From bca037330893403ee20e8d6381db9b375c137c19 Mon Sep 17 00:00:00 2001
From: steering7253
Date: Wed, 8 Apr 2026 16:36:59 +0000
Subject: misc fixes

---
 authorized_keys.sh | 3 ++-
 autopeer_shell.py  | 6 ++++--
 config.py          | 2 +-
 cronjob.py         | 4 ++--
 install.sh         | 2 +-
 lib_autopeer.py    | 2 +-
 sshd_config        | 4 ++--
 7 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/authorized_keys.sh b/authorized_keys.sh
index 867d153..1ee9f73 100755
--- a/authorized_keys.sh
+++ b/authorized_keys.sh
@@ -6,9 +6,10 @@ user="$1"
 if [ "$1" = "new" ]; then
 	type="$2"
 	key="$3"
+	connection="$4"
 	if user="$(grep -l -s -r -P '^\s*auth:\s*\Q'"$type"'\E\s+\Q'"$key"'\E$' /opt/autopeer/dn42-registry/data/mntner/ | perl -ne 's@^.*/@@; s@-MNT$@@; print lc;' | head -1)"; then
 		perl -ne 'print if s@^\s*auth:\s*ssh-@restrict,pty ssh-@' </opt/autopeer/dn42-registry/data/mntner/"$(echo "$user" | perl -ne 's@$@-MNT@; print uc;')"
-		/usr/sbin/adduser --disabled-password --quiet --comment "created at $(date +%s) by $key" --ingroup autopeer "$user"
+		/usr/sbin/adduser --disabled-password --quiet --comment "created at $(date +%s) by $key $connection" --ingroup autopeer "$user"
 	fi
 else # not new user
 	perl -ne 'print if s@^\s*auth:\s*ssh-@restrict,pty ssh-@' </opt/autopeer/dn42-registry/data/mntner/"$(echo "$user" | perl -ne 's@$@-MNT@; print uc;')"
diff --git a/autopeer_shell.py b/autopeer_shell.py
index d981676..6b31ecb 100755
--- a/autopeer_shell.py
+++ b/autopeer_shell.py
@@ -29,9 +29,11 @@ def as_from_user(which=None):
 		else:
 			print(f"oops, something went wrong getting your ASes, specifically: {filename}", file=sys.stderr)
 
-	if which is None:
+	if MY_ASN in user_ases and which: # allow owner to operate as anyone
+		return which
+	elif which is None: # at startup, use the first found
 		return user_ases[0]
-	elif which in user_ases:
+	elif which in user_ases: # if the user picked an AS in their list
 		return which
 	else:
 		raise Exception('not yours')
diff --git a/config.py b/config.py
index 0fb28fa..7ac3b44 100644
--- a/config.py
+++ b/config.py
@@ -1,4 +1,4 @@
-MY_ASN = '4242422452'
+MY_ASN = 4242422452
 MY_IPLL = 'fe80::800:8135'
 import socket
 MY_ENDPOINT = socket.getfqdn()
diff --git a/cronjob.py b/cronjob.py
index 84c5e24..38a19a9 100755
--- a/cronjob.py
+++ b/cronjob.py
@@ -10,11 +10,11 @@ while row := curs.fetchone():
 	name, asn = row
 	print(f'Processing {asn}-{name}...')
 	birdcfg = open(f'/etc/bird/peers/as{asn}{name}.conf', 'w')
-	wgcfg = open(f'/etc/wireguard/wg{asn%10000}{name}.conf', 'w')
+	wgcfg = open(f'/etc/wireguard/wg{asn%10000:04}{name}.conf', 'w')
 	print(_bird_config(name, _get_peer_info(name, asn), _get_my_info(asn)), file=birdcfg)
 	print(_wg_config(name, _get_peer_info(name, asn), _get_my_info(asn)), file=wgcfg)
 	birdcfg.close()
 	wgcfg.close()
-	os.system(f'systemctl enable --now wg-quick@wg-{asn}-{name}')
+	os.system(f'systemctl enable --now wg-quick@wg{asn%10000:04}{name}')
 
 os.system('birdc configure')
diff --git a/install.sh b/install.sh
index 97676f0..60ff4fe 100644
--- a/install.sh
+++ b/install.sh
@@ -11,7 +11,7 @@ addgroup autopeer
 adduser --disabled-password --comment '' new
 git -c core.sshcommand="ssh -i /opt/autopeer/id_autopeer" git clone git@git.dn42.dev:dn42/registry.git /opt/autopeer/dn42-registry
 
-echo '47 * * * * root git -c core.sshcommand="ssh -i /opt/autopeer/id_autopeer" -C /opt/autopeer/dn42-registry pull' >>/etc/cron.d/autopeer
+echo '47 * * * * root git -c merge.verifysignatures=false -c core.sshcommand="ssh -i /opt/autopeer/id_autopeer" -C /opt/autopeer/dn42-registry pull' >>/etc/cron.d/autopeer
 echo '*/5 * * * * root /opt/autopeer/cronjob.py' >>/etc/cron.d/autopeer
 
 mkdir /opt/autopeer/db
diff --git a/lib_autopeer.py b/lib_autopeer.py
index 283f71b..3d1652f 100644
--- a/lib_autopeer.py
+++ b/lib_autopeer.py
@@ -38,7 +38,7 @@ protocol bgp as{far_side.asn}{name} from dnpeers {{
 		import where dn42_import_filter({filter});
 		export where dn42_export_filter({filter});
 	}};
-	interface "wg-{far_side.asn}-{name}";
+	interface "wg{far_side.asn%10000:04}{name}";
 }};
 	'''
 
diff --git a/sshd_config b/sshd_config
index a6bf121..3b5e925 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,5 +1,5 @@
 Match user new
-	AuthorizedKeysCommand /opt/autopeer/authorized_keys.sh %u %t %k
+	AuthorizedKeysCommand /opt/autopeer/authorized_keys.sh %u %t %k %C
 	AuthorizedKeysCommandUser root
 	AuthenticationMethods publickey
 	AllowAgentForwarding no
@@ -12,7 +12,7 @@ Match user new
 	ForceCommand /opt/autopeer/new_user_created.sh
 
 Match group autopeer
-	AuthorizedKeysCommand /opt/autopeer/authorized_keys.sh %u %t %k
+	AuthorizedKeysCommand /opt/autopeer/authorized_keys.sh %u %t %k %C
 	AuthorizedKeysCommandUser root
 	AuthenticationMethods publickey
 	AllowAgentForwarding no
-- 
cgit v1.3.1-10-gc9f91