function zssh_boot() { zshlibs_log zssh "zssh is booting up ----------------------------" typeset -g zssh_ssh_dotdir="${HOME}/.ssh" typeset -g zssh_private_keys="${zssh_ssh_dotdir}/keystore" typeset -g zssh_private_configs="${zssh_ssh_dotdir}/config.d" typeset -g zssh_global_configs=${globaldots_path}/config/ssh typeset -g zssh_global_pubkeys=${globaldots_path}/keys/ssh zssh_configure zssh_process } function zssh_configure () { if [[ -n "$zssh_host" ]] then zshlibs_log zssh_configure "zssh_host is set" zshlibs_ensure -d $zssh_private_keys zshlibs_ensure -d $zssh_private_configs zshlibs_ensure -d ${zssh_global_configs} zshlibs_ensure -d ${zssh_global_pubkeys} if ! [[ -d "${zssh_private_configs}" ]] then echo 'Include config.d/*.sshconf' > "${zssh_ssh_dotdir}/config_d" fi zssh_enumeratenodes if [[ ${#zssh_host_config_accesses} -gt 0 ]] then zshlibs_log zssh_configure "zssh_host_config_accesses is set" zshlibs_log zssh_configure "global our pubkey directory is $(zssh_host_info -K)" zshlibs_log zssh_configure "global our config directory is $(zssh_host_info -c)" typeset -g zssh_global_config_hostdir="${zssh_global_configs}/${zssh_host}" typeset -g zssh_global_pubkey_hostdir="${zssh_global_pubkeys}/${zssh_host}" zshlibs_ensure -d $(zssh_host_info -K) #"${zssh_global_pubkey_hostdir}" zshlibs_ensure -d $(zssh_host_info -C) # "${zssh_global_config_hostdir}" else zshlibs_log zssh_configure "zssh_host_config_accesses is NOT set, not going to bother accepting keys" fi else zshlibs_log zssh_configure "zssh_host is NOT set, which means we cannot neither publish keys nor accept them" fi } function zssh_host_info() { zssh_node_info ${zssh_host} $@ } function zssh_node_info() { local ssh_node=$1 shift while getopts 'kKcCM:E:' opt do case $opt in (s) # private privkey echo "$zssh_private_keys/${ssh_node}.key" ;; (k) # private pubkey echo "$zssh_private_keys/${ssh_node}.key.pub" ;; (M) # public pubkey mail file echo "$zssh_global_pubkeys/${ssh_node}/${OPTARG}.key.pub" ;; (K) # public pubkey bucket echo "$zssh_global_pubkeys/${ssh_node}" ;; (c) # private ssh hostconfig echo "$zssh_private_configs/${ssh_node}.sshconf" ;; (C) # public config bucket echo "$zssh_global_configs/${ssh_node}" ;; (E) # public config bucket piece echo "$zssh_global_configs/${ssh_node}/${OPTARG}.sshconf" ;; esac done } function zssh_process() { if [[ -n "$zssh_host" ]] then if [[ ${#zssh_host_config_accesses} -gt 0 ]] then zshlibs_log zssh_server "processing ssh server setup" # - if there is no generated ssh config, # - if local config not older than (means newer than) generated config # then generate ssh config if ! [[ "${HOME}/.config/zsh/local.config.zsh" -ot $(zssh_host_info -c) ]] then zshlibs_log zssh_server "publishing our configs …" zssh_publish_configs else zshlibs_log zssh_server "no need to publish our configs" fi zssh_check_pubkeys fi zshlibs_log zssh_client "processing ssh client setup" zssh_install_peers zssh_publish_pubkeys fi } function zssh_check_pubkeys() { [[ ${#zssh_host_config_accesses} -gt 0 ]] || return 62 zshlibs_log zssh_server "checking received pubkeys …" zshlibs_log zssh_server "done checking received pubkeys" } function zssh_install_peers() { [[ -n $zssh_host ]] || return 63 zshlibs_log zssh_client "installing peers" for ssh_node in $zssh_nodes do zshlibs_log zssh_client "installing peer $ssh_node …" zssh_generate_privkey4 $ssh_node zssh_generate_config4 $ssh_node done } function zssh_publish_pubkeys() { zshlibs_log zssh_client "pushing out pubkey to parties …" for ssh_node in $zssh_nodes do zssh_mail_pubkey2 $ssh_node done zshlibs_log zssh_client "done pushing out pubkey to parties" } function zssh_mail_pubkey2() { [[ -n $zssh_host ]] || return 63 ssh_node="$1" if ! [[ "$(zssh_node_info ${ssh_node} -k)" -ot "$(zssh_node_info ${ssh_node} -M ${zssh_host})" ]] then zshlibs_ensure -d "$(zssh_node_info ${ssh_node} -K)" zshlibs_log zssh_client "sending '$(zssh_node_info ${ssh_node} -k) to '$(zssh_node_info ${ssh_node} -M ${zssh_host})'" cp -T "$(zssh_node_info ${ssh_node} -k)" "$(zssh_node_info ${ssh_node} -M ${zssh_host})" else zshlibs_log zssh_client "'$(zssh_node_info ${ssh_node} -M ${zssh_host})' already mailed" fi } function zssh_publish_configs() { [[ "${#zssh_host_config_accesses}" -gt 0 ]] || return 62 zshlibs_log zssh_server "generating access configs for parties …" for sshmatch in ${(k)zssh_host_config_accesses} do config_filename="$(zssh_host_info -E ${sshmatch})" config_filename=${config_filename//:/_} zshlibs_log zssh_server "generating our server access config '${config_filename}'" zssh_generate_hostaccessconfig $sshmatch > "${config_filename}" done zshlibs_log zssh_server "updating mtime for $(zssh_host_info -C)" touch "$(zssh_host_info -C)" zshlibs_log zssh_server "done generating access configs for parties" } function zssh_generate_hostaccessconfig() { sshmatch="${1}" sshcontents=${zssh_host_config_accesses[$sshmatch]} sshmatch_user=${sshmatch%%@*} sshmatch_host=${sshmatch##*@} if [[ "$sshmatch_host" == "$sshmatch_user" ]] then sshmatch_user='' fi << HERE Match ${sshmatch_host:+host $sshmatch_host,} ${sshmatch_user:+user $sshmatch_user,} ${sshcontents} ${zssh_host_config} HERE } function zssh_generate_config4 { ssh_node="$1" dst="$zssh_private_configs/$ssh_node.sshconf" srcs="$zssh_global_configs/$ssh_node" zshlibs_log zssh_client "checking configs for $ssh_node …" if ! [[ -d "$srcs" ]] then zshlibs_log zssh_client "$ssh_node does not have config" elif ! [[ $dst -nt $srcs ]] then sshkey="$zssh_private_keys/$ssh_node.key" zshlibs_log zssh_client "generating '$dst' with key '$sshkey'" matched="1" rm "$dst" 2> /dev/null for src in "$srcs"/*.sshconf(N) do matched=0 zshlibs_log zssh_client "sourcing $src" cat "$src" >> "$dst" printf "\n IdentityFile %s\n\n" "$sshkey" >> "$dst" done if ! $matched then zshlibs_log zssh_client "no configs for '$dst'" fi fi zshlibs_log zssh_client "done with $ssh_node" } function zssh_generate_privkey4 { ssh_node="$1" zshlibs_log zssh_client "checking keys for peer $ssh_node …" local newkey=$zssh_private_keys/$ssh_node.key if ! [[ -s $newkey ]] then zshlibs_log zssh_client "generate key for $ssh_node" ssh-keygen -t ed25519 -N '' -C "$ssh_host($USER@$HOST) for $ssh_node" -f $newkey >> "${HOME}/.log/ssh-keygen.log" if [[ "$ssh_node" == "$zssh_host" ]] then zshlibs_log zssh_client "Self accepting key: $ssh_node" cat "$newkey.pub" >> ${HOME}/.ssh/authorized_keys fi fi } function zssh_enumeratenodes() { typeset -g -a zssh_nodes; zshlibs_log zssh_configure "enumerating nodes" if [[ -d $zssh_global_configs ]] then for __ssh_node in ${zssh_global_configs}/*(/) do zssh_nodes+=($(basename $__ssh_node)) done fi zshlibs_log zssh_configure "got ${#zssh_nodes} nodes" }