mirror of
https://github.com/DictXiong/dotfiles.git
synced 2024-11-24 03:27:01 +08:00
[dev] nixos; riot multiple targets; install without ssh keys (#42)
* auth: add .eid/authorized_certificates for pam pkcs11 auth * .zshrc: alias sl for sudo zsh -l * to-install: nix * zshrc: use gnu ls on mac * zshrc: try to use gnu-ls * try to fix ci for macos * riot: add domain box[0-9] * riot: shortcuts i,x,j * .zshrc: warn if not in main channel * sagt: reset agent so paths * sagt: import ssh-agent -P paths * common.sh: is_port_free and get_free_port * riot use get_free_port to fix issue on windows * riot: ssh support instant command * riot: proxy delimiter from comma (,) to slash (/) * riot: support multiple remotes, delimiter=comma (,) * riot: fix ci; install.sh: --no-ssh * riot: improve ci --------- Co-authored-by: xiongdian.me <xiongdian.me@bytedance.com>
This commit is contained in:
parent
5fb7ff0833
commit
483f7fd7f3
30
.eid/authorized_certificates
Normal file
30
.eid/authorized_certificates
Normal file
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFIDCCAwigAwIBAgIUK1zXH5UosBim7i+kIZyPGpowU9cwDQYJKoZIhvcNAQEL
|
||||
BQAwgZUxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCRUlKSU5HMRAwDgYDVQQHDAdC
|
||||
RUlKSU5HMRIwEAYDVQQKDAlEaWN0IFRlY2gxEDAOBgNVBAsMB1Jvb3QgQ0ExHjAc
|
||||
BgNVBAMMFURpY3QgVGVjaCBSb290IENBIC0gMDEcMBoGCSqGSIb3DQEJARYNbWVA
|
||||
YmVhcmRpYy5jbjAeFw0yMjA3MjIxNzU5MjNaFw0yNTA3MjExNzU5MjNaMEkxEjAQ
|
||||
BgNVBAoMCURpY3QgVGVjaDEQMA4GA1UECAwHQkVJSklORzELMAkGA1UEBhMCQ04x
|
||||
FDASBgNVBAMMC3NrMC5pYmQuaW5rMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||
CgKCAQEAlDeyFxeJ5RXFX4B3rIIpNyyAIl5VTGCT5t8g9dxFWq0MeY6nQYJPA8IJ
|
||||
IH+KzzujBabyKYpzshDvMzkuhx0Kwi2VL+ckxWg5FLge3kNBJqYnBm5pPWx6o9R5
|
||||
DmcWqG5KRH0FJhSmL5KeBHsVcOurDtKn174x2eB+sggCSyuWlJyn4KxPLTg8z/Nr
|
||||
FP5qSY1vj6t7mpzau+eIGh8IcQiFxteN/86fKswQHint/MVaqg6vX05BuIb8xb5E
|
||||
XUvPIupdc/vtD959BxnTo7UoOz+3zu/u2cj2K9IDubwe9tDpv88aj6xnfXInFouD
|
||||
/mlSmvtLo1h/6arn1hurgoylh5wbOwIDAQABo4GyMIGvMAkGA1UdEwQCMAAwCwYD
|
||||
VR0PBAQDAgTwMB0GA1UdDgQWBBR9DxLqtR0+zUWoPyFoDRrnyJyDBTAfBgNVHSME
|
||||
GDAWgBRsprmVI/Tjey+sw4qoZpLd7PT0gTBVBgNVHSUETjBMBggrBgEFBQcDAgYI
|
||||
KwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCN0MBAQYKKwYBBAGC
|
||||
N0MBAgYKKwYBBAGCNxQCAjANBgkqhkiG9w0BAQsFAAOCAgEA7BJXiRg32shmZWyY
|
||||
gPjq52ffN9RDNe58KadajJ1PnVP1yNJySgsOG3eSxONQX3ITr36Ihsfb3fZneBfX
|
||||
/IcXgjyvy1CDcvBBAyee91hdR8orMCePqMpeOSNP9CUp9Ctd4V+an0DE8Z1yrezA
|
||||
ieaYgBZCDxuZdloYSmj9Z/Rqn2dy4dcUAxKrEwW/6VPqQNrJETTtadS1SF0EsDxV
|
