uncloud-init/uncloud-init

#!/bin/sh
#
# Initialize an uncloud VM. This script depends on:
# curl grep getent (i.e. glibc) curl,dirname (i.e. coreutils)

###
# TODO: handle command-line parameters.

DEPLOY_SSH_AUTHORIZED_KEYS=1
OVERRIDE_EXISTING_SSH_AUTHORIZED_KEYS=0
GROW_ROOT_PARTITION=0

SSH_USER=root
SSH_DAEMON_CONFIG=/etc/ssh/sshd_config
UNCLOUD_METADATA_SERVER=https://key.wf

###
# SSH key deployment logic.

deploy_ssh_authorized_keys () {
	# Ensure SSHD configuration can be found.
	if [ ! -f "$SSH_DAEMON_CONFIG" ]; then
		echo "Could not find SSHD configuration at $SSH_DAEMON_CONFIG" >&2
		exit 1
	fi

	# Ensure that login is not prevented by SSHD configuration.
	if [ "$SSH_USER" = "root" ]; then
		if grep -q -e "^PermitRootLogin no$" "$SSH_DAEMON_CONFIG"; then
			echo "PermitRootLogin yes" >> "$SSH_DAEMON_CONFIG"
		fi
	fi

	# Get home directory of SSH_USER.
	homedir=$(getent passwd "$SSH_USER" | cut -d: -f6)
	if [ $? != 0 ]; then
		echo "Could not resolve user $SSH_USER." >&2
		exit 1
	fi

	# Fetch and deploy SSH keys from metadata server.
	authorized_keys_file="$homedir/.ssh/authorized_keys"
	mkdir -p $(dirname "$authorized_keys_file")
	if [ -f "$authorized_keys_file" ] \
		&& if [ ! $OVERRIDE_EXISTING_SSH_AUTHORIZED_KEYS ];
			echo "Aborting SSH key deployement to not override existing $authorized_keys_file."
			echo "You can change this behavior with the OVERRIDE_EXISTING_SSH_AUTHORIZED_KEYS flag."
			return
	fi

	curl "$METDATA_SERVER/fnux" --output $authorized_keys_file
}

###
# Partition/filesystem growth logic.

grow_root_partition () {
	# TODO
}

###
# Entrypoint.

if [ $DEPLOY_SSH_AUTHORIZED_KEYS ]; then
	routine='SSH authorized_keys deployment routine'
	echo "--- RUNNING $routine..."
	deploy_ssh_authorized_keys()
	echo "--- DONE with $routine."
fi

if [ $GROW_ROOT_PARTITION ]: then
	routine='SSH authorized_keys deployment routine'
	echo "--- RUNNING $routine..."
	grow_root_partition()
	echo "--- DONE with $routine."
fi