myc-manage/bin/myc-update

#!/bin/bash

. /etc/shlib

include parse
include common
include pretty


MIN_DISK_SPACE="${MIN_DISK_SPACE:-300M}"
## convert human size to bytes using numfmt

## Check remaining disk space
if [ -n "$MIN_DISK_SPACE" ]; then
    min_disk_space_kbytes=$(numfmt --from=iec --to-unit=1024 "$MIN_DISK_SPACE") || {
        err "Invalid format for '\$MIN_DISK_SPACE'."
        exit 1
    }
    if ! remaining_kbytes=$(df / | awk 'NR==2 {print $4}'); then
        err "Failed to get remaining disk space."
        exit 1
    fi

    if [ "$remaining_kbytes" -lt "$min_disk_space_kbytes" ]; then
        err "Not enough disk space."
        human_min_dist_space=$(numfmt --to=iec --format="%.2f" --from-unit=1024 "$min_disk_space_kbytes") || {
            err "Failed to convert '\$MIN_DISK_SPACE' to human readable format."
            exit 1
        }
        human_remaining_kbytes=$(numfmt --to=iec --format="%.2f" --from-unit=1024 "$remaining_kbytes") || {
            err "Failed to convert '\$remaining_kbytes' to human readable format."
            exit 1
        }
        echo "  - At least $human_min_dist_space are required." >&2
        echo "  - Only $human_remaining_kbytes are available." >&2
        exit 1
    fi
fi


start=$SECONDS

if [ -z "$NO_UPDATE" -a -d "/opt/apps/myc-manage" ]; then
    MYC_UPDATE_VERSION="${MYC_UPDATE_VERSION:-master}"
    Elt "Checking if myc-manage requires update..."
    cd /opt/apps/myc-manage
    REMOTE_HEAD="$(git ls-remote origin "refs/heads/${MYC_UPDATE_VERSION}" 2>/dev/null | cut -f 1)"
    if [ -z "$REMOTE_HEAD" ]; then
        err "Can't find remote branch '$MYC_UPDATE_VERSION'."
        echo "  - Either this branch is not available on 'origin' remote." >&2
        echo "  - Either 'origin' remote is not correctly set." >&2
        exit 1
    fi
    HEAD="$(git rev-parse HEAD)"
    if [ "$REMOTE_HEAD" != "$HEAD" ]; then
        print_info "new version available"
        Wrap -d "Update myc-manage" <<EOF || exit 1
if ! [ -d "/opt/apps/myc-manage" ]; then
    mkdir -p /opt/apps && cd /opt/apps
    git clone https://git.myceliandre.fr/Myceliandre/myc-manage.git -b "$MYC_UPDATE_VERSION"
else
    cd /opt/apps/myc-manage &&
    git checkout "$MYC_UPDATE_VERSION" &&
    git pull -r || exit 1
fi

ln -sfn /opt/apps/myc-manage/bin/* /usr/local/sbin/
find -L /usr/local/sbin -maxdepth 1 -type l -ilname /opt/apps/myc-manage/bin/\* -delete
EOF

        Feed || exit 1
        export NO_UPDATE=1
        exec myc-update
        exit 0
    else
        print_info "up to date"
        Feedback noop
    fi
fi


Wrap -d "Updating 0k-charms" <<EOF || exit 1
cd /opt/apps/0k-charms
git pull -r
EOF

charm --debug apply docker-host || exit 1

## there seem to be an error now within compose when trying to download let's encrypt image.
Wrap -d "Updating some docker images" <<EOF || exit 1
docker pull docker.0k.io/letsencrypt
EOF

Wrap -d "Updating cron scripts" <<EOF || exit 1
for d in /etc/cron.{d,daily,hourly,monthly,weekly}; do
    ln -sfn "/opt/apps/myc-manage\$d/"* "\$d/" &&
    find -L "\$d" -maxdepth 1 -type l -ilname "/opt/apps/myc-manage\$d/"\* -delete
done
EOF 

