Compare commits

...

16 Commits

Author SHA1 Message Date
xiongdian.me
4e5dfce9fb riot: support multiple remotes, delimiter=comma (,) 2023-11-03 18:55:24 +08:00
xiongdian.me
c5841e4aaa riot: proxy delimiter from comma (,) to slash (/) 2023-11-03 18:34:55 +08:00
xiongdian.me
37abe68d1f riot: ssh support instant command 2023-08-21 18:36:44 +08:00
deec5c9b05 riot use get_free_port to fix issue on windows 2023-08-17 18:05:51 +08:00
xiongdian.me
2ffc0e38f4 common.sh: is_port_free and get_free_port 2023-08-08 18:05:14 +08:00
xiongdian.me
fb43df06f4 sagt: import ssh-agent -P paths 2023-08-07 15:48:33 +08:00
xiongdian.me
34b2a2a5ad sagt: reset agent so paths 2023-08-03 19:45:27 +08:00
xiongdian.me
41f910e31d .zshrc: warn if not in main channel 2023-08-02 00:00:10 +08:00
xiongdian.me
dbba66ccd0 riot: shortcuts i,x,j 2023-08-01 23:51:29 +08:00
xiongdian.me
2ecdf945a9 riot: add domain box[0-9] 2023-08-01 23:38:49 +08:00
xiongdian.me
5938ca8d22 try to fix ci for macos 2023-07-29 16:21:10 +08:00
xiongdian.me
aafafda412 zshrc: try to use gnu-ls 2023-07-29 16:10:52 +08:00
xiongdian.me
e57ec2dc5d zshrc: use gnu ls on mac 2023-07-29 15:59:53 +08:00
xiongdian.me
fe938f113b to-install: nix 2023-07-29 03:59:09 +08:00
xiongdian.me
9f3c55a5f7 .zshrc: alias sl for sudo zsh -l 2023-07-29 03:35:23 +08:00
8e3f069c6d auth: add .eid/authorized_certificates for pam pkcs11 auth 2023-07-27 02:46:28 +08:00
9 changed files with 146 additions and 57 deletions

View File

@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFIDCCAwigAwIBAgIUK1zXH5UosBim7i+kIZyPGpowU9cwDQYJKoZIhvcNAQEL
BQAwgZUxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCRUlKSU5HMRAwDgYDVQQHDAdC
RUlKSU5HMRIwEAYDVQQKDAlEaWN0IFRlY2gxEDAOBgNVBAsMB1Jvb3QgQ0ExHjAc
BgNVBAMMFURpY3QgVGVjaCBSb290IENBIC0gMDEcMBoGCSqGSIb3DQEJARYNbWVA
YmVhcmRpYy5jbjAeFw0yMjA3MjIxNzU5MjNaFw0yNTA3MjExNzU5MjNaMEkxEjAQ
BgNVBAoMCURpY3QgVGVjaDEQMA4GA1UECAwHQkVJSklORzELMAkGA1UEBhMCQ04x
FDASBgNVBAMMC3NrMC5pYmQuaW5rMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAlDeyFxeJ5RXFX4B3rIIpNyyAIl5VTGCT5t8g9dxFWq0MeY6nQYJPA8IJ
IH+KzzujBabyKYpzshDvMzkuhx0Kwi2VL+ckxWg5FLge3kNBJqYnBm5pPWx6o9R5
DmcWqG5KRH0FJhSmL5KeBHsVcOurDtKn174x2eB+sggCSyuWlJyn4KxPLTg8z/Nr
FP5qSY1vj6t7mpzau+eIGh8IcQiFxteN/86fKswQHint/MVaqg6vX05BuIb8xb5E
XUvPIupdc/vtD959BxnTo7UoOz+3zu/u2cj2K9IDubwe9tDpv88aj6xnfXInFouD
/mlSmvtLo1h/6arn1hurgoylh5wbOwIDAQABo4GyMIGvMAkGA1UdEwQCMAAwCwYD
VR0PBAQDAgTwMB0GA1UdDgQWBBR9DxLqtR0+zUWoPyFoDRrnyJyDBTAfBgNVHSME
GDAWgBRsprmVI/Tjey+sw4qoZpLd7PT0gTBVBgNVHSUETjBMBggrBgEFBQcDAgYI
KwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCN0MBAQYKKwYBBAGC
N0MBAgYKKwYBBAGCNxQCAjANBgkqhkiG9w0BAQsFAAOCAgEA7BJXiRg32shmZWyY
gPjq52ffN9RDNe58KadajJ1PnVP1yNJySgsOG3eSxONQX3ITr36Ihsfb3fZneBfX
/IcXgjyvy1CDcvBBAyee91hdR8orMCePqMpeOSNP9CUp9Ctd4V+an0DE8Z1yrezA
ieaYgBZCDxuZdloYSmj9Z/Rqn2dy4dcUAxKrEwW/6VPqQNrJETTtadS1SF0EsDxV
XZpDqNYaS/N7/ciSm7TaQJud62A4m+FWWHNnttTp9IjLESr3U80+qtRY8yDNpulb
/eNL8KK9aORiFUz9789l6M62HPi6vCsMflI0iHUeoi69GKX8mKf0WFR1KxoDsJiN
DG9/1gCfj6whFCrT6fJTKAGl8Hp5toWMOeDprbsE5gf4Ik3p+sKMV9t43zNm3gvA
1zNPtgQUffPU0kONlavIxUNfCmD8qVwK5ECT7wh0hrB8fRYfxTZHgN6Yvu7M9HNz
SNt5JZCLBT4nLt0uQp9O/xctdHElZw+/W8OfnP5vxnPdccIeVOxpGIyzErwjD0+E
9mNiqOa5JV9OMAJ+0I9cbOnuMaXm4mvHZadnetUzq2ZUw1Jba7z62zIJTciNRq9i
ZJc6v5e+iqbE1ECZLco5LjWqqfvFfYCrkqeOhCRsRkVPsXnGPo2QDDYdTm4EGCmg
dVZ6R452SZsrE4V+3LR011BxzEg=
-----END CERTIFICATE-----