||||
XZpDqNYaS/N7/ciSm7TaQJud62A4m+FWWHNnttTp9IjLESr3U80+qtRY8yDNpulb
|
||||
/eNL8KK9aORiFUz9789l6M62HPi6vCsMflI0iHUeoi69GKX8mKf0WFR1KxoDsJiN
|
||||
DG9/1gCfj6whFCrT6fJTKAGl8Hp5toWMOeDprbsE5gf4Ik3p+sKMV9t43zNm3gvA
|
||||
1zNPtgQUffPU0kONlavIxUNfCmD8qVwK5ECT7wh0hrB8fRYfxTZHgN6Yvu7M9HNz
|
||||
SNt5JZCLBT4nLt0uQp9O/xctdHElZw+/W8OfnP5vxnPdccIeVOxpGIyzErwjD0+E
|
||||
9mNiqOa5JV9OMAJ+0I9cbOnuMaXm4mvHZadnetUzq2ZUw1Jba7z62zIJTciNRq9i
|
||||
ZJc6v5e+iqbE1ECZLco5LjWqqfvFfYCrkqeOhCRsRkVPsXnGPo2QDDYdTm4EGCmg
|
||||
dVZ6R452SZsrE4V+3LR011BxzEg=
|
||||
-----END CERTIFICATE-----
|
12
.zshrc2
12
.zshrc2
|
@ -101,16 +101,15 @@ fi
|
|||
# alias
|
||||
alias "pls"='sudo $(fc -ln -1)'
|
||||
alias "se"='sudo -sE'
|
||||
alias "sl"='sudo zsh -l'
|
||||
alias "pbd"='ping baidu.com'
|
||||
alias "p114"='ping 114.114.114.114'
|
||||
alias "p666"='ping6 2001:da8::666'
|
||||
alias "cbd"='curl http://www.baidu.com'
|
||||
alias "cbds"='curl https://www.baidu.com'
|
||||
alias "gdebug"='git add -A; git commit --allow-empty -m "bug fix ($(date))"'
|
||||
case $(bash "$DOTFILES/tools/common.sh" get_os_type) in
|
||||
macos ) alias l='ls -lAGh -D "%y-%m-%d %H:%M"' ;;
|
||||
* ) alias l='ls -lAGh --time-style="+%y-%m-%d %H:%M"' ;;
|
||||
esac
|
||||
alias "ls"='ls --color=tty'
|
||||
alias "l"='ls -lAGh --time-style="+%y-%m-%d %H:%M"'
|
||||
if [[ -x $(command -v trash) ]]; then
|
||||
alias "rm"="echo use the full path i.e. '/bin/rm'\; consider using trash"
|
||||
fi
|
||||
|
@ -177,6 +176,11 @@ dfs()
|
|||
esac
|
||||
}
|
||||
|
||||
# motd
|
||||
if [[ "$DFS_INITED" != "1" && -n "$DFS_UPDATE_CHANNEL" && "$DFS_UPDATE_CHANNEL" != "main" ]]; then
|
||||
echo dotfiles not in the main channel. use with caution.
|
||||
fi
|
||||
|
||||
# clean
|
||||
unset i
|
||||
export DFS_INITED=1
|
||||
|
|
|
@ -26,6 +26,8 @@ declare -a HOME_SYMLINKS_SRC
|
|||
declare -a HOME_SYMLINKS_DST
|
||||
HOME_SYMLINKS_SRC[0]=".ssh/authorized_keys2"
|
||||
HOME_SYMLINKS_DST[0]=".ssh/authorized_keys2"
|
||||
HOME_SYMLINKS_SRC[1]=".eid/authorized_certificates"
|
||||
HOME_SYMLINKS_DST[1]=".eid/authorized_certificates"
|
||||
|
||||
install_dependencies()
|
||||
{
|
||||
|
@ -147,6 +149,9 @@ install_symlink()
|
|||
{
|
||||
fmt_note "installing symlinks ..."
|
||||
for ((i=0; i<${#HOME_SYMLINKS_SRC[@]}; i++)); do
|
||||
if [[ -z "${HOME_SYMLINKS_SRC[$i]}" ]]; then
|
||||
continue
|
||||
fi
|
||||
local src="$DOTFILES/${HOME_SYMLINKS_SRC[$i]}"
|
||||
local dst="$HOME/${HOME_SYMLINKS_DST[$i]}"
|
||||
fmt_info "creating symlink \"$dst\" --> \"$src\" ..."