Wrap -d "Updating sysctl scripts" <<EOF || exit 1
for d in /etc/sysctl.d; do
    ln -sfn "/opt/apps/myc-manage\$d/"* "\$d/" &&
    find -L "\$d" -maxdepth 1 -type l -ilname "/opt/apps/myc-manage\$d/"\* -delete
done
EOF

## TODO GPG decript the keys and place them 
# Wrap -d "Updating ssh keys" <<EOF || exit 1
# for d in /etc/ssh; do
#     ln -sfn "/opt/apps/myc-manage\$d/"* "\$d/" &&
#     find -L "\$d" -maxdepth 1 -type l -ilname "/opt/apps/myc-manage\$d/"\* -delete
# done
# EOF

if [ -f "/root/.bashrc" ]; then
    Wrap -d "Enable colors in bash" <<'EOF' || exit 1
sed -ri 's/^# (export LS_OPTIONS=.--color=auto.)/\1/;
         s/^# (eval "`dircolors`")/\1/;
         s/^# (alias ls='"'ls \\\$LS_OPTIONS'"')/\1/' /root/.bashrc
EOF
fi

Wrap -d "Update authorization to send to ntfy server " <<'EOF' || exit 1
mkdir -p /root/.ssh 
## if file /root/.ssh/ntfy-key doesn’t exist we we create the key i
if [ ! -f /root/.ssh/ntfy-key ]; then
    echo "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAQEApGXqKYEJbv0xu/wKl1mXtiz90kZbqq7FALTZYyYqWZfsp4RtiHXi
NC7WKFiabQ1j1s8WuE0I2xJNSpzjHuWouduLQ5WtTl0PIWausMYaHam5T1I3KLVBg1QNi8
0wL5LVMD3mMoxVstQmlvYOuODZSaCS6j6ND33IS5IG11M9xwR6IcUKLKnfF5h5OQbTSiQ0
ANgw5KmYdGBQ8PUIQO0ELz0rhjJVZLADZspXLoWikNURmlYozfcSFcfOVA7AkqeMKMZd64
72WDGTd9NrAOq+hmLMKDfJXuHlKrNuqmK1jVGs/5YcSArrFyuvKOabT8AJfjBDEVtbsSeu
mN44MoH1bwAAA8hI4f+cSOH/nAAAAAdzc2gtcnNhAAABAQCkZeopgQlu/TG7/AqXWZe2LP
3SRluqrsUAtNljJipZl+ynhG2IdeI0LtYoWJptDWPWzxa4TQjbEk1KnOMe5ai524tDla1O
XQ8hZq6wxhodqblPUjcotUGDVA2LzTAvktUwPeYyjFWy1CaW9g644NlJoJLqPo0PfchLkg
bXUz3HBHohxQosqd8XmHk5BtNKJDQA2DDkqZh0YFDw9QhA7QQvPSuGMlVksANmylcuhaKQ
1RGaVijN9xIVx85UDsCSp4woxl3rjvZYMZN302sA6r6GYswoN8le4eUqs26qYrWNUaz/lh
xICusXK68o5ptPwAl+MEMRW1uxJ66Y3jgygfVvAAAAAwEAAQAAAQEAnzpm1tQ4QtvRc/Xm
fDk2jCh/n06uMl8cSFbhxvqMQkK34HiPboBfG5PRsTpAOCej78acht12Gllbq0zRXneqOH
nAJTGvrhrMMNm3kVgOq3RcG8vRyQfl8EFU7XdLmIhrHFKXx5XM22xIBCdGkyKU0o9IPMFg
9wQpH6jMH3psd3j9M7x9QwPZKujv5XMF7DrMdtwAsU/XPTHrOedxdmnVpy9hwTpygTP6Xs
TRL9CgdoIo1arZAu8M5/h8xS37IKEe4lUNr/j5tJe3d0HQ+aXCtVrD1WDyZnslPnrDr0MQ
XCbx957Kh6VJ11t8el7x21Yr0iuF+S/RSKxsiyqC3J4EAQAAAIAQabySOpcNGk/kR3A7KH
Szz3uft+c9qmt9+b5Sth+GmRKEoOO51hi3K+WrzArMJ3AyO8QGodjBAStcbFMDW5DkWxFH
0BuuXL2JTNJdn/2iBQH2bjLI68zTCrqHapI4l3kwTFUDybZP9hcdN9QrsY10rh+WiUILt7
gIB69cxQKeuAAAAIEAz7W5MrUL50A5wi7EMalR9+dIVDTvpyub7Ip6dczRyXt9Xz35mv4S
pBaK0mabJPgNP23fGoDhsXhZoDxJpGaBMCciLujVt/wJCX+vXbXwBXwMi0DC9AF/W6FGYb
GAusBeJzziXuEmQlirbKFTwkBMVOpMWvsX/DQgDjsTVKjm9u8AAACBAMqeZ17+r7602t9P
8Gie1YXde/T1vMeQAHNCOCBoiuERdM/xDyQE3EXk9Pj2LOvhEu9CskQUCkuZS4JcMO+GQz
zfqty7nmi/sAQTwPe+Gl9dnvS+dixeDmS3g+rP+hEAYhVPQgQhm0zzMvzlYk437WB+9BYk
JUr3Zp+T2t4WoOmBAAAAEm50ZnlAY29yZS0wMS4way5pbw==
-----END OPENSSH PRIVATE KEY-----" > /root/.ssh/ntfy-key
    chmod 600 /root/.ssh/ntfy-key
fi
if ! ssh-keygen -F core-01.0k.io &> /dev/null; then
    echo "|1|e3yYRMYJg0EpbOeTplTgtI+KbY4=|PotgCF8Rwt2OZFKr1CGYWpJ6FRA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH8axkuXlI2zowRvL3Vyg/qgkKK57cqX7+9WRaLm9ECWkLvaVPGunR1zVJUZdTO3gjlSkqtblTcI00BBLt+zQvE=" \
    >> /root/.ssh/known_hosts
fi
config_file="/etc/ntfy/ntfy.conf"
mkdir -p "${config_file%/*}"
## if the config file exist and LOGIN PASSWORD ARE already in we do nothing
if [ -f "$config_file" ] && grep -qE '^LOGIN=|^PASSWORD=' "$config_file"; then
    echo "We found a configuration for ntfy server authentification located at $config_file"
else 
    cred=$(ssh -i /root/.ssh/ntfy-key ntfy@core-01.0k.io request-token)
    login_ntfy=$(echo $cred | awk '/^h_/{print $1; exit}')
    password_ntfy=$(echo $cred | awk '{print $2; exit}')
    if [ -f "$config_file" ]; then
        echo "LOGIN='$login_ntfy'" >> "$config_file"
        echo "PASSWORD='$password_ntfy'" >> "$config_file"
    else
        echo "LOGIN='$login_ntfy'" >> "$config_file"
        echo "PASSWORD='$password_ntfy'" >> "$config_file"
    fi
fi
EOF

