Automating drudgery

2022-01-02linuxsetupsshgitnginx

As I’ve been doing a lot of reinstalling and moving around lately, I got tired of doing the same thing over and over again, and decided to automate some of it, as I was planning for a long time.

First up, opening up the live system for SSH connections using my keys.

backdoor.sh
#!/bin/sh
cd ~
mkdir -p .ssh
chmod 700 .ssh
cd .ssh
curl -sSL meta.sr.ht/~aldum.keys >> authorized_keys
chmod 600 authorized_keys

echo "All done, backdoor'd"
curl -sSL dev.aldum.pw/backdoor.sh | sh

CAUTION: do not run this unless you are particularly keen on me having access to your system. Also, do not run any shell script you don’t understand with curl | sh, it could be have literally any effect, up to and including deleting all your data and borking hardware. This is for me to set access up on throwaway live systems, you can modify it to suit your needs, but please don’t run it as-is. I’m calling it a backdoor half-jokingly, but it’s basically what it is. Or a front door, even.

Sidenote: sr.ht is an open source code forge for hackers, it’s good to use if you want to get away from microsoft-owned GitHub. It can be self-hosted, or you can subscribe for a small fee.

Armed with that, let’s deploy my artixstrap script:

git clone https://dev.aldum.pw/strap

All of this is facilitated by a little bit of nginx magic:

conf/sites-available/aldum.pw.conf
server {
    server_name dev.aldum.pw;
    listen 443 ssl;
    override_charset on;
    charset utf-8;
    access_log /var/log/nginx/dev.aldum.pw.access.log;
    error_log /var/log/nginx/dev.aldum.pw.error.log error;

    location / {
        root /srv/http/aldum.pw/dev;
    }

    location /strap {
        proxy_pass https://gitea.artixlinux.org/aldum/artixstrap.git;
    }

    <certbot config skipped>
}

As you can see, the artixstrap is accessed by a redirect, and the backdoor.sh is simply a file in the dev folder.