
+    dnf install -y python3-pip jq git curl lsb_release &> /dev/null
     python3 -m venv /opt/ansible &> /dev/null
-/opt/ansible/bin/pip3 install ansible hvac netaddr &> /dev/null
+    /opt/ansible/bin/pip3 install ansible &> /dev/null
+    /opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect xmltodict &> /dev/null
 
-HOSTNAME=$1
+    curl \
-if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]; then
+        -H "X-Vault-Token: ${config["login",$ORG]}" \
-    stop
+        -X GET \
+        https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/keys/init
+
+    chmod 700 ~/.ssh/keys/init &> /dev/null
+
+    mkdir -p ~/.ansible &> /dev/null
+
+    if [ ! -f ~/.ansible/vars.yml ]
+    then
+        echo "---" > ~/.ansible/vars.yml
+        echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml
+        echo "info:" >> ~/.ansible/vars.yml
+        echo "  type: $TYPE" >> ~/.ansible/vars.yml
+        echo "config:" >> ~/.ansible/vars.yml
+        echo "  identity:" >> ~/.ansible/vars.yml
+        echo "    vault:" >> ~/.ansible/vars.yml
+        echo "      domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
     fi
 
-if [[ -z $USER || $USER == "root" ]]; then
+    GIT_DOMAIN="git.waren.io"
-    if [[ -z $SUDO_USER ]]; then
+    GIT_PORT="2222"
-        if [[ -z LOGNAME ]]; then
+    GIT_REPOSITORY="warengroup-private/infra-plus"
-            echo -n ""
+
+    export HVT=${config["login",$ORG]}
+
+    /opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils ansible.windows community.crypto community.dns community.docker community.general community.grafana community.hashi_vault community.libvirt community.mongodb community.mysql community.postgresql community.windows containers.podman --upgrade &> /dev/null
+
+    /opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY -d ~/.ansible/pull/infra --accept-host-key --private-key ~/.ssh/keys/init --extra-vars @~/.ansible/vars.yml playbooks/init.yml -t init
+
+    unset HVT
+}
+
+wx-login(){
+    if [[ ! -z $1 ]]
+    then
+        ORG=$1
+        jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
+        mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
+    elif [[ $(hostname -d) = *"devices.waren.io" ]]
+    then
+        ORG=warengroup
+    elif [[ $(hostname -d) = *"devices.cwinfo.net" ]]
+    then
+        ORG=cwinfo
+    elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
+    then
+        ORG=cwchristerw
+    elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
+    then
+        ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
     else
-            USER=$LOGNAME
+        wx-header "Login"
+        echo "Status: Organization Required"
+        wx-stop
     fi
+
+    if [[ $ORG == "warengroup" ]]
+    then
+        DOMAIN=waren.io
+    elif [[ $ORG == "cwinfo" ]]
+    then
+        DOMAIN=cwinfo.net
+    elif [[ $ORG == "cwchristerw" ]]
+    then
+        DOMAIN=christerwaren.fi
     else
-        USER=$SUDO_USER
+        wx-header "Login"
-    fi
+        echo "Status: Organization Unsupported"
+        wx-stop
     fi
 
-ORG=$2
+    FOLDER=$ORG
-case $ORG in
-    warengroup)
-        DOMAIN="waren.io"
-        FOLDER="warengroup"
-        ;;
-    cwinfo)
-        DOMAIN="cwinfo.net"
-        FOLDER="cwinfo"
-        ;;
-    cwchristerw)
-        DOMAIN="christerwaren.fi"
-        FOLDER="cwchristerw"
-        ;;
-    *)
-        echo "Organization is required."
-        stop
-        ;;
-esac
-
     DEVICE_DOMAIN="devices.$DOMAIN"
-IDM_DOMAIN="idm.$DOMAIN"
+    IDM_DOMAIN="idm.waren.io"
     VAULT_DOMAIN="vault.cwinfo.net"
-GIT_DOMAIN="git.cwinfo.net"
-GIT_PORT=2222
-GIT_REPOSITORY="warengroup-private/ansible-pull"
 
-HOSTNAME="$HOSTNAME.$DEVICE_DOMAIN"
+    if [[ -z $USER || $USER == "root" || $USER == "local" ]]
+    then
+        if [[ -z $SUDO_USER ]]
+        then
+            if [[ -z LOGNAME ]]
+            then
+                wx-header "Login"
+                echo "Status: Username Required"
+                wx-stop
+            else
+                USERNAME=$LOGNAME
+            fi
+        else
+            USERNAME=$SUDO_USER
+        fi
+    else
+        USERNAME=$USER
+    fi
 
     VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
-if [[ $VAULT_STATUS -eq 200 ]]; then
+    if [[ $VAULT_STATUS -eq 200 ]]
-    IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
+    then
-    if [[ $IDM_STATUS -eq 301 ]]; then
-        echo "$VAULT_DOMAIN - Login"
-        echo "Method: LDAP"
 
-        if [[ -z $USER || $USER == "root" ]]; then
+        if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
+        then
+            if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
+            then
+                USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
+            fi
+            TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
+        fi
+
+        VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
+        if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]]
+        then
+            config["login",${ORG}]=$VAULT_LOGIN
+            if [[ $USER != "root" && $USER != "local" ]]
+            then
+                jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
+                mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
+            fi
+        else
+            IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
+            if [[ $IDM_STATUS -eq 301 ]]
+            then
+                wx-header "Login"
+                echo $wxBold$ORG$wxNormal
+
+                if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
+                then
                     echo -n "Username: "
                     read USERNAME
                 else
-            echo "Username: $USER"
+                    echo "Username: $USERNAME"
-            USERNAME=$USER
                 fi
 
+                jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
+                mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
+
                 echo -n "Password: "
                 read -s PASSWORD
                 echo "****************"
-        echo ""
-        VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
-        if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]; then
-            stop
-        fi
 
-        VAULT_TOKEN=$VAULT_LOGIN
+                if [[ -z $USERNAME || -z $PASSWORD ]]
-        export HVT="$VAULT_TOKEN"
+                then
-        echo -e "\n"
+                    echo "Status: Username & Password Required"
+                    wx-stop
                 else
-        echo "$VAULT_DOMAIN - Login"
+                    VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
+                    if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
+                    then
+                        echo "Status: Login Failed"
+                        wx-stop
+                    fi
+
+                    config["login",${ORG}]=$VAULT_LOGIN
+
+                    if [[ $USER != "root" && $USER != "local" ]]
+                    then
+                        jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
+                        mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
+                    fi
+                fi
+            else
+                wx-header "Login"
+                echo $wxBold$ORG$wxNormal
+
                 echo -n "Token: "
-        read -s VAULT_TOKEN
+                read -s TOKEN
-        echo "***********************************************************************************************"
+                echo "****************"
+
+                if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
+                then
+                    echo "Status: Vault Token Required"
+                    wx-stop
+                fi
+
+                VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
+                if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
+                then
+                    echo "Status: Login Failed"
+                    wx-stop
+                fi
+
+                config["login",${ORG}]=$VAULT_LOGIN
+
+                if [[ $USER != "root" && $USER != "local" ]]
+                then
+                    jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
+                    mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
+                fi
+            fi
+        fi
+    else
+        wx-header "Login"
+        echo $wxBold$ORG$wxNormal
+        echo "Status: Vault Offline"
+        wx-stop
+    fi
+}
+
+wx-repeat() {
+    local str=$1 n=$2 spaces
+    printf -v spaces "%*s" $n " "
+    printf "%s" "${spaces// /$str}"
+}
+
+wi-start(){
+    wi-header "Warén Init" h1
+
+    mkdir -p $HOME/.warengroup &> /dev/null
+
+    if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
+    then
+        echo '{}' | jq > $HOME/.warengroup/config.json
+    fi
+
+    mkdir -p $HOME/.ssh/keys
+    chmod 700 -R $HOME/.ssh/keys
+}
+
+wi-stop (){
     echo " "
-        if [[ -z $VAULT_TOKEN || ${#VAULT_TOKEN} -lt 95 || ${#VAULT_TOKEN} -gt 95 ]]; then
+    echo " "
-            stop
+    echo " "
+
+    rm -rf /.ssh/keys/init &> /dev/null
+
+    exit 1
+}
+
+
+if [[ ! -f /bin/jq ]]
+then
+    apt update &> /dev/null
+    apt install -y jq &> /dev/null
 fi
 
