From f408d9b0b88141f6df81f797a22727a50438ade0 Mon Sep 17 00:00:00 2001
From: Clemens Schwaighofer <clemens.schwaighofer@egplusww.com>
Date: Fri, 4 Jul 2025 11:24:39 +0900
Subject: [PATCH] base setup update with base jump host setting for gitea

---
 src/bin/base_setup.sh | 40 ++++++++++++++++++++++++++++++++--------
 src/pem/.gitignore    |  2 ++
 2 files changed, 34 insertions(+), 8 deletions(-)
 create mode 100644 src/pem/.gitignore

diff --git a/src/bin/base_setup.sh b/src/bin/base_setup.sh
index b89c7e2..9809add 100644
--- a/src/bin/base_setup.sh
+++ b/src/bin/base_setup.sh
@@ -22,9 +22,9 @@ fi;
 if [ -z "${WWW_GROUP}" ]; then
 	echo "Missing WWW_GROUP entry";
 	error=1;
-else
-	# check that this group exists, we do not create this, this is the apache group
-	echo "";
+elif ! getent group "${WWW_GROUP}" > /dev/null 2>&1; then
+	echo "Group ${WWW_GROUP} does not exist. Is it the Apache web group?";
+	error=1;
 fi;
 if [ -z "${SUDO_USER}" ]; then
 	echo "Missing SUDO_USER entry";
@@ -46,12 +46,21 @@ CONFIG_FOLDER="config/"
 WWW_WEBHOOK_INCOMING="/www/webhook-incoming";
 WWW_ADMIN="/www/admin";
 
+# jump host PEM file
+PEM_BASE="${BASE_FOLDER}../pem/";
+JUMP_PEM_FILE="somen-jump.tequila.jp#scripts#webhook-git#ed25519.pem";
+
 # add trailing slash if missing
 GIT_REPOSITORY_FOLDER="${GIT_REPOSITORY_FOLDER%/}/"
 
 if [ -d "${GIT_REPOSITORY_FOLDER}" ]; then
 	echo "Base folder already exists, update check";
 	echo "[TODO] -> Not implemented exit";
+	# check folders
+	# check folder ACL
+	# copy scripts
+	# copy default config
+	# check config entries missing
 	exit;
 else
 	echo "=> Create new folder structure";
@@ -70,11 +79,26 @@ else
 	setfacl -m -d u:"${SUDO_USER}":rwx -R "${GIT_REPOSITORY_FOLDER}"
 	setfacl -m g:"${WWW_GROUP}":rx -R "${GIT_REPOSITORY_FOLDER}"
 	# SSH
-	echo "+ Add .ssh folder"
-	sudo -u "${SUDO_USER}" mkdir "${GIT_REPOSITORY_FOLDER}"/.ssh/
-	sudo -u "${SUDO_USER}" touch "${GIT_REPOSITORY_FOLDER}"/.ssh/config
-	sudo -u "${SUDO_USER}" chmod 700 "${GIT_REPOSITORY_FOLDER}"/.ssh/
-	sudo -u "${SUDO_USER}" chmod 600 "${GIT_REPOSITORY_FOLDER}"/.ssh/config
+	if [ "${USE_SUDO}" != "0" ]; then
+		echo "+ Add .ssh folder"
+		sudo -u "${SUDO_USER}" mkdir "${GIT_REPOSITORY_FOLDER}"/.ssh/
+		sudo -u "${SUDO_USER}" touch "${GIT_REPOSITORY_FOLDER}"/.ssh/config
+		sudo -u "${SUDO_USER}" chmod 700 "${GIT_REPOSITORY_FOLDER}"/.ssh/
+		sudo -u "${SUDO_USER}" chmod 600 "${GIT_REPOSITORY_FOLDER}"/.ssh/config
+		# add master jump host
+		cat >> "${GIT_REPOSITORY_FOLDER}"/.ssh/config << 'EOF'
+Host UdonGitJump
+	Hostname somen-jump.tequila.jp
+	User webhook-git
+	IdentityFile ~/.ssh/somen-jump.tequila.jp#scripts#webhook-git#ed25519.pem
+	Port 37337
+EOF
+		if [ -f "${PEM_BASE}${JUMP_PEM_FILE}" ]; then
+			cp "${PEM_BASE}${JUMP_PEM_FILE}" "${GIT_REPOSITORY_FOLDER}"/.ssh/;
+		else
+			echo "PEM FILE ${JUMP_PEM_FILE} must be added manually"
+		fi;
+	fi;
 	# All other FOLDER
 	echo "+ Other folders for clone base: ${CLONE_BASE}, logs, scripts, www/webhook-incoming"
 	sudo -u "${SUDO_USER}" \
diff --git a/src/pem/.gitignore b/src/pem/.gitignore
new file mode 100644
index 0000000..474f021
--- /dev/null
+++ b/src/pem/.gitignore
@@ -0,0 +1,2 @@
+*.pem
+!.gitignore