Bootstrap server-side sudo

scripts/bootstrap-server-sudo.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+#
+# Bootstrap sudoers.d config on server side before doing anything else!
+#
+set -e
+
+if [[ ${#} -lt 1 ]]; then
+  echo "Usage: ${0} [OPTIONS] [SSH_USER@]SSH_SERVER"
+  exit 1
+fi
+
+declare -r SUDO_CONF="'ALL=(ALL) NOPASSWD:ALL'"
+declare -r SUDO_NOTE="'# Managed by xiringuito, DO NOT EDIT!!!'"
+declare -r BASE_NAME=/etc/sudoers.d/xiringuito
+declare -r STDOUTERR=/tmp/xiringuito.$(basename ${0}).${USER}
+
+ssh -t -oStrictHostKeyChecking=no ${@} \
+  "sudo true && sudo bash -c \
+    \"umask 0337 && echo -e ${SUDO_NOTE}'\n'\${USER} ${SUDO_CONF} | tee ${BASE_NAME}-\${USER}\" >/dev/null" \
+    &>${STDOUTERR}

scripts/server-execute.sh

@@ -26,6 +26,7 @@ function teardown() {
   kill ${PPID}
   sleep 2
   [[ ! -x /usr/sbin/tunctl ]] && sudo ip tuntap del mode tun ${NETWORK_DEVICE} || sudo /usr/sbin/tunctl -d ${NETWORK_DEVICE}
+  sudo rm -f /etc/sudoers.d/xiringuito-${USER}
 }
 
 FAILED_PINGS=0

xiringuito

@@ -102,10 +102,11 @@ cd $(dirname ${0})
 
 ./scripts/client-preexec.sh
 
-echo -n "[ sudo check ] "; sudo true; echo
-
 declare -r SSH_SERVER=${1}; shift
 
+echo -n "[ (client) sudo check ] "; sudo true; echo
+echo -n "[ (server) sudo check ] "; ./scripts/bootstrap-server-sudo.sh ${SSH_PRIVATE_KEY_OPTS} ${SSH_PORT_OPTS} ${SSH_EXTRA_OPTS} ${SSH_SERVER}; echo
+
 declare -r ROUTE_CACHE_PATH=~/.xiringuito/routes; mkdir -p ${ROUTE_CACHE_PATH}
 declare -r ROUTE_CACHE_FILE=${ROUTE_CACHE_PATH}/${SSH_SERVER}
 if [[ ${#} -gt 0 ]]; then