-        VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET -H "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.id')
+wi-init $1 $2 $3
-        if [[ -z $VAULT_LOGIN ]]; then
+wi-stop
-            stop
-        fi
-        VAULT_TOKEN=$VAULT_LOGIN
-        export HVT="$VAULT_TOKEN"
-        echo -e "\n"
-    fi
-fi
-
-
-curl \
-   -H "X-Vault-Token: $VAULT_TOKEN" \
-   -X GET \
-   https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/init
-
-chmod 700 ~/.ssh/init
-
-mkdir -p ~/.ansible > /dev/null
-
-if [ ! -f ~/.ansible/vars.yml ]; then
-
-   openssl rand -base64 64 | tr -d '\n' | head -c 64 > ~/.ansible/vault.yml
-
-   ANSIBLE_VAULT_SECRET=$(<~/.ansible/vault.yml)
-   HASHICORP_VAULT_SECRET=$(openssl rand -base64 64 | tr -d '\n' | head -c 64)
-
-   echo "---" > ~/.ansible/vars.yml
-   echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml
-   echo "folder: /$FOLDER/" >> ~/.ansible/vars.yml
-   echo "vault:" >> ~/.ansible/vars.yml
-   echo "  ansible:" >> ~/.ansible/vars.yml
-   echo "    secret: $ANSIBLE_VAULT_SECRET" >> ~/.ansible/vars.yml
-   echo "  hashicorp:" >> ~/.ansible/vars.yml
-   echo "    domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
-   echo "    password: $HASHICORP_VAULT_SECRET" >> ~/.ansible/vars.yml
-
-   /opt/ansible/bin/ansible-vault encrypt --vault-password-file ~/.ansible/vault.yml ~/.ansible/vars.yml > /dev/null
-fi
-
-ssh-keyscan -p $GIT_PORT $GIT_DOMAIN &> ~/.ssh/known_hosts
-
-/opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/init playbooks/init.yml -t init
-
-
-unset HVT
-
-echo "
-==============================
-"

maintainer.sh

@@ -0,0 +1,49 @@
+if [ ! "$BASH_VERSION" ] ; then
+    bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
+    exit 1
+fi
+
+wiBold=$(tput bold)
+wiNormal=$(tput sgr0)
+
+echo ""
+echo ""
+echo ""
+echo "=============================="
+echo -n "$wiBold"
+echo "          Warén Group         "
+echo -n "$wiNormal"
+echo "             Init             "
+echo "=============================="
+echo "       >> Maintainer <<       "
+echo "------------------------------"
+
+case $1 in
+    build)
+        echo "Building..."
+        podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
+        chmod +x init.sh &> /dev/null
+        ;;
+    update)
+        echo "Updating..."
+        cp ../wx/src/functions/header.sh src/functions/header.sh
+        cp ../wx/src/functions/repeat.sh src/functions/repeat.sh
+        cp ../wx/src/commands/auth/login.sh src/functions/login.sh
+        ;;
+    ready)
+        echo "Ready"
+        ;;
+    *)
+        echo "Initializing..."
+        sleep 3
+        ./$0 update
+        sleep 3
+        ./$0 build
+        sleep 3
+        ./$0 ready
+        ;;
+    esac
+echo " "
+echo " "
+echo " "
+exit 1

src/base.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+if [ ! "$BASH_VERSION" ] ; then
+    sudo curl https://waren.io/init.sh -o "$PWD/init.sh"
+    sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9
+    exit 1
+fi
+
+if [[ $USER != "root" ]]
+then
+    sudo curl https://waren.io/init.sh -o "$PWD/init.sh"
+    sudo bash "$PWD/init.sh" $1 $2 $3 $4 $5 $6 $7 $8 $9
+    exit 1
+fi
+
+wiRed=$(tput setaf 196)
+wiGreen=$(tput setaf 46)
+wiYellow=$(tput setaf 226)
+wiBlue=$(tput setaf 21)
+wiPurple=$(tput setaf 165)
+wiTurquoise=$(tput setaf 14)
+wiPink=$(tput setaf 198)
+wiOrange=$(tput setaf 202)
+wiBold=$(tput bold)
+wiNormal=$(tput sgr0)
+
+{{ CODES }}
+
+if [[ ! -f /bin/jq ]]
+then
+    apt update &> /dev/null
+    apt install -y jq &> /dev/null
+fi
+
+wi-init $1 $2 $3
+wi-stop

