homelab-codex-ws/scripts/onboard/lib/remote.sh

#!/usr/bin/env bash
# scripts/onboard/lib/remote.sh — SSH helpers for remote node operations
# Requires: ONBOARD_SSH_USER, ONBOARD_SSH_HOST to be set by the caller.
# Inherits: DRY_RUN (boolean string "true"/"false")

set -euo pipefail

: "${ONBOARD_SSH_USER:?remote.sh: ONBOARD_SSH_USER is not set}"
: "${ONBOARD_SSH_HOST:?remote.sh: ONBOARD_SSH_HOST is not set}"
: "${DRY_RUN:=0}"

_SSH_OPTS=(
    -o StrictHostKeyChecking=accept-new
    -o ConnectTimeout=10
    -o BatchMode=yes
)

# rrun CMD [ARGS…] — run a command on the remote node via SSH
rrun() {
    if [ "${DRY_RUN:-0}" = 1 ]; then
        dryrun "ssh ${ONBOARD_SSH_USER}@${ONBOARD_SSH_HOST} -- $*"
        return 0
    fi
    ssh "${_SSH_OPTS[@]}" "${ONBOARD_SSH_USER}@${ONBOARD_SSH_HOST}" -- "$@"
}

# rcopy LOCAL_PATH REMOTE_PATH — copy a file to the remote node via scp
rcopy() {
    local src="$1" dst="$2"
    if [ "${DRY_RUN:-0}" = 1 ]; then
        dryrun "scp $src ${ONBOARD_SSH_USER}@${ONBOARD_SSH_HOST}:$dst"
        return 0
    fi
    scp "${_SSH_OPTS[@]}" "$src" "${ONBOARD_SSH_USER}@${ONBOARD_SSH_HOST}:$dst"
}

# rsync_dir LOCAL_DIR REMOTE_DIR [EXTRA_RSYNC_ARGS…]
rsync_dir() {
    local src="$1" dst="$2"
    shift 2
    if [ "${DRY_RUN:-0}" = 1 ]; then
        dryrun "rsync -az $src ${ONBOARD_SSH_USER}@${ONBOARD_SSH_HOST}:$dst"
        return 0
    fi
    rsync -az -e "ssh ${_SSH_OPTS[*]}" "$src" "${ONBOARD_SSH_USER}@${ONBOARD_SSH_HOST}:$dst" "$@"
}

# rcheck — verify SSH connectivity; returns 0 if reachable
rcheck() {
    ssh "${_SSH_OPTS[@]}" -o ConnectTimeout=5 "${ONBOARD_SSH_USER}@${ONBOARD_SSH_HOST}" -- true 2>/dev/null
}
feat(onboard): add node onboarding scaffold (bash, idempotent) - scripts/onboard/onboard.sh: orchestrator with --node/--step/--from/--dry-run flags, deploy_autonomy + git_control gates, lexicographic step ordering - scripts/onboard/lib/common.sh: log/warn/die/step helpers, yaml_get (yq+grep/sed fallback), ensure_line, git() wrapper enforcing --no-pager - scripts/onboard/lib/remote.sh: rrun/rcopy/rsync_dir/rcheck SSH wrappers, dry-run aware - scripts/onboard/steps/00-preflight.sh: read-only fact collection (arch, RAM, disk, docker, tailscale, MagicMirror runtime, swap), human report + machine YAML snippet - scripts/onboard/steps/10-50: stub files with TODO headers, no mutations - hosts/lustro/node.yaml: LUSTRO edge node draft (KEN, role=edge, deploy_autonomy=true, git_control=false); hardware fields marked TODO for preflight population Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-06-08 14:23:21 +02:00			`#!/usr/bin/env bash`
			`# scripts/onboard/lib/remote.sh — SSH helpers for remote node operations`
			`# Requires: ONBOARD_SSH_USER, ONBOARD_SSH_HOST to be set by the caller.`
			`# Inherits: DRY_RUN (boolean string "true"/"false")`

