From 6a9daa063dbbcfaeda67c13ef288a171fd2048cf Mon Sep 17 00:00:00 2001
From: schizza <lukyn@lukyns.com>
Date: Tue, 30 Apr 2024 17:06:08 +0200
Subject: [PATCH] SSH, yaml config, scripts gen.

* Add SSH pair keys generation
* configuration.yaml auto add shell_command
* scripts to run shell_command properly
---
 .gitignore          |   1 +
 install_iptables.sh | 108 +++++++++++++++++++++++++++++++++++++++-----
 2 files changed, 97 insertions(+), 12 deletions(-)

diff --git a/.gitignore b/.gitignore
index dbce267..a8ab95b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -160,3 +160,4 @@ cython_debug/
 #.idea/
 
 .DS_Store
+HA
diff --git a/install_iptables.sh b/install_iptables.sh
index a168108..2a9343d 100644
--- a/install_iptables.sh
+++ b/install_iptables.sh
@@ -11,7 +11,7 @@ ST_PORT=80
 
 LINK="https://raw.githubusercontent.com/schizza/SWS-12500-custom-component/main/iptables_redirect.sh"
 FILENAME="iptables_redirect.sh"
-SCRIPT_DIR="iptables_redirect/"
+SCRIPT_DIR="iptables_redirect"
 
 P_HA=true
 P_ST=true
@@ -23,6 +23,7 @@ declare -a HA_PATHS=(
     "/homeassistant"
     "$HOME/.homeassistant"
     "/usr/share/hassio/homeassistant"
+    "./HA"
 )
 
 function info() { echo -e $2 "${GREEN_COLOR}$1${NO_COLOR}"; }
@@ -67,6 +68,21 @@ function validate_dest() {
     fi
 }
 
+function exit_status() {
+    # argv 1 - status
+    #      2 - called function
+    #      3 - error message
+    #      4 - success message
+    #      5 - exit on error bool
+
+    if [ $1 -ne 0 ]; then
+        warn "$2 exited with error: $1"
+        error "$3" $5
+    else
+        info "$4"
+    fi
+}
+
 function cont() {
 
     while true; do
@@ -96,6 +112,7 @@ echo
 check "wget"
 check "sed"
 check "ping" false && { PING=true; } || { PING=false; }
+check "ssh-keygen" false && { KEYGEN=true; } || { KEYGEN=false; }
 
 echo -n "Trying to find Home Assitant ... "
 for _PATH in "${HA_PATHS[@]}"; do
@@ -109,13 +126,18 @@ for _PATH in "${HA_PATHS[@]}"; do
 done
 
 COMPLETE_PATH="$HA_PATH/$SCRIPT_DIR"
-FILENAME="$COMPLETE_PATH$FILENAME"
-
-rm -f "$FILENAME"
+FILENAME="$COMPLETE_PATH/$FILENAME"
 
 [ -z $HA_PATH ] && { error "Home Assistant not found!"; }
 info "found at $HA_PATH"
 
+[ -d $COMPLETE_PATH ] && {
+    warn "Previous version of script exists ... removing directory ($COMPLETE_PATH)"
+    rm -r $COMPLETE_PATH
+}
+
+mkdir -p $COMPLETE_PATH
+
 while true; do
     read -r -p "Your station's IP: " ST_IP
     if validate_ip $ST_IP; then break; fi
@@ -137,6 +159,9 @@ while true; do
     warn "Provide valid port number."
 done
 
+read -r -p "SSH server username: " SSH_USER
+read -r -p "SSH server port: " SSH_PORT
+
 if $PING; then
     validate_dest $HA_IP || {
         cont "Home Assistant host is unreachable."
@@ -152,16 +177,72 @@ echo -n "Downloading 'iptables_redirect.sh' ... "
 wget -q -O - "$LINK" | sed -e "s/\[_STATION_IP_\]/$ST_IP/" \
     -e "s/\[_HA_\]/$HA_IP/" \
     -e "s/\[_SRC_PORT_\]/$ST_PORT/" \
-    -e "s/\[_DST_PORT_\]/$HA_PORT/" >./iptables_redirect.sh
+    -e "s/\[_DST_PORT_\]/$HA_PORT/" >$FILENAME
 
-EXIT_STATUS=$?
-if [ $EXIT_STATUS -ne 0 ]; then
-    warn "wget exited with error: $EXIT_STATUS"
-    error "Could not download 'iptables_redirect.sh'."
-else
-    info "iptables_redirect.sh downloaded succeffully."
+exit_status $? "wget" \
+    "Could not download 'iptables_redirect.sh'." \
+    "iptables_redirect.sh downloaded successffully."
+
+if $KEYGEN; then
+    echo -n "Generating ssh key-pairs ... "
+    mkdir -p "$COMPLETE_PATH/ssh"
+    ssh-keygen -t ecdsa -b 521 -N "" -f "$COMPLETE_PATH/ssh/ipt_dsa" -q
+    exit_status $? "ssh-keygen" \
+        "Could not create ssh key-pairs." \
+        "SSH key-pairs created successfully (at $COMPLETE_PATH/ssh/)" \
+        false
 fi
 
+echo -n "Creating 'exec.sh' script ... "
+cat >$COMPLETE_PATH/exec.sh <<-EOF
+#!/bin/bash
+
+cat $COMPLETE_PATH/runscript | ssh -i $COMPLETE_PATH/ssl/ipt_dsa -o StrictHostKeyChecking=no -p $SSH_PORT -l $SSH_USER $HA_IP /bin/zsh
+EOF
+
+exit_status $? "cat" \
+    "Could not write '$COMPLETE_PATH/exec.sh'" \
+    "OK."
+
+echo -n "Setting 'exec.sh' script right privileges ... "
+chmod +x --quiet "$COMPLETE_PATH/exec.sh"
+exit_status $? "chmod" \
+                "Filed to set +x on exec.sh" \
+                "OK."
+
+echo -n "Creating 'runscript' ... "
+cat >$COMPLETE_PATH/runscript <<-"EOF"
+#!/bin/zsh
+
+SCRIPT=$(find /homeassistant -name "iptables_redirect.sh" | sed -n 1p)
+sudo /bin/bash "$SCRIPT"
+EOF
+
+exit_status $? "cat" \
+    "Could not write 'runscript'" \
+    "OK."
+
+echo -n "Modifying configuration.yaml ... "
+cat >> $HA_PATH/configuration.yaml <<EOF
+
+shell_command:
+  iptables_script: ./iptables_redirect/exec.sh
+EOF
+
+exit_status $? "cat" \
+            "Could not modify configuration.yaml" \
+            "OK." \
+            false
+
+echo "Executing 'iptables_redirecet.sh' ..."
+
+/bin/bash $FILENAME
+FIRST_RUN=$?
+exit_status $FIRST_RUN "iptables_redirect.sh" \
+    "iptables_redirect scritp did not run successfully.\n But is installed in $FILENAME.\n Please run it again a look at the log." \
+    "First run of 'iptables_redirect.sh' was successfful. Your iptables are set." \
+    false
+
 info "\nYour configuration:"
 info "   Home Assistant at: $HA_PATH"
 info "   Home Assistant server at: $HA_IP:$HA_PORT" -n
@@ -177,4 +258,7 @@ else
     error " (not tested)" false
 fi
 
-/bin/bash ./iptables_redirect.sh
+info "   First run of 'iptables_redirect.sh' script " -n
+[ $FIRST_RUN -ne 0 ] && { error " failed." false; } || { info " passed."; }
+
+info "   SSH pub_key: at $COMPLETE_PATH/ssh/ipt_dsa.pub"