src/functions/compatibility.sh

@@ -0,0 +1,22 @@
+wi-header(){
+    wx-header "$1" "$2"
+}
+
+wi-repeat(){
+    wx-repeat "$1" "$2"
+}
+
+wi-login(){
+    wx-login "$1" "$2"
+}
+
+wx-start(){
+    wi-start
+}
+
+wx-stop(){
+    wi-stop
+}
+
+wxBold=$wiBold
+wxNormal=$wiNormal

src/functions/header.sh

@@ -0,0 +1,24 @@
+wx-header(){
+    if [[ $2 == "h1" ]]
+    then
+        echo ""
+        echo ""
+        echo ""
+        echo "=============================="
+        wx-repeat " " $((30/2-${#1}/2))
+        echo -n "$wxBold"
+        echo -n "$1"
+        echo -n "$wxNormal"
+        echo ""
+        echo "=============================="
+    fi
+
+    if [[ $2 == "h2" || -z $2 ]]
+    then
+        wx-start
+        wx-repeat " " $((30/2-6/2-${#1}/2))
+        echo -n ">> $1 <<"
+        echo ""
+        echo "------------------------------"
+    fi
+}

src/functions/init.sh

@@ -0,0 +1,72 @@
+wi-init(){
+    wi-login $1
+    wi-header "Init"
+
+    if [[ ! -z $2 && ${#2} -gt 5 ]]
+    then
+        HOSTNAME="$2.$DEVICE_DOMAIN"
+    elif [[ $(hostname -d) ]]
+    then
+        HOSTNAME=$(hostname --fqdn)
+    else
+        echo "Status: Hostname Required"
+        wx-stop
+    fi
+
+    if [[ ! -z $3 ]]
+    then
+        if [[ $3 == "server" || $3 == "workstation" ]]
+        then
+            TYPE="$3"
+        else
+            echo "Status: Type Invalid"
+            wx-stop
+        fi
+    else
+        echo "Status: Type Required"
+        wx-stop
+    fi
+
+    mkdir -p ~/.ssh/keys &> /dev/null
+
+    apt-get update &> /dev/null
+    apt-get install -y python3-pip python3-venv jq git curl lsb-release &> /dev/null
+    dnf install -y epel-release &> /dev/null
+    dnf install -y python3-pip jq git curl lsb_release &> /dev/null
+    python3 -m venv /opt/ansible &> /dev/null
+    /opt/ansible/bin/pip3 install ansible &> /dev/null
+    /opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect xmltodict &> /dev/null
+
+    curl \
+        -H "X-Vault-Token: ${config["login",$ORG]}" \
+        -X GET \
+        https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/keys/init
+
+    chmod 700 ~/.ssh/keys/init &> /dev/null
+
+    mkdir -p ~/.ansible &> /dev/null
+
+    if [ ! -f ~/.ansible/vars.yml ]
+    then
+        echo "---" > ~/.ansible/vars.yml
+        echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml
+        echo "info:" >> ~/.ansible/vars.yml
+        echo "  type: $TYPE" >> ~/.ansible/vars.yml
+        echo "config:" >> ~/.ansible/vars.yml
+        echo "  identity:" >> ~/.ansible/vars.yml
+        echo "    vault:" >> ~/.ansible/vars.yml
+        echo "      domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
+    fi
+
+    GIT_DOMAIN="git.waren.io"
+    GIT_PORT="2222"
+    GIT_REPOSITORY="warengroup-private/infra-plus"
+
+    export HVT=${config["login",$ORG]}
+
+    /opt/ansible/bin/ansible-galaxy collection install ansible.posix ansible.utils ansible.windows community.crypto community.dns community.docker community.general community.grafana community.hashi_vault community.libvirt community.mongodb community.mysql community.postgresql community.windows containers.podman --upgrade &> /dev/null
+
+    /opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY -d ~/.ansible/pull/infra --accept-host-key --private-key ~/.ssh/keys/init --extra-vars @~/.ansible/vars.yml playbooks/init.yml -t init
+
+    unset HVT
+}

