#!/usr/bin/env bash set -euo pipefail # Post-flash headless provisioning helper. # # Generates the Matter setup payload on this host, prints the QR/manual code, # and copies the generated creds/config directory to a freshly flashed Linux device. # # Usage: # toes-matter/scripts/provision-device.sh user@device-host [device-id] # # Environment: # CREDS_DIR Local output dir. Default: toes-matter/manufacturing//creds # REMOTE_CREDS_DIR Remote creds dir. Default: /var/lib/toes-matter/creds # REMOTE_STATE_DIR Remote Matter state dir. Default: /var/lib/toes-matter/state # SERVICE Optional service to restart. Default: toes-matter.service # Set SERVICE= to skip restart. # SSH_OPTS Extra ssh/scp options, e.g. '-p 2222' if [[ $# -lt 1 || $# -gt 2 ]]; then echo "Usage: $0 user@device-host [device-id]" >&2 exit 2 fi TARGET="$1" DEVICE_ID="${2:-$(date +%Y%m%d-%H%M%S)}" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" CRATE_DIR="$(cd "$SCRIPT_DIR/.." && pwd)" CREDS_DIR="${CREDS_DIR:-$CRATE_DIR/manufacturing/$DEVICE_ID/creds}" REMOTE_CREDS_DIR="${REMOTE_CREDS_DIR:-/var/lib/toes-matter/creds}" REMOTE_STATE_DIR="${REMOTE_STATE_DIR:-/var/lib/toes-matter/state}" SERVICE="${SERVICE-toes-matter.service}" SSH_OPTS="${SSH_OPTS:-}" REMOTE_TMP="/tmp/toes-matter-creds-$DEVICE_ID-$$" # shellcheck disable=SC2206 SSH_ARGS=($SSH_OPTS) mkdir -p "$CREDS_DIR" echo "==> Generating development Matter credentials in $CREDS_DIR" cargo run --quiet --manifest-path "$CRATE_DIR/Cargo.toml" --bin toes-matter-creds -- "$CREDS_DIR" SETUP_FILE="$CREDS_DIR/setup.txt" MANUAL_CODE="$(awk -F= '$1 == "manual_code" { print $2 }' "$SETUP_FILE")" QR_CODE="$(awk -F= '$1 == "qr_code" { print $2 }' "$SETUP_FILE")" echo echo "==> Pairing info for device $DEVICE_ID" echo "Manual code: $MANUAL_CODE" echo "QR payload : $QR_CODE" if command -v qrencode >/dev/null 2>&1; then echo echo "==> QR code" qrencode -t ANSIUTF8 "$QR_CODE" else echo echo "Tip: install qrencode to render the QR in this terminal: sudo apt install qrencode" fi echo echo "==> Copying creds to $TARGET:$REMOTE_CREDS_DIR" ssh "${SSH_ARGS[@]}" "$TARGET" "rm -rf '$REMOTE_TMP' && mkdir -p '$REMOTE_TMP'" scp "${SSH_ARGS[@]}" -r "$CREDS_DIR"/. "$TARGET:$REMOTE_TMP/" ssh "${SSH_ARGS[@]}" "$TARGET" "set -e sudo rm -rf '$REMOTE_CREDS_DIR' sudo mkdir -p '$(dirname "$REMOTE_CREDS_DIR")' '$REMOTE_STATE_DIR' sudo mv '$REMOTE_TMP' '$REMOTE_CREDS_DIR' sudo chmod -R go-rwx '$REMOTE_CREDS_DIR' '$REMOTE_STATE_DIR' if [ -n '$SERVICE' ]; then if systemctl list-unit-files '$SERVICE' >/dev/null 2>&1 || systemctl status '$SERVICE' >/dev/null 2>&1; then sudo systemctl restart '$SERVICE' else echo 'Service $SERVICE not found; skipping restart' fi fi " echo echo "==> Done" echo "Local copy saved at: $CREDS_DIR" echo "Remote app env should use:" echo " TOES_MATTER_CREDS_DIR=$REMOTE_CREDS_DIR" echo " TOES_MATTER_STATE_DIR=$REMOTE_STATE_DIR"