|
||||
|
@ -325,6 +330,7 @@ for i in ${GOT_OPTS[@]}; do
|
|||
-a|--auto ) INSTALL_DEP=1 ;;
|
||||
-H|--hist|--history ) store_hist=1 ;;
|
||||
-x ) store_config=1 ;;
|
||||
--no-ssh ) unset HOME_SYMLINKS_SRC[0]; unset HOME_SYMLINKS_DST[0] ;;
|
||||
* ) fmt_fatal "unknown option \"$i\"" ;;
|
||||
esac
|
||||
done
|
||||
|
|
114
scripts/riot
114
scripts/riot
|
@ -29,6 +29,14 @@ get_server_meta() {
|
|||
RET_JUMP_SERVER="" # optional
|
||||
# body
|
||||
local remote="$1"
|
||||
# shortcuts
|
||||
if [[ "$remote" == "i" ]]; then
|
||||
remote="sir0.ibd"
|
||||
elif [[ "$remote" == "x" ]]; then
|
||||
remote="bj1.ibd"
|
||||
elif [[ "$remote" == "j" ]]; then
|
||||
remote="sir0.ibd:36122"
|
||||
fi
|
||||
# if in the form user@...
|
||||
if [[ "$remote" == *@* ]]; then
|
||||
RET_USERNAME=${remote%%@*}
|
||||
|
@ -70,30 +78,38 @@ get_server_meta() {
|
|||
RET_USERNAME=root
|
||||
RET_TRUST_SERVER=1
|
||||
;;
|
||||
box[0-9] )
|
||||
RET_HOSTNAME=$host
|
||||
RET_PORT=${RET_PORT:-12022}
|
||||
RET_USERNAME=${RET_USERNAME:-root}
|
||||
RET_JUMP_SERVER="root@$domain.ibd.ink:12022"
|
||||
RET_TRUST_SERVER=1
|
||||
;;
|
||||
* )
|
||||
test -z "$domain" || fmt_warning "unknown domain: \"$domain\". will try as host name"
|
||||
RET_HOSTNAME="$remote"
|
||||
esac
|
||||
}
|
||||
|
||||
# remote setting, including jump servers
|
||||
# will be called only once
|
||||
# provides:
|
||||
SERVER=""
|
||||
TRUST_SERVER=1
|
||||
PORT="" # optional
|
||||
USERNAME="" # optional
|
||||
SSH_OPTIONS="" # optional
|
||||
if [[ "$RIOT_TRUST_CLIENT" == "1" ]]; then
|
||||
SSH_OPTIONS='-o ControlMaster=auto -o ControlPath=/tmp/sshcm-%C -o PermitLocalCommand=yes'
|
||||
fi
|
||||
parse_remote() {
|
||||
# remote setting, including jump servers
|
||||
# called for every remote
|
||||
# provides:
|
||||
SERVER=""
|
||||
TRUST_SERVER=1
|
||||
PORT="" # optional
|
||||
USERNAME="" # optional
|
||||
SSH_OPTIONS="" # optional
|
||||
if [[ "$RIOT_TRUST_CLIENT" == "1" ]]; then
|
||||
SSH_OPTIONS='-o ControlMaster=auto -o ControlPath=/tmp/sshcm-%C -o PermitLocalCommand=yes'
|
||||
fi
|
||||
# handle input
|
||||
local remote="$1"
|
||||
local jump_servers=""
|
||||
# loop for jump servers
|
||||
while [[ -n $remote ]]; do
|
||||
local server=${remote%%,*}
|
||||
remote=${remote#*,}
|
||||
local server=${remote%%/*}
|
||||
remote=${remote#*/}
|
||||
get_server_meta "$server"
|
||||
if [[ -n "$RET_JUMP_SERVER" ]]; then
|
||||
jump_servers="$jump_servers${jump_servers:+,}$RET_JUMP_SERVER"
|
||||
|
@ -134,13 +150,13 @@ prepare_ssh_cmd() {
|
|||
else
|
||||
local port_param='-p'
|
||||
fi
|
||||
echo "$ssh_bin ${PORT:+$port_param} $PORT $SSH_OPTIONS $SCP_SRC $USERNAME${USERNAME:+@}$SERVER $SCP_DST"
|
||||
echo "$ssh_bin ${PORT:+$port_param} $PORT $SSH_OPTIONS $SCP_SRC $USERNAME${USERNAME:+@}$SERVER $SCP_DST ${@:2}"
|
||||
}
|
||||
|
||||
# ssh
|
||||
run_ssh()
|
||||
{
|
||||
local cmd="$(prepare_ssh_cmd $1)"
|
||||
local cmd="$(prepare_ssh_cmd $@)"
|
||||
fmt_note "-->" $cmd
|
||||
eval_or_echo $cmd