for keyfile in {/root,/home/debian}/.ssh/authorized_keys; do
    [ -e "$keyfile" ] || continue
    sed -ri 's%^ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDri3GHzDt0Il0jv6zLjwkge48dN9tv11sqVNnKoDeUxzk4kn7Ng5ldd3p6dYL6Pa5NDqJUAhO/d/q08IWuwfEbtj8Yc/EkahcRwVD2imPceUeDgyCaOJhq7WO4c9d9yG8PnRO2\+Zk92a9L5vuELVLr4UHIQOs2/eFRY2/ODV8ebf5L1issGzfLd/IPhX5oJwMwKfqIFOP7KPQ26duHNRq4bYOD9ePW4shfxmyQDk6dSImFat05ErT\+X7703PcPx/PX2AIqqz95zqM6M26BywAohuaD5joxKgkd/mMIJylvT8GEYDlcLMHwnM7LtwtyJ1O9dkVpsibIqGy20KlAOGPf admin@0k$%ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMV3USt/BLnXnUk7rk8v42mISZaXBZuULbh2vx2Amk7k admin@old0kreplacement%g' "$keyfile"
done

printf "Update finished ${GREEN}successfully${NORMAL} ${GRAY}(in %.2fs)${NORMAL}.\n" "$((SECONDS - start))"