12
.zshrc2
View File

@ -101,16 +101,15 @@ fi
# alias
alias "pls"='sudo $(fc -ln -1)'
alias "se"='sudo -sE'
alias "sl"='sudo zsh -l'
alias "pbd"='ping baidu.com'
alias "p114"='ping 114.114.114.114'
alias "p666"='ping6 2001:da8::666'
alias "cbd"='curl http://www.baidu.com'
alias "cbds"='curl https://www.baidu.com'
alias "gdebug"='git add -A; git commit --allow-empty -m "bug fix ($(date))"'
case $(bash "$DOTFILES/tools/common.sh" get_os_type) in
macos ) alias l='ls -lAGh -D "%y-%m-%d %H:%M"' ;;
* ) alias l='ls -lAGh --time-style="+%y-%m-%d %H:%M"' ;;
esac
alias "ls"='ls --color=tty'
alias "l"='ls -lAGh --time-style="+%y-%m-%d %H:%M"'
if [[ -x $(command -v trash) ]]; then
alias "rm"="echo use the full path i.e. '/bin/rm'\; consider using trash"
fi
@ -177,6 +176,11 @@ dfs()
esac
}
# motd
if [[ "$DFS_INITED" != "1" && -n "$DFS_UPDATE_CHANNEL" && "$DFS_UPDATE_CHANNEL" != "main" ]]; then
echo dotfiles not in the main channel. use with caution.
fi
# clean
unset i
export DFS_INITED=1

View File

@ -26,6 +26,8 @@ declare -a HOME_SYMLINKS_SRC
declare -a HOME_SYMLINKS_DST
HOME_SYMLINKS_SRC[0]=".ssh/authorized_keys2"
HOME_SYMLINKS_DST[0]=".ssh/authorized_keys2"
HOME_SYMLINKS_SRC[1]=".eid/authorized_certificates"
HOME_SYMLINKS_DST[1]=".eid/authorized_certificates"
install_dependencies()
{

View File

@ -29,6 +29,14 @@ get_server_meta() {
RET_JUMP_SERVER="" # optional
# body
local remote="$1"
# shortcuts
if [[ "$remote" == "i" ]]; then
remote="sir0.ibd"
elif [[ "$remote" == "x" ]]; then
remote="bj1.ibd"
elif [[ "$remote" == "j" ]]; then
remote="sir0.ibd:36122"
fi
# if in the form user@...
if [[ "$remote" == *@* ]]; then
RET_USERNAME=${remote%%@*}
@ -70,14 +78,22 @@ get_server_meta() {
RET_USERNAME=root
RET_TRUST_SERVER=1
;;
box[0-9] )
RET_HOSTNAME=$host
RET_PORT=${RET_PORT:-12022}
RET_USERNAME=${RET_USERNAME:-root}
RET_JUMP_SERVER="root@$domain.ibd.ink:12022"
RET_TRUST_SERVER=1
;;
* )
test -z "$domain" || fmt_warning "unknown domain: \"$domain\". will try as host name"
RET_HOSTNAME="$remote"
esac
}
parse_remote() {
# remote setting, including jump servers
# will be called only once
# called for every remote
# provides:
SERVER=""
TRUST_SERVER=1
@ -87,13 +103,13 @@ SSH_OPTIONS="" # optional
if [[ "$RIOT_TRUST_CLIENT" == "1" ]]; then
SSH_OPTIONS='-o ControlMaster=auto -o ControlPath=/tmp/sshcm-%C -o PermitLocalCommand=yes'
fi
parse_remote() {
# handle input
local remote="$1"
local jump_servers=""
# loop for jump servers
while [[ -n $remote ]]; do
local server=${remote%%,*}
remote=${remote#*,}
local server=${remote%%/*}
remote=${remote#*/}
get_server_meta "$server"
if [[ -n "$RET_JUMP_SERVER" ]]; then
jump_servers="$jump_servers${jump_servers:+,}$RET_JUMP_SERVER"
@ -134,13 +150,13 @@ prepare_ssh_cmd() {
else
local port_param='-p'
fi
echo "$ssh_bin ${PORT:+$port_param} $PORT $SSH_OPTIONS $SCP_SRC $USERNAME${USERNAME:+@}$SERVER $SCP_DST"
echo "$ssh_bin ${PORT:+$port_param} $PORT $SSH_OPTIONS $SCP_SRC $USERNAME${USERNAME:+@}$SERVER $SCP_DST ${@:2}"
}
# ssh
run_ssh()
{
local cmd="$(prepare_ssh_cmd $1)"
local cmd="$(prepare_ssh_cmd $@)"
fmt_note "-->" $cmd
eval_or_echo $cmd
}
@ -153,12 +169,7 @@ run_sshl()
# treat as a port number
arg=localhost:$arg
fi
while
local port=$(shuf -n 1 -i 49152-65535)
netstat -atun | grep -q "$port"
do
continue
done
local port=$(get_free_port)
SSH_OPTIONS="$SSH_OPTIONS -NC -L $port:$arg"
local cmd="$(prepare_ssh_cmd ssh)"
@ -202,14 +213,16 @@ router() {
print_help
exit
fi
parse_remote "$1"
IFS=',' read -ra remotes <<< "$1"
for remote in "${remotes[@]}"; do
if [[ -z "$remote" ]]; then
continue
fi
parse_remote "$remote"
case $2 in
-h|--help)
print_help
exit
;;
ssh|"" )
run_ssh
run_ssh ssh "${@:3}"
;;
zssh )
run_ssh zssh
@ -231,6 +244,7 @@ router() {
fmt_fatal "unknown command: $2"
;;
esac
done
}
router "${GOT_OPTS[@]}"

