#!/usr/bin/env bash set -uo pipefail PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin log() { printf '[microagent-init] %s\n' "$*" >&2 } MMDS_IPV4_ADDRESS="169.254.170.2" read_machine_name() { if [ -r /etc/microagent/machine-name ]; then tr -d '\r\n' /dev/null 2>&1 || return 1 while [ "$attempt" -lt 50 ]; do token="$(curl -fsS -X PUT "http://${MMDS_IPV4_ADDRESS}/latest/api/token" \ -H 'X-metadata-token-ttl-seconds: 30' 2>/dev/null || true)" if [ -n "$token" ]; then payload="$(curl -fsS "http://${MMDS_IPV4_ADDRESS}/latest/meta-data" \ -H 'Accept: application/json' \ -H "X-metadata-token: ${token}" 2>/dev/null || true)" if [ -n "$payload" ]; then printf '%s' "$payload" return 0 fi fi attempt=$((attempt + 1)) sleep 0.1 done return 1 } apply_guest_metadata() { local payload="${1:-}" local machine_name [ -n "$payload" ] || return 1 install -d -m 0755 /etc/microagent machine_name="$(printf '%s' "$payload" | jq -r '.hostname // .machine_id // empty')" if [ -n "$machine_name" ]; then printf '%s\n' "$machine_name" >/etc/microagent/machine-name printf '%s\n' "$machine_name" >/etc/hostname cat >/etc/hosts </dev/null 2>&1 || true fi if printf '%s' "$payload" | jq -e '.authorized_keys | length > 0' >/dev/null 2>&1; then log "installing MMDS authorized_keys for node" install -d -m 0700 -o node -g node /home/node/.ssh printf '%s' "$payload" | jq -r '.authorized_keys[]' >/home/node/.ssh/authorized_keys chmod 0600 /home/node/.ssh/authorized_keys chown node:node /home/node/.ssh/authorized_keys printf '%s' "$payload" | jq -r '.authorized_keys[]' >/etc/microagent/authorized_keys chmod 0600 /etc/microagent/authorized_keys fi if printf '%s' "$payload" | jq -e '.trusted_user_ca_keys | length > 0' >/dev/null 2>&1; then log "installing MMDS trusted user CA keys" printf '%s' "$payload" | jq -r '.trusted_user_ca_keys[]' >/etc/microagent/trusted_user_ca_keys chmod 0644 /etc/microagent/trusted_user_ca_keys fi printf '%s' "$payload" | jq '{authorized_keys, trusted_user_ca_keys, login_webhook}' >/etc/microagent/guest-config.json chmod 0600 /etc/microagent/guest-config.json return 0 } mountpoint -q /proc || mount -t proc proc /proc mountpoint -q /sys || mount -t sysfs sysfs /sys mountpoint -q /dev || mount -t devtmpfs devtmpfs /dev mkdir -p /dev/pts /dev/shm mountpoint -q /dev/pts || mount -t devpts devpts /dev/pts -o mode=620,ptmxmode=666,gid=5 mountpoint -q /dev/shm || mount -t tmpfs tmpfs /dev/shm mountpoint -q /run || mount -t tmpfs tmpfs /run mkdir -p /tmp /var/tmp /run/sshd /var/log chmod 1777 /tmp /var/tmp resize2fs /dev/vda >/dev/null 2>&1 || true cleanup() { trap - INT TERM [ -n "${rng_pid:-}" ] && kill "$rng_pid" >/dev/null 2>&1 || true [ -n "${sshd_pid:-}" ] && kill "$sshd_pid" >/dev/null 2>&1 || true [ -n "${desktop_pid:-}" ] && kill "$desktop_pid" >/dev/null 2>&1 || true wait >/dev/null 2>&1 || true exit 0 } pid_running() { local pid="${1:-}" [ -n "$pid" ] && kill -0 "$pid" >/dev/null 2>&1 } reap_if_needed() { local pid="${1:-}" if [ -n "$pid" ]; then wait "$pid" >/dev/null 2>&1 || true fi } start_sshd() { reap_if_needed "${sshd_pid:-}" log "starting sshd on 2222" /usr/sbin/sshd -D -e >>/var/log/sshd.log 2>&1 & sshd_pid=$! } start_desktop() { reap_if_needed "${desktop_pid:-}" log "starting noVNC desktop on 6080" /usr/local/bin/microagent-desktop-session >>/var/log/desktop.log 2>&1 & desktop_pid=$! } trap cleanup INT TERM log "bringing up guest network" if ! /usr/local/bin/microagent-network-up >/var/log/network.log 2>&1; then cat /var/log/network.log >&2 || true exit 1 fi primary_iface="$(find /sys/class/net -mindepth 1 -maxdepth 1 -printf '%f\n' | grep -v '^lo$' | head -n1 || true)" if metadata_payload="$(fetch_mmds_metadata "$primary_iface")"; then log "applying guest metadata from MMDS" apply_guest_metadata "$metadata_payload" || true fi machine_name="$(read_machine_name)" export COMPUTER_NAME="$machine_name" printf '%s\n' "$machine_name" >/etc/hostname cat >/etc/hosts </dev/null 2>&1 || true if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then log "generating ssh host keys" ssh-keygen -A fi if [ -f /etc/microagent/authorized_keys ]; then log "installing injected authorized_keys for node" install -d -m 0700 -o node -g node /home/node/.ssh install -m 0600 -o node -g node /etc/microagent/authorized_keys /home/node/.ssh/authorized_keys fi if [ -f /etc/microagent/trusted_user_ca_keys ]; then log "using injected trusted user CA keys" chmod 0644 /etc/microagent/trusted_user_ca_keys fi # Raise default process and file-descriptor limits for interactive sessions. ulimit -n 1048576 2>/dev/null || true ulimit -u 65536 2>/dev/null || true cat >/etc/security/limits.d/microagent.conf <<'LIMITS' * soft nofile 1048576 * hard nofile 1048576 * soft nproc 65536 * hard nproc 65536 LIMITS if command -v jitterentropy-rngd >/dev/null 2>&1; then log "starting jitterentropy-rngd" jitterentropy-rngd -v >/var/log/jitterentropy.log 2>&1 & rng_pid=$! fi start_sshd start_desktop while true; do if ! pid_running "${sshd_pid:-}"; then log "sshd exited; restarting" start_sshd fi if ! pid_running "${desktop_pid:-}"; then log "desktop session exited; restarting" start_desktop fi sleep 1 done