From cce4a4c5bcf31b2e87b988ec8e532b598ca8507f Mon Sep 17 00:00:00 2001
From: Dict Xiong <me@beardic.cn>
Date: Fri, 21 Apr 2023 17:12:36 +0800
Subject: [PATCH] testbed_deploy.sh

---
 scripts/jumpserver_deploy.sh |  2 ++
 scripts/nasp                 |  4 ++++
 scripts/testbed_cron.sh      | 12 ++++++++++--
 scripts/testbed_deploy.sh    | 20 ++++++++++++++++++++
 4 files changed, 36 insertions(+), 2 deletions(-)
 create mode 100755 scripts/nasp
 create mode 100755 scripts/testbed_deploy.sh

diff --git a/scripts/jumpserver_deploy.sh b/scripts/jumpserver_deploy.sh
index 746406d..5fe22c8 100755
--- a/scripts/jumpserver_deploy.sh
+++ b/scripts/jumpserver_deploy.sh
@@ -19,3 +19,5 @@ insert_if_not_exist()
 }
 
 insert_if_not_exist "/etc/crontab" "*/5 * * * * cd \"$THIS_DIR\" && git pull && \"$THIS_DIR\"/jumpserver_cron.sh"
+
+\"$THIS_DIR\"/jumpserver_cron.sh
diff --git a/scripts/nasp b/scripts/nasp
new file mode 100755
index 0000000..d54a2da
--- /dev/null
+++ b/scripts/nasp
@@ -0,0 +1,4 @@
+%nasp ALL = (root) NOPASSWD: /usr/bin/docker
+%nasp ALL = (root) NOPASSWD: /usr/sbin/reboot
+%nasp ALL = (root) NOPASSWD: /usr/bin/whoami
+
diff --git a/scripts/testbed_cron.sh b/scripts/testbed_cron.sh
index 72c0541..b061946 100755
--- a/scripts/testbed_cron.sh
+++ b/scripts/testbed_cron.sh
@@ -16,6 +16,7 @@ touch_user() {
         --shell /bin/bash \
         --disabled-password \
         --home /home/$1 \
+        --gecos "nasp member" \
         $1
     usermod -a -G nasp $1
 }
@@ -23,12 +24,18 @@ touch_user() {
 update_key() {
     tmp_path="/tmp/authorized_keys_$1"
     dest_path="/home/$1/.ssh/authorized_keys"
-    echo "# This file is autoly generated. Changes here will not work." > "$tmp_path"
+    dest_dir=$(dirname "$dest_path")
 
+    echo "# This file is autoly generated. Changes here will not work." > "$tmp_path"
     for file in $(find "$THIS_DIR/../authorized_keys/$1" -type f); do
         (echo "# key file: ${file#*authorized_keys/}";cat "$file"; echo) >> "$tmp_path"
     done
 
+    if [[ ! -d "$dest_dir" ]]; then
+        mkdir -p "$dest_dir"
+        chown $1:$1 "$dest_dir"
+        chmod 700 "$dest_dir"
+    fi
     cat "$tmp_path" > "$dest_path"
     rm "$tmp_path"
     chown $1:$1 "$dest_path"
@@ -36,8 +43,9 @@ update_key() {
 }
 
 main() {
+    cp "$THIS_DIR/nasp /etc/sudoers.d/nasp"
     for file in "$THIS_DIR"/../authorized_keys/* ; do
-        if ! test -d "$file"; then
+        if [[ ! -d "$file" ]]; then
             continue
         fi
         username=$(basename $file)
diff --git a/scripts/testbed_deploy.sh b/scripts/testbed_deploy.sh
new file mode 100755
index 0000000..ed75701
--- /dev/null
+++ b/scripts/testbed_deploy.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+set -ex
+THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )
+
+apt update && apt install sudo
+addgroup nasp
+
+insert_if_not_exist()
+{
+    filename=$1
+    line=$2
+    if [ ! -f "$filename" ]; then
+        touch $filename
+    fi
+    grep -qxF -- "$line" "$filename" || echo "$line" >> "$filename"
+}
+
+insert_if_not_exist "/etc/crontab" "*/5 * * * * cd \"$THIS_DIR\" && git pull && \"$THIS_DIR\"/testbed_cron.sh"
+
+\"$THIS_DIR\"/testbed_cron.sh