View File

@ -233,6 +233,31 @@ get_os_name()
echo $ans
}
is_port_free() {
( echo $1 | grep -qxE "[1-9][0-9]{0,4}" ) || false
local cmd
case $(get_os_type) in
macos ) cmd="netstat -van | grep -q \".$1\"" ;;
cygwin|msys ) cmd="netstat -ano | grep -q \":$1\"" ;;
*) cmd="netstat -tuanp | grep -q \":$1\"" ;;
esac
if eval $cmd; then
return 2
else
return 0
fi
}
get_free_port() {
while
local port=$(shuf -n 1 -i 49152-65535)
! is_port_free $port
do
continue
done
echo $port
}
# if bash-ed, else source-d
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
$1 "${@:2}"

View File

@ -6,7 +6,7 @@ source "$THIS_DIR/common.sh"
brew_install()
{
# brew update
brew install git zsh curl tmux vim util-linux
brew install git zsh curl tmux vim util-linux coreutils
}
router()

View File

@ -5,9 +5,14 @@ export DFS_COLOR=1
source "$THIS_DIR/common.sh"
SO_PATHS=(
"/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so" # ubuntu 22.04
"/run/current-system/sw/lib/opensc-pkcs11.so" # nixos 23.05
"/Library/OpenSC/lib/opensc-pkcs11.so" # macos 13.4
)
find_so_file()
{
local SO_PATHS=( "/usr/lib64/opensc-pkcs11.so" "/usr/local/lib/opensc-pkcs11.so" "/run/current-system/sw/lib/opensc-pkcs11.so" )
local SO_FILE
for SO_FILE in ${SO_PATHS[*]}; do
if [[ -f "$SO_FILE" ]]; then
@ -19,7 +24,8 @@ find_so_file()
create_agent()
{
ssh-agent -P "/usr/lib64/*,/usr/local/lib/*,/nix/store/*"
local IFS=","
ssh-agent -P "${SO_PATHS[*]}"
}
kill_agent()

View File

@ -3,6 +3,12 @@
set -ex
trap "dfs beacon gh.ci.fail" ERR
# fix for macos
dfs cd
if [[ $(./tools/common.sh get_os_type) == "macos" ]]; then
export PATH="/usr/local/opt/coreutils/libexec/gnubin:/opt/homebrew/opt/coreutils/libexec/gnubin:${PATH}"
fi
# check files
cd /
l
@ -13,6 +19,7 @@ l
pwd
test -f .zshrc2
diff -q ./.ssh/authorized_keys2 ~/.ssh/authorized_keys2
diff -q ./.eid/authorized_certificates ~/.eid/authorized_certificates
grep -q ".zshrc2" ~/.zshrc
# check scripts and functions

View File

@ -11,6 +11,7 @@ INSTALL_COMMANDS=(\
[zerotier-one]='curl -s https://install.zerotier.com | sudo bash' \
[docker-ce]='curl -fsSL https://get.docker.com | sudo bash -s - --mirror Aliyun #--dry-run' \
[lemonbench]='curl -fsSL https://ilemonra.in/LemonBenchIntl | bash -s fast # or full' \
[nix]='sh <(curl -L https://nixos.org/nix/install) #--daemon' \
)
install()