From d85906f18c2260e1067415442b06b46878b534e9 Mon Sep 17 00:00:00 2001 From: dttb Date: Thu, 28 May 2026 13:07:16 +0300 Subject: [PATCH] =?UTF-8?q?netbird-claude-install:=20=D0=BF=D1=80=D0=BE?= =?UTF-8?q?=D0=BF=D1=83=D1=81=D0=BA=20=D0=BF=D0=B5=D1=80=D0=B5=D1=80=D0=B5?= =?UTF-8?q?=D0=B3=D0=B8=D1=81=D1=82=D1=80=D0=B0=D1=86=D0=B8=D0=B8=20+=20Ma?= =?UTF-8?q?c-=D0=BA=D0=BB=D1=8E=D1=87=20=D0=B2=20admin=5Fauthorized=5Fkeys?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Skip 'netbird up --setup-key' если хост уже Connected к tenant (иначе создаётся дубль peer) - Залить публичный ed25519-ключ Mac в C:\\ProgramData\\ssh\\administrators_authorized_keys + правильные ACL (SYSTEM+Administrators) Co-Authored-By: Claude Opus 4.7 (1M context) --- snippets/netbird-claude-install.ps1 | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/snippets/netbird-claude-install.ps1 b/snippets/netbird-claude-install.ps1 index 4767340..79cfee9 100644 --- a/snippets/netbird-claude-install.ps1 +++ b/snippets/netbird-claude-install.ps1 @@ -48,9 +48,15 @@ if (-not (Test-Path $NETBIRD_EXE)) { } # ===== 3. Регистрация ===== -Write-Host "[3/7] Регистрация в tenant с Claude-Diag ключом..." -& $NETBIRD_EXE up --setup-key $SETUP_KEY 2>&1 | Out-Host -Start-Sleep 3 +# Если уже подключён к tenant (например, через свой setup-key в другой группе) — не перерегистрировать +$nbStatus = & $NETBIRD_EXE status 2>$null | Out-String +if ($nbStatus -match "Management:\s*Connected" -or $nbStatus -match "Signal:\s*Connected") { + Write-Host "[3/7] Netbird уже подключён, перерегистрацию пропускаем" +} else { + Write-Host "[3/7] Регистрация в tenant с Claude-Diag ключом..." + & $NETBIRD_EXE up --setup-key $SETUP_KEY 2>&1 | Out-Host + Start-Sleep 3 +} # ===== 4. Пользователь claude ===== Write-Host "[4/7] Создаю/обновляю пользователя $CLAUDE_USER..." @@ -119,6 +125,23 @@ try { -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force | Out-Null } catch {} +# Mac-ключ Олега в administrators_authorized_keys (для админов sshd читает только этот файл) +$macKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPonNRAAJRK5wISltjR65MmeP7fQjf5HmYdQD9mlZ07F ai@mac-20260112" +$authKeys = "C:\ProgramData\ssh\administrators_authorized_keys" +try { + if (-not (Test-Path "C:\ProgramData\ssh")) { + New-Item -ItemType Directory -Path "C:\ProgramData\ssh" -Force | Out-Null + } + $current = if (Test-Path $authKeys) { Get-Content $authKeys -Raw -ErrorAction SilentlyContinue } else { "" } + if ($current -notmatch [regex]::Escape($macKey)) { + Add-Content -Path $authKeys -Value $macKey -Encoding ASCII + } + # Жёсткие права: только SYSTEM и Administrators (требование sshd для admin-ключей) + icacls $authKeys /inheritance:r /grant "SYSTEM:F" /grant "BUILTIN\Administrators:F" 2>&1 | Out-Null +} catch { + Write-Host " Не удалось установить Mac-ключ в administrators_authorized_keys" -ForegroundColor Yellow +} + # ===== 7. Firewall rules — только для NetBird CIDR ===== Write-Host "[7/7] Firewall rules для $NETBIRD_CIDR..." $rules = @(