			`set -euo pipefail`

			`: "${ONBOARD_SSH_USER:?remote.sh: ONBOARD_SSH_USER is not set}"`
			`: "${ONBOARD_SSH_HOST:?remote.sh: ONBOARD_SSH_HOST is not set}"`
fix(onboard): propagate dry-run into steps via run() helper DRY_RUN now uses 1/0 instead of "true"/"false" across all onboard scripts. common.sh: add run() — wraps mutations; prints "[dry-run] would: ..." when DRY_RUN=1. Exported via `export -f run` so child bash processes inherit it. onboard.sh: remove the `--dry-run → dryrun "Would execute" → continue` bypass. Steps now always execute; DRY_RUN=1 is exported so each step's own run() calls handle simulation. The orchestrator no longer needs to know step internals. remote.sh: update DRY_RUN checks to [ "${DRY_RUN:-0}" = 1 ] for consistency. 00-access.sh: remove all if/else DRY_RUN blocks; replace with: - Mutations (ssh-copy-id, curl install, tailscale up) wrapped in run() - Probes (SSH BatchMode test, command -v, _ts_state) run unconditionally so dry-run reports real current state ("key present → skip" vs "would: ...") - Stage 3 verify runs always; SSH failure is die in live mode, warn in dry-run (Tailscale not yet joined is expected on a fresh node) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-06-08 15:01:09 +02:00			`: "${DRY_RUN:=0}"`
feat(onboard): add node onboarding scaffold (bash, idempotent) - scripts/onboard/onboard.sh: orchestrator with --node/--step/--from/--dry-run flags, deploy_autonomy + git_control gates, lexicographic step ordering - scripts/onboard/lib/common.sh: log/warn/die/step helpers, yaml_get (yq+grep/sed fallback), ensure_line, git() wrapper enforcing --no-pager - scripts/onboard/lib/remote.sh: rrun/rcopy/rsync_dir/rcheck SSH wrappers, dry-run aware - scripts/onboard/steps/00-preflight.sh: read-only fact collection (arch, RAM, disk, docker, tailscale, MagicMirror runtime, swap), human report + machine YAML snippet - scripts/onboard/steps/10-50: stub files with TODO headers, no mutations - hosts/lustro/node.yaml: LUSTRO edge node draft (KEN, role=edge, deploy_autonomy=true, git_control=false); hardware fields marked TODO for preflight population Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-06-08 14:23:21 +02:00
			`_SSH_OPTS=(`
			`-o StrictHostKeyChecking=accept-new`
			`-o ConnectTimeout=10`
			`-o BatchMode=yes`
			`)`

			`# rrun CMD [ARGS…] — run a command on the remote node via SSH`
			`rrun() {`
fix(onboard): propagate dry-run into steps via run() helper DRY_RUN now uses 1/0 instead of "true"/"false" across all onboard scripts. common.sh: add run() — wraps mutations; prints "[dry-run] would: ..." when DRY_RUN=1. Exported via `export -f run` so child bash processes inherit it. onboard.sh: remove the `--dry-run → dryrun "Would execute" → continue` bypass. Steps now always execute; DRY_RUN=1 is exported so each step's own run() calls handle simulation. The orchestrator no longer needs to know step internals. remote.sh: update DRY_RUN checks to [ "${DRY_RUN:-0}" = 1 ] for consistency. 00-access.sh: remove all if/else DRY_RUN blocks; replace with: - Mutations (ssh-copy-id, curl install, tailscale up) wrapped in run() - Probes (SSH BatchMode test, command -v, _ts_state) run unconditionally so dry-run reports real current state ("key present → skip" vs "would: ...") - Stage 3 verify runs always; SSH failure is die in live mode, warn in dry-run (Tailscale not yet joined is expected on a fresh node) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-06-08 15:01:09 +02:00			`if [ "${DRY_RUN:-0}" = 1 ]; then`
feat(onboard): add node onboarding scaffold (bash, idempotent) - scripts/onboard/onboard.sh: orchestrator with --node/--step/--from/--dry-run flags, deploy_autonomy + git_control gates, lexicographic step ordering - scripts/onboard/lib/common.sh: log/warn/die/step helpers, yaml_get (yq+grep/sed fallback), ensure_line, git() wrapper enforcing --no-pager - scripts/onboard/lib/remote.sh: rrun/rcopy/rsync_dir/rcheck SSH wrappers, dry-run aware - scripts/onboard/steps/00-preflight.sh: read-only fact collection (arch, RAM, disk, docker, tailscale, MagicMirror runtime, swap), human report + machine YAML snippet - scripts/onboard/steps/10-50: stub files with TODO headers, no mutations - hosts/lustro/node.yaml: LUSTRO edge node draft (KEN, role=edge, deploy_autonomy=true, git_control=false); hardware fields marked TODO for preflight population Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-06-08 14:23:21 +02:00			`dryrun "ssh ${ONBOARD_SSH_USER}@${ONBOARD_SSH_HOST} -- $*"`
			`return 0`
			`fi`
			`ssh "${_SSH_OPTS[@]}" "${ONBOARD_SSH_USER}@${ONBOARD_SSH_HOST}" -- "$@"`
			`}`