src/functions/login.sh

@@ -0,0 +1,164 @@
+wx-login(){
+    if [[ ! -z $1 ]]
+    then
+        ORG=$1
+        jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
+        mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
+    elif [[ $(hostname -d) = *"devices.waren.io" ]]
+    then
+        ORG=warengroup
+    elif [[ $(hostname -d) = *"devices.cwinfo.net" ]]
+    then
+        ORG=cwinfo
+    elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
+    then
+        ORG=cwchristerw
+    elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
+    then
+        ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
+    else
+        wx-header "Login"
+        echo "Status: Organization Required"
+        wx-stop
+    fi
+
+    if [[ $ORG == "warengroup" ]]
+    then
+        DOMAIN=waren.io
+    elif [[ $ORG == "cwinfo" ]]
+    then
+        DOMAIN=cwinfo.net
+    elif [[ $ORG == "cwchristerw" ]]
+    then
+        DOMAIN=christerwaren.fi
+    else
+        wx-header "Login"
+        echo "Status: Organization Unsupported"
+        wx-stop
+    fi
+
+    FOLDER=$ORG
+    DEVICE_DOMAIN="devices.$DOMAIN"
+    IDM_DOMAIN="idm.waren.io"
+    VAULT_DOMAIN="vault.cwinfo.net"
+
+    if [[ -z $USER || $USER == "root" || $USER == "local" ]]
+    then
+        if [[ -z $SUDO_USER ]]
+        then
+            if [[ -z LOGNAME ]]
+            then
+                wx-header "Login"
+                echo "Status: Username Required"
+                wx-stop
+            else
+                USERNAME=$LOGNAME
+            fi
+        else
+            USERNAME=$SUDO_USER
+        fi
+    else
+        USERNAME=$USER
+    fi
+
+    VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
+    if [[ $VAULT_STATUS -eq 200 ]]
+    then
+
+        if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
+        then
+            if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
+            then
+                USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
+            fi
+            TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
+        fi
+
+        VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
+        if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]]
+        then
+            config["login",${ORG}]=$VAULT_LOGIN
+            if [[ $USER != "root" && $USER != "local" ]]
+            then
+                jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
+                mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
+            fi
+        else
+            IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
+            if [[ $IDM_STATUS -eq 301 ]]
+            then
+                wx-header "Login"
+                echo $wxBold$ORG$wxNormal
+
+                if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
+                then
+                    echo -n "Username: "
+                    read USERNAME
+                else
+                    echo "Username: $USERNAME"
+                fi
+
+                jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
+                mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
+
+                echo -n "Password: "
+                read -s PASSWORD
+                echo "****************"
+
+                if [[ -z $USERNAME || -z $PASSWORD ]]
+                then
+                    echo "Status: Username & Password Required"
+                    wx-stop
+                else
+                    VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
+                    if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
+                    then
+                        echo "Status: Login Failed"
+                        wx-stop
+                    fi
+
+                    config["login",${ORG}]=$VAULT_LOGIN
+
+                    if [[ $USER != "root" && $USER != "local" ]]
+                    then
+                        jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
+                        mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
+                    fi
+                fi
+            else
+                wx-header "Login"
+                echo $wxBold$ORG$wxNormal
+
+                echo -n "Token: "
+                read -s TOKEN
+                echo "****************"
+
+                if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
+                then
+                    echo "Status: Vault Token Required"
+                    wx-stop
+                fi
+
+                VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
+                if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
+                then
+                    echo "Status: Login Failed"
+                    wx-stop
+                fi
+
+                config["login",${ORG}]=$VAULT_LOGIN
+
+                if [[ $USER != "root" && $USER != "local" ]]
+                then
+                    jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
+                    mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
+                fi
+            fi
+        fi
+    else
+        wx-header "Login"
+        echo $wxBold$ORG$wxNormal
+        echo "Status: Vault Offline"
+        wx-stop
+    fi
+}

src/functions/repeat.sh

@@ -0,0 +1,5 @@
+wx-repeat() {
+    local str=$1 n=$2 spaces
+    printf -v spaces "%*s" $n " "
+    printf "%s" "${spaces// /$str}"
+}

src/functions/start.sh

@@ -0,0 +1,13 @@
+wi-start(){
+    wi-header "Warén Init" h1
+
+    mkdir -p $HOME/.warengroup &> /dev/null
+
+    if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
+    then
+        echo '{}' | jq > $HOME/.warengroup/config.json
+    fi
+
+    mkdir -p $HOME/.ssh/keys
+    chmod 700 -R $HOME/.ssh/keys
+}

src/functions/stop.sh

@@ -0,0 +1,9 @@
+wi-stop (){
+    echo " "
+    echo " "
+    echo " "
+
+    rm -rf /.ssh/keys/init &> /dev/null
+
+    exit 1
+}