From c1c7dee1fa6037a1197965727398346efa1137af Mon Sep 17 00:00:00 2001
From: steering7253
Date: Fri, 10 Apr 2026 15:47:31 +0000
Subject: add notifications

---
 authorized_keys.sh | 15 ++++++++++++---
 autopeer_shell.py  | 10 ++++++++--
 config.py          |  2 ++
 install.sh         |  5 +++--
 4 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/authorized_keys.sh b/authorized_keys.sh
index ec82497..24bf72e 100755
--- a/authorized_keys.sh
+++ b/authorized_keys.sh
@@ -2,15 +2,24 @@
 
 set -o pipefail
 
+cd /opt/autopeer
+NOTIFY_TO="$(python -c 'import config; print(config.NOTIFY_TO)')"
+
 user="$1"
 if [ "$1" = "new" ]; then
 	type="$2"
 	key="$3"
-	connection="$(echo "$4" | tr : _)"
+	connection="$4"
+
 	if user="$(grep -l -s -r -P '^\s*auth:\s*\Q'"$type"'\E\s+\Q'"$key"'\E$' /opt/autopeer/dn42-registry/data/mntner/ | perl -ne 's@^.*/@@; s@-MNT$@@; print lc;' | head -1)"; then
 		perl -ne 'print if s@^\s*auth:\s*ssh-@restrict,pty ssh-@' </opt/autopeer/dn42-registry/data/mntner/"$(echo "$user" | perl -ne 's@$@-MNT@; print uc;')"
-		/usr/sbin/adduser --disabled-password --quiet --comment "created at $(date +%s) by $key $connection" --ingroup autopeer "$user"
-		/usr/sbin/adduser "$user" bird
+		if getent passwd "$user"; then
+			exit 0
+		else
+			echo "[autopeer $(hostname)] New user being created: $user from $key $connection" | socat stdio "$NOTIFY_TO"
+			/usr/sbin/adduser --disabled-password --quiet --comment "created at $(date +%s) by $key ${connection//:/_}" --ingroup autopeer "$user"
+			/usr/sbin/adduser "$user" bird
+		fi
 	fi
 else # not new user
 	perl -ne 'print if s@^\s*auth:\s*ssh-@restrict,pty ssh-@' </opt/autopeer/dn42-registry/data/mntner/"$(echo "$user" | perl -ne 's@$@-MNT@; print uc;')"
diff --git a/autopeer_shell.py b/autopeer_shell.py
index f7b2cdd..2c6eac4 100755
--- a/autopeer_shell.py
+++ b/autopeer_shell.py
@@ -114,6 +114,8 @@ class AutopeerShell(cmd.Cmd):
 			print(f'Error: ipv6 link local must match {IPLL_REGEX}', file=sys.stderr)
 			return
 
+		sp = subprocess.run(['socat', 'stdio', NOTIFY_TO], input=f"[autopeer {socket.gethostname()}] Created new peering {name!r} for AS{SELECTED_ASN} by {USER}", text=True)
+
 		try:
 			curs = DB.execute(
 				'INSERT INTO peers (name, asn, pubkey, endpoint, port, ipll, creator_ip, creator_name, creator_date) VALUES (:name, :asn, :pubkey, :endpoint, :port, :ipll, :creator_ip, :creator_name, :creator_date)',
@@ -137,6 +139,7 @@ class AutopeerShell(cmd.Cmd):
 	def do_delpeer(self, name):
 		'''<name>
 			Delete your peering'''
+		sp = subprocess.run(['socat', 'stdio', NOTIFY_TO], input=f"[autopeer {socket.gethostname()}] Deleted peering {name!r} for AS{SELECTED_ASN} by {USER}", text=True)
 		curs = DB.execute(
 			'DELETE FROM peers WHERE name = :name AND asn = :asn',
 			dict(name=name, asn=SELECTED_ASN)
@@ -218,7 +221,10 @@ Your Tunnel IPv6LL: {you.ipll}
 
 if __name__ == '__main__':
 	shell = AutopeerShell()
-	if len(os.getenv('SSH_ORIGINAL_COMMAND', '')):
-		shell.onecmd(os.getenv('SSH_ORIGINAL_COMMAND'))
+	command = os.getenv('SSH_ORIGINAL_COMMAND', '')
+	if len(command):
+		sp = subprocess.run(['socat', 'stdio', NOTIFY_TO], input=f"[autopeer {socket.gethostname()}] {USER} ran {command}", text=True)
+		shell.onecmd(command)
 	else:
+		sp = subprocess.run(['socat', 'stdio', NOTIFY_TO], input=f"[autopeer {socket.gethostname()}] {USER} logged in", text=True)
 		shell.cmdloop()
diff --git a/config.py b/config.py
index 14c59eb..00cb3be 100644
--- a/config.py
+++ b/config.py
@@ -11,3 +11,5 @@ try:
 	MY_PRIVKEY = open('/etc/wireguard/privkey', 'r').read().strip()
 except: # open will fail due to perms as user
 	MY_PRIVKEY = None
+
+NOTIFY_TO = 'tcp:chaos.1459.dn42:13336'
diff --git a/install.sh b/install.sh
index 5272bee..01ee7f3 100755
--- a/install.sh
+++ b/install.sh
@@ -5,15 +5,16 @@ echo
 read -p "Press enter once you've done that..."
 
 
-apt install git wireguard-tools
+apt install git wireguard-tools cron socat
 ln -s /opt/autopeer/sshd_config /etc/ssh/sshd_config.d/autopeer.conf
 systemctl reload ssh
 addgroup autopeer
 adduser --disabled-password --comment '' new
 git -c core.sshcommand="ssh -i /opt/autopeer/id_autopeer" clone git@git.dn42.dev:dn42/registry.git /opt/autopeer/dn42-registry
 
-echo '47 * * * * root git -c merge.verifysignatures=false -c core.sshcommand="ssh -i /opt/autopeer/id_autopeer" -C /opt/autopeer/dn42-registry pull' >>/etc/cron.d/autopeer
+echo '47 * * * *  root git -c merge.verifysignatures=false -c core.sshcommand="ssh -i /opt/autopeer/id_autopeer" -C /opt/autopeer/dn42-registry pull' >>/etc/cron.d/autopeer
 echo '*/5 * * * * root /opt/autopeer/cronjob.py' >>/etc/cron.d/autopeer
+echo '0 * * * *   root git -C /opt/autopeer pull' >>/etc/cron.d/autopeer
 
 umask 0007
 mkdir /opt/autopeer/db
-- 
cgit v1.3.1-10-gc9f91