|
||||
}
|
||||
|
@ -153,12 +169,7 @@ run_sshl()
|
|||
# treat as a port number
|
||||
arg=localhost:$arg
|
||||
fi
|
||||
while
|
||||
local port=$(shuf -n 1 -i 49152-65535)
|
||||
netstat -atun | grep -q "$port"
|
||||
do
|
||||
continue
|
||||
done
|
||||
local port=$(get_free_port)
|
||||
|
||||
SSH_OPTIONS="$SSH_OPTIONS -NC -L $port:$arg"
|
||||
local cmd="$(prepare_ssh_cmd ssh)"
|
||||
|
@ -202,35 +213,38 @@ router() {
|
|||
print_help
|
||||
exit
|
||||
fi
|
||||
parse_remote "$1"
|
||||
case $2 in
|
||||
-h|--help)
|
||||
print_help
|
||||
exit
|
||||
;;
|
||||
ssh|"" )
|
||||
run_ssh
|
||||
;;
|
||||
zssh )
|
||||
run_ssh zssh
|
||||
;;
|
||||
sftp )
|
||||
run_ssh sftp
|
||||
;;
|
||||
sshl )
|
||||
test -n "$3" || fmt_fatal "no target address provided"
|
||||
run_sshl "$3"
|
||||
;;
|
||||
scp )
|
||||
test -n "$3" || fmt_fatal "no source path specified"
|
||||
test -n "$4" || fmt_fatal "no destination path specified"
|
||||
run_scp "$3" "$4"
|
||||
;;
|
||||
* )
|
||||
print_help
|
||||
fmt_fatal "unknown command: $2"
|
||||
;;
|
||||
esac
|
||||
|
||||
IFS=',' read -ra remotes <<< "$1"
|
||||
for remote in "${remotes[@]}"; do
|
||||
if [[ -z "$remote" ]]; then
|
||||
continue
|
||||
fi
|
||||
parse_remote "$remote"
|
||||
case $2 in
|
||||
ssh|"" )
|
||||
run_ssh ssh "${@:3}"
|
||||
;;
|
||||
zssh )
|
||||
run_ssh zssh
|
||||
;;
|
||||
sftp )
|
||||
run_ssh sftp
|
||||
;;
|
||||
sshl )
|
||||
test -n "$3" || fmt_fatal "no target address provided"
|
||||
run_sshl "$3"
|
||||
;;
|
||||
scp )
|
||||
test -n "$3" || fmt_fatal "no source path specified"
|
||||
test -n "$4" || fmt_fatal "no destination path specified"
|
||||
run_scp "$3" "$4"
|
||||
;;
|
||||
* )
|
||||
print_help
|
||||
fmt_fatal "unknown command: $2"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
router "${GOT_OPTS[@]}"
|
||||
|
|
|
@ -233,6 +233,31 @@ get_os_name()
|
|||
echo $ans
|
||||
}
|
||||
|
||||
is_port_free() {
|
||||
( echo $1 | grep -qxE "[1-9][0-9]{0,4}" ) || false
|
||||
local cmd
|
||||
case $(get_os_type) in
|
||||
macos ) cmd="netstat -van | grep -q \".$1\"" ;;
|
||||
cygwin|msys ) cmd="netstat -ano | grep -q \":$1\"" ;;
|
||||
*) cmd="netstat -tuanp | grep -q \":$1\"" ;;
|
||||
esac
|
||||
if eval $cmd; then
|
||||
return 2
|
||||
else
|
||||
return 0
|
||||
fi
|
||||
}
|
||||
|
||||
get_free_port() {
|
||||
while
|
||||
local port=$(shuf -n 1 -i 49152-65535)
|
||||
! is_port_free $port
|
||||
do
|
||||
continue
|
||||
done
|
||||
echo $port
|
||||
}
|
||||
|
||||
# if bash-ed, else source-d
|
||||
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
|
||||
$1 "${@:2}"
|
||||
|
|
|
@ -6,7 +6,7 @@ source "$THIS_DIR/common.sh"
|
|||
brew_install()
|
||||
{
|
||||
# brew update
|
||||
brew install git zsh curl tmux vim util-linux
|
||||
brew install git zsh curl tmux vim util-linux coreutils
|
||||
}
|
||||
|
||||
router()
|
||||
|
|
|
@ -5,9 +5,14 @@ export DFS_COLOR=1
|
|||
source "$THIS_DIR/common.sh"
|
||||
|
||||
|
||||
SO_PATHS=(
|
||||
