88 lines
2.9 KiB
Bash
Executable File
88 lines
2.9 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
# Post-flash headless provisioning helper.
|
|
#
|
|
# Generates the Matter setup payload on this host, prints the QR/manual code,
|
|
# and copies the generated creds/config directory to a freshly flashed Linux device.
|
|
#
|
|
# Usage:
|
|
# toes-matter/scripts/provision-device.sh user@device-host [device-id]
|
|
#
|
|
# Environment:
|
|
# CREDS_DIR Local output dir. Default: toes-matter/manufacturing/<device-id>/creds
|
|
# REMOTE_CREDS_DIR Remote creds dir. Default: /var/lib/toes-matter/creds
|
|
# REMOTE_STATE_DIR Remote Matter state dir. Default: /var/lib/toes-matter/state
|
|
# SERVICE Optional service to restart. Default: toes-matter.service
|
|
# Set SERVICE= to skip restart.
|
|
# SSH_OPTS Extra ssh/scp options, e.g. '-p 2222'
|
|
|
|
if [[ $# -lt 1 || $# -gt 2 ]]; then
|
|
echo "Usage: $0 user@device-host [device-id]" >&2
|
|
exit 2
|
|
fi
|
|
|
|
TARGET="$1"
|
|
DEVICE_ID="${2:-$(date +%Y%m%d-%H%M%S)}"
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
CRATE_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
|
|
|
|
CREDS_DIR="${CREDS_DIR:-$CRATE_DIR/manufacturing/$DEVICE_ID/creds}"
|
|
REMOTE_CREDS_DIR="${REMOTE_CREDS_DIR:-/var/lib/toes-matter/creds}"
|
|
REMOTE_STATE_DIR="${REMOTE_STATE_DIR:-/var/lib/toes-matter/state}"
|
|
SERVICE="${SERVICE-toes-matter.service}"
|
|
SSH_OPTS="${SSH_OPTS:-}"
|
|
REMOTE_TMP="/tmp/toes-matter-creds-$DEVICE_ID-$$"
|
|
|
|
# shellcheck disable=SC2206
|
|
SSH_ARGS=($SSH_OPTS)
|
|
|
|
mkdir -p "$CREDS_DIR"
|
|
|
|
echo "==> Generating development Matter credentials in $CREDS_DIR"
|
|
cargo run --quiet --manifest-path "$CRATE_DIR/Cargo.toml" --bin toes-matter-creds -- "$CREDS_DIR"
|
|
|
|
SETUP_FILE="$CREDS_DIR/setup.txt"
|
|
MANUAL_CODE="$(awk -F= '$1 == "manual_code" { print $2 }' "$SETUP_FILE")"
|
|
QR_CODE="$(awk -F= '$1 == "qr_code" { print $2 }' "$SETUP_FILE")"
|
|
|
|
echo
|
|
echo "==> Pairing info for device $DEVICE_ID"
|
|
echo "Manual code: $MANUAL_CODE"
|
|
echo "QR payload : $QR_CODE"
|
|
|
|
if command -v qrencode >/dev/null 2>&1; then
|
|
echo
|
|
echo "==> QR code"
|
|
qrencode -t ANSIUTF8 "$QR_CODE"
|
|
else
|
|
echo
|
|
echo "Tip: install qrencode to render the QR in this terminal: sudo apt install qrencode"
|
|
fi
|
|
|
|
echo
|
|
echo "==> Copying creds to $TARGET:$REMOTE_CREDS_DIR"
|
|
ssh "${SSH_ARGS[@]}" "$TARGET" "rm -rf '$REMOTE_TMP' && mkdir -p '$REMOTE_TMP'"
|
|
scp "${SSH_ARGS[@]}" -r "$CREDS_DIR"/. "$TARGET:$REMOTE_TMP/"
|
|
ssh "${SSH_ARGS[@]}" "$TARGET" "set -e
|
|
sudo rm -rf '$REMOTE_CREDS_DIR'
|
|
sudo mkdir -p '$(dirname "$REMOTE_CREDS_DIR")' '$REMOTE_STATE_DIR'
|
|
sudo mv '$REMOTE_TMP' '$REMOTE_CREDS_DIR'
|
|
sudo chmod -R go-rwx '$REMOTE_CREDS_DIR' '$REMOTE_STATE_DIR'
|
|
if [ -n '$SERVICE' ]; then
|
|
if systemctl list-unit-files '$SERVICE' >/dev/null 2>&1 || systemctl status '$SERVICE' >/dev/null 2>&1; then
|
|
sudo systemctl restart '$SERVICE'
|
|
else
|
|
echo 'Service $SERVICE not found; skipping restart'
|
|
fi
|
|
fi
|
|
"
|
|
|
|
echo
|
|
echo "==> Done"
|
|
echo "Local copy saved at: $CREDS_DIR"
|
|
echo "Remote app env should use:"
|
|
echo " TOES_MATTER_CREDS_DIR=$REMOTE_CREDS_DIR"
|
|
echo " TOES_MATTER_STATE_DIR=$REMOTE_STATE_DIR"
|