From 2723becd96682efda56a5f0458ff17a13b0c4be2 Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Fri, 23 Feb 2024 20:30:12 +0100
Subject: [PATCH] continue work on sensor deploy

---
 installer/install/deploy.sh => deploy.sh | 62 +++++++++++++++---------
 install.sh                               |  2 +-
 installer/install/deploy.yml             |  6 +++
 3 files changed, 46 insertions(+), 24 deletions(-)
 rename installer/install/deploy.sh => deploy.sh (70%)

diff --git a/installer/install/deploy.sh b/deploy.sh
similarity index 70%
rename from installer/install/deploy.sh
rename to deploy.sh
index 942d178e..221c8da7 100755
--- a/installer/install/deploy.sh
+++ b/deploy.sh
@@ -38,11 +38,11 @@ if [[ ${mySENSOR_INSTALLED} != "y" ]];
       exit 1
 fi
 
-# Check if ssh key has been deployed
-read -p "# Has the SSH key been deployed to the SENSOR? (y/n): " mySSHKEY_DEPLOYED
-if [[ ${mySSHKEY_DEPLOYED} != "y" ]]; 
+# Ask for the remote user
+read -p "# Enter the remote username T-Pot SENSOR was installed with: " mySSHUSER
+if [[ ${mySSHUSER} == "" ]]; 
     then
-      echo "# Generate a SSH key using 'ssh-keygen' and deploy it to the SENSOR with 'ssh-copy-id user@sensor-ip'."
+      echo "# You need to enter a user. Aborting."
       exit 1
 fi
 
@@ -57,6 +57,14 @@ while true; do
   fi
 done
 
+# Check if ssh key has been deployed
+read -p "# Has a SSH key been deployed to the SENSOR? (y/n): " mySSHKEY_DEPLOYED
+if [[ ${mySSHKEY_DEPLOYED} != "y" ]]; 
+    then
+      echo "# Generate a SSH key using 'ssh-keygen' and deploy it to the SENSOR (Example: ssh-copy-id -p 64295 ${mySSHUSER}@${mySENSOR_IP})."
+      exit 1
+fi
+
 # Validate IP/domain name of HIVE
 while true; do
   read -p "# Enter the IP/domain name of this HIVE: " myTPOT_HIVE_IP
@@ -92,30 +100,38 @@ echo "# New SENSOR credentials base64 encoded: ${myTPOT_HIVE_USER}"
 # Read LS_WEB_USER from file
 myENV_LS_WEB_USER=$(grep "^LS_WEB_USER=" "${myENV_FILE}" | sed 's/^LS_WEB_USER=//g' | tr -d "\"'")
 
-# Add the new SENSOR and show a complete list of all the SENSORs
-myENV_LS_WEB_USER="${myENV_LS_WEB_USER} ${myLS_WEB_USER_ENC_B64}"
-
-# Update the T-Pot .env config and lswebpasswd (avoid the need to restart T-Pot) on the host
-echo "# Updating SENSOR users on this HIVE and in the T-Pot .env config:"
-sed -i "/^LS_WEB_USER=/c\LS_WEB_USER=${myENV_LS_WEB_USER}" "${myENV_FILE}"
-: > "${HOME}"/tpotce/data/nginx/conf/lswebpasswd
-for i in $myENV_LS_WEB_USER;
-  do
-    if [[ -n $i ]]; 
-      then
-        # Need to control newlines as they kept coming up for some reason
-        echo -n "$i" | base64 -d -w0
-        echo
-        echo -n "$i" | base64 -d -w0 | tr -d '\n' >> ${HOME}/tpotce/data/nginx/conf/lswebpasswd
-        echo >> ${HOME}/tpotce/data/nginx/conf/lswebpasswd
-      fi
-done
+# Add the new SENSOR user
+if [ "${myENV_LS_WEB_USER}" == "" ];
+  then
+    myENV_LS_WEB_USER="${myLS_WEB_USER_ENC_B64}"
+  else
+    myENV_LS_WEB_USER="${myENV_LS_WEB_USER} ${myLS_WEB_USER_ENC_B64}"
+fi
 
 # Need to export for Ansible
 export myTPOT_HIVE_USER
 export myTPOT_HIVE_IP
 
-ANSIBLE_LOG_PATH=${HOME}/tpotce/data/deploy_sensor.log ansible-playbook ${myANSIBLE_TPOT_PLAYBOOK} -i ${mySENSOR_IP}, --check -c ssh -e "ansible_port=${myANSIBLE_PORT}"
+ANSIBLE_LOG_PATH=${HOME}/tpotce/data/deploy_sensor.log ansible-playbook ${myANSIBLE_TPOT_PLAYBOOK} -i ${mySENSOR_IP}, -c ssh -u ${mySSHUSER} -e "ansible_port=${myANSIBLE_PORT}"
+
+if [ "$?" == 0 ];
+  then
+	# Update the T-Pot .env config and lswebpasswd (avoid the need to restart T-Pot) on the host
+	echo "# Updating SENSOR users on this HIVE and in the T-Pot .env config:"
+    sed -i "/^LS_WEB_USER=/c\LS_WEB_USER=$myENV_LS_WEB_USER" "${myENV_FILE}"
+	: > "${HOME}"/tpotce/data/nginx/conf/lswebpasswd
+	for i in $myENV_LS_WEB_USER;
+	  do
+	    if [[ -n $i ]]; 
+	      then
+	        # Need to control newlines as they kept coming up for some reason
+	        echo -n "$i" | base64 -d -w0
+	        echo
+	        echo -n "$i" | base64 -d -w0 | tr -d '\n' >> ${HOME}/tpotce/data/nginx/conf/lswebpasswd
+	        echo >> ${HOME}/tpotce/data/nginx/conf/lswebpasswd
+	      fi
+	done
+fi
 
 unset myTPOT_HIVE_USER
 unset myTPOT_HIVE_IP
diff --git a/install.sh b/install.sh
index c1a1112c..ce3ddc8f 100755
--- a/install.sh
+++ b/install.sh
@@ -269,7 +269,7 @@ if [ "${myTPOT_TYPE}" == "SENSOR" ];
   then
     cp ${HOME}/tpotce/compose/sensor.yml ${HOME}/tpotce/docker-compose.yml
     myINFO="### Make sure to deploy SSH keys to this sensor and disable SSH password authentication.
-### On hive run the tpotce/tools/deploy.sh script to join this sensor to the hive."
+### On hive run the tpotce/deploy.sh script to join this sensor to the hive."
 fi
 
 # Pull docker images
diff --git a/installer/install/deploy.yml b/installer/install/deploy.yml
index ea312ef7..4b4778fa 100644
--- a/installer/install/deploy.yml
+++ b/installer/install/deploy.yml
@@ -8,6 +8,12 @@
     remote_docker_compose_path: "~/tpotce/docker-compose.yml"
     env_file_path: "~/tpotce/.env"
   tasks:
+    - name: Ensure the destination directory exists
+      ansible.builtin.file:
+        path: "{{ remote_cert_path | dirname }}"
+        state: directory
+        mode: '770'
+
     - name: Copy nginx.crt from local to remote host
       ansible.builtin.copy:
         src: "{{ local_nginx_cert_path }}"