"/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so" # ubuntu 22.04
|
||||
"/run/current-system/sw/lib/opensc-pkcs11.so" # nixos 23.05
|
||||
"/Library/OpenSC/lib/opensc-pkcs11.so" # macos 13.4
|
||||
)
|
||||
|
||||
find_so_file()
|
||||
{
|
||||
local SO_PATHS=( "/usr/lib64/opensc-pkcs11.so" "/usr/local/lib/opensc-pkcs11.so" "/run/current-system/sw/lib/opensc-pkcs11.so" )
|
||||
local SO_FILE
|
||||
for SO_FILE in ${SO_PATHS[*]}; do
|
||||
if [[ -f "$SO_FILE" ]]; then
|
||||
|
@ -19,7 +24,8 @@ find_so_file()
|
|||
|
||||
create_agent()
|
||||
{
|
||||
ssh-agent -P "/usr/lib64/*,/usr/local/lib/*,/nix/store/*"
|
||||
local IFS=","
|
||||
ssh-agent -P "${SO_PATHS[*]}"
|
||||
}
|
||||
|
||||
kill_agent()
|
||||
|
|
|
@ -3,6 +3,12 @@
|
|||
set -ex
|
||||
trap "dfs beacon gh.ci.fail" ERR
|
||||
|
||||
# fix for macos
|
||||
dfs cd
|
||||
if [[ $(./tools/common.sh get_os_type) == "macos" ]]; then
|
||||
export PATH="/usr/local/opt/coreutils/libexec/gnubin:/opt/homebrew/opt/coreutils/libexec/gnubin:${PATH}"
|
||||
fi
|
||||
|
||||
# check files
|
||||
cd /
|
||||
l
|
||||
|
@ -13,6 +19,7 @@ l
|
|||
pwd
|
||||
test -f .zshrc2
|
||||
diff -q ./.ssh/authorized_keys2 ~/.ssh/authorized_keys2
|
||||
diff -q ./.eid/authorized_certificates ~/.eid/authorized_certificates
|
||||
grep -q ".zshrc2" ~/.zshrc
|
||||
|
||||
# check scripts and functions
|
||||
|
@ -31,7 +38,8 @@ test $(echo n | tools/common.sh ask_for_yN "test") = "0"
|
|||
test $(echo | tools/common.sh ask_for_yN "test") = "0"
|
||||
test $(echo | tools/common.sh ask_for_Yn "test") = "1"
|
||||
test $(DFS_QUIET=1 tools/common.sh ask_for_Yn "test") = "1"
|
||||
test "$(DFS_TRUST=1 riot time@is.impt:2222,yes@you-r.right,you@are.really.recht.,ibd.,try@it scp /tmp/ ./tmp -D 2>/dev/null)" = 'scp -P 12022 -o ControlMaster=auto -o ControlPath=/tmp/sshcm-%C -o PermitLocalCommand=yes -o ProxyJump=time@is.impt:2222,yes@you-r.right,you@are.really.recht.,ibd. -r try@it.ibd.ink:"/tmp/" "./tmp"'
|
||||
test "$(DFS_TRUST=1 riot time@is.impt:2222/yes@you-r.right/you@are.really.recht./ibd./try@it,another@host scp /tmp/ ./tmp -D 2>/dev/null)" = 'scp -P 12022 -o ControlMaster=auto -o ControlPath=/tmp/sshcm-%C -o PermitLocalCommand=yes -o ProxyJump=time@is.impt:2222,yes@you-r.right,you@are.really.recht.,ibd. -r try@it.ibd.ink:"/tmp/" "./tmp"
|
||||
scp -P 12022 -o ControlMaster=auto -o ControlPath=/tmp/sshcm-%C -o PermitLocalCommand=yes -o ForwardX11=yes -o ForwardAgent=yes -r another@host.ibd.ink:"/tmp/" "./tmp"'
|
||||
|
||||
# check alias
|
||||
alias p114
|
||||
|
|
|
@ -11,6 +11,7 @@ INSTALL_COMMANDS=(\
|
|||
[zerotier-one]='curl -s https://install.zerotier.com | sudo bash' \
|
||||
[docker-ce]='curl -fsSL https://get.docker.com | sudo bash -s - --mirror Aliyun #--dry-run' \
|
||||
[lemonbench]='curl -fsSL https://ilemonra.in/LemonBenchIntl | bash -s fast # or full' \
|
||||
[nix]='sh <(curl -L https://nixos.org/nix/install) #--daemon' \
|
||||
)
|
||||
|
||||
install()
|
||||
|
|
Loading…
Reference in New Issue
Block a user