			`# rcopy LOCAL_PATH REMOTE_PATH — copy a file to the remote node via scp`
			`rcopy() {`
			`local src="$1" dst="$2"`
fix(onboard): propagate dry-run into steps via run() helper DRY_RUN now uses 1/0 instead of "true"/"false" across all onboard scripts. common.sh: add run() — wraps mutations; prints "[dry-run] would: ..." when DRY_RUN=1. Exported via `export -f run` so child bash processes inherit it. onboard.sh: remove the `--dry-run → dryrun "Would execute" → continue` bypass. Steps now always execute; DRY_RUN=1 is exported so each step's own run() calls handle simulation. The orchestrator no longer needs to know step internals. remote.sh: update DRY_RUN checks to [ "${DRY_RUN:-0}" = 1 ] for consistency. 00-access.sh: remove all if/else DRY_RUN blocks; replace with: - Mutations (ssh-copy-id, curl install, tailscale up) wrapped in run() - Probes (SSH BatchMode test, command -v, _ts_state) run unconditionally so dry-run reports real current state ("key present → skip" vs "would: ...") - Stage 3 verify runs always; SSH failure is die in live mode, warn in dry-run (Tailscale not yet joined is expected on a fresh node) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-06-08 15:01:09 +02:00			`if [ "${DRY_RUN:-0}" = 1 ]; then`
feat(onboard): add node onboarding scaffold (bash, idempotent) - scripts/onboard/onboard.sh: orchestrator with --node/--step/--from/--dry-run flags, deploy_autonomy + git_control gates, lexicographic step ordering - scripts/onboard/lib/common.sh: log/warn/die/step helpers, yaml_get (yq+grep/sed fallback), ensure_line, git() wrapper enforcing --no-pager - scripts/onboard/lib/remote.sh: rrun/rcopy/rsync_dir/rcheck SSH wrappers, dry-run aware - scripts/onboard/steps/00-preflight.sh: read-only fact collection (arch, RAM, disk, docker, tailscale, MagicMirror runtime, swap), human report + machine YAML snippet - scripts/onboard/steps/10-50: stub files with TODO headers, no mutations - hosts/lustro/node.yaml: LUSTRO edge node draft (KEN, role=edge, deploy_autonomy=true, git_control=false); hardware fields marked TODO for preflight population Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-06-08 14:23:21 +02:00			`dryrun "scp $src ${ONBOARD_SSH_USER}@${ONBOARD_SSH_HOST}:$dst"`
			`return 0`
			`fi`
			`scp "${_SSH_OPTS[@]}" "$src" "${ONBOARD_SSH_USER}@${ONBOARD_SSH_HOST}:$dst"`
			`}`

			`# rsync_dir LOCAL_DIR REMOTE_DIR [EXTRA_RSYNC_ARGS…]`
			`rsync_dir() {`
			`local src="$1" dst="$2"`
			`shift 2`
fix(onboard): propagate dry-run into steps via run() helper DRY_RUN now uses 1/0 instead of "true"/"false" across all onboard scripts. common.sh: add run() — wraps mutations; prints "[dry-run] would: ..." when DRY_RUN=1. Exported via `export -f run` so child bash processes inherit it. onboard.sh: remove the `--dry-run → dryrun "Would execute" → continue` bypass. Steps now always execute; DRY_RUN=1 is exported so each step's own run() calls handle simulation. The orchestrator no longer needs to know step internals. remote.sh: update DRY_RUN checks to [ "${DRY_RUN:-0}" = 1 ] for consistency. 00-access.sh: remove all if/else DRY_RUN blocks; replace with: - Mutations (ssh-copy-id, curl install, tailscale up) wrapped in run() - Probes (SSH BatchMode test, command -v, _ts_state) run unconditionally so dry-run reports real current state ("key present → skip" vs "would: ...") - Stage 3 verify runs always; SSH failure is die in live mode, warn in dry-run (Tailscale not yet joined is expected on a fresh node) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-06-08 15:01:09 +02:00			`if [ "${DRY_RUN:-0}" = 1 ]; then`
feat(onboard): add node onboarding scaffold (bash, idempotent) - scripts/onboard/onboard.sh: orchestrator with --node/--step/--from/--dry-run flags, deploy_autonomy + git_control gates, lexicographic step ordering - scripts/onboard/lib/common.sh: log/warn/die/step helpers, yaml_get (yq+grep/sed fallback), ensure_line, git() wrapper enforcing --no-pager - scripts/onboard/lib/remote.sh: rrun/rcopy/rsync_dir/rcheck SSH wrappers, dry-run aware - scripts/onboard/steps/00-preflight.sh: read-only fact collection (arch, RAM, disk, docker, tailscale, MagicMirror runtime, swap), human report + machine YAML snippet - scripts/onboard/steps/10-50: stub files with TODO headers, no mutations - hosts/lustro/node.yaml: LUSTRO edge node draft (KEN, role=edge, deploy_autonomy=true, git_control=false); hardware fields marked TODO for preflight population Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-06-08 14:23:21 +02:00			`dryrun "rsync -az $src ${ONBOARD_SSH_USER}@${ONBOARD_SSH_HOST}:$dst"`
			`return 0`
			`fi`
			`rsync -az -e "ssh ${_SSH_OPTS[*]}" "$src" "${ONBOARD_SSH_USER}@${ONBOARD_SSH_HOST}:$dst" "$@"`
			`}`

			`# rcheck — verify SSH connectivity; returns 0 if reachable`
			`rcheck() {`
			`ssh "${_SSH_OPTS[@]}" -o ConnectTimeout=5 "${ONBOARD_SSH_USER}@${ONBOARD_SSH_HOST}" -- true 2>/dev/null`
			`}`