From acc6b2c7218dc1544693dc22d79ccc6ef93c02c0 Mon Sep 17 00:00:00 2001
From: hygienic-books <hygienic-books@tentic.net>
Date: Sat, 11 Nov 2023 04:04:14 +0100
Subject: [PATCH] feat(os): Reuse or set SSH pub keys in OS (#19)

---
 setup.sh | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)

diff --git a/setup.sh b/setup.sh
index 1ea9230..601358e 100644
--- a/setup.sh
+++ b/setup.sh
@@ -282,6 +282,48 @@ function setup_env_vars () {
         fi
     fi
 
+    if [[ "${want_ssh_in_zbm}" ]]; then
+        echo 'Do you want to define OS root user'"'"'s SSH pub key?'
+        select arg_root_pub_keys in 'Yes (let me specify)' 'Yes (use ZBM pub keys)' 'No (don'"'"'t enable sshd.service)'; do
+            case "${arg_root_pub_keys}" in
+                'Yes (let me specify)')
+                    want_custom_pub_keys_in_os='true'
+                    break
+                    ;;
+                'Yes (use ZBM pub keys)')
+                    ARCHZBM_OS_SSH_AUTH_KEYS="${ARCHZBM_SSH_AUTH_KEYS}"
+                    break
+                    ;;
+                'No (don'"'"'t enable sshd.service)')
+                    break
+                    ;;
+            esac
+        done <&3 && echo
+
+        if [[ "${want_custom_pub_keys_in_os}" ]]; then
+            read -u3 -p 'Please type SSH pub keys on one line separated by double-commas (,,) and confirm with <Enter>: ' ARCHZBM_OS_SSH_AUTH_KEYS
+            echo
+        fi
+    else
+        echo 'Do you want to define OS root user'"'"'s SSH pub key?'
+        select arg_root_pub_keys in 'Yes (let me specify)' 'No (don'"'"'t enable sshd.service)'; do
+            case "${arg_root_pub_keys}" in
+                'Yes (let me specify)')
+                    want_own_pub_key_in_os='true'
+                    break
+                    ;;
+                'No (don'"'"'t enable sshd.service)')
+                    break
+                    ;;
+            esac
+        done <&3 && echo
+
+        if [[ "${want_own_pub_key_in_os}" ]]; then
+            read -u3 -p 'Please type SSH pub keys on one line separated by double-commas (,,) and confirm with <Enter>: ' ARCHZBM_OS_SSH_AUTH_KEYS
+            echo
+        fi
+    fi
+
     if [[ "${want_dns_and_ntp}" ]]; then
         read -u3 -p 'Specify one or more comma-separated DNS IPs: ' ARCHZBM_OS_DNS_IP
         echo
@@ -1366,6 +1408,21 @@ EOF
     systemctl disable 'systemd-networkd-wait-online' --root='/mnt'
 }
 
+function configure_sshd () {
+    local pub_key_line
+
+    cat >> '/mnt/etc/ssh/sshd_config.d/40-defaults.conf' <<"EOF"
+PasswordAuthentication no
+PermitRootLogin yes
+EOF
+
+    while IFS= read -r pub_key_line; do
+        printf -- '%s\n' "${pub_key_line}" >> '/mnt/root/.ssh/authorized_keys'
+    done < <(<<<"${ARCHZBM_OS_SSH_AUTH_KEYS}" sed -r -e 's/,,/\n/g')
+
+    systemctl enable 'sshd.service' --root='/mnt'
+}
+
 function configure_dns () {
     #3.4
     rm '/mnt/etc/resolv.conf'
@@ -1453,6 +1510,9 @@ function finalize_os_setup () {
     #3.1
     set_root_pw                                 #3.2
     configure_networking                        #3.3
+    if [[ "${ARCHZBM_OS_SSH_AUTH_KEYS}" ]]; then
+        configure_sshd
+    fi
     configure_dns                               #3.4
     configure_reflector                         #3.5
     configure_zfs                               #3.6