Add /setup.sh script and support for a server-side .chihuahuarc file

The setup script sets up a debian server to be used with Chihuahua and can be used like this:
sudo sh <(curl https://status.example.org/setup.sh)

The .chihuahuarc file can be used to set environment variables and generally run shell commands to set up a Chihuahua session, and needs to be in the user directory of the SSH user Chihuahua will use. It basically works like a .bashrc.

Dockerfile

@@ -20,5 +20,6 @@ COPY --from=build /tmp/chihuahua /bin/chihuahua
 EXPOSE 80
 ENV ADDRESS :80
 ENV PATH /usr/lib/monitoring-plugins:/usr/local/bin:/usr/bin:/bin
+ENV HOME /data
 WORKDIR /data
 CMD ["/bin/chihuahua", "-c", "/data/chihuahua.yml"]

api.go

@@ -3,8 +3,11 @@ package chihuahua
 //go:generate go-bindata -pkg web -fs -prefix web -o web/data.go -ignore data\\.go web web/icons
 
 import (
+	"io/ioutil"
 	"net/http"
 	"os"
+	"path/filepath"
+	"strings"
 
 	"codeberg.org/momar/chihuahua/types"
 	"codeberg.org/momar/chihuahua/web"
@@ -55,7 +58,19 @@ func Api(servers map[string]*types.Server) {
 		return nil
 	}
 
+	getSetupScript := func(req *air.Request, res *air.Response) error {
+		files, _ := filepath.Glob(filepath.Join(os.Getenv("HOME"), ".ssh/id_*.pub"))
+		keys := ""
+		for _, file := range files {
+			key, _ := ioutil.ReadFile(file)
+			keys += strings.TrimSpace(string(key)) + "\n"
+		}
+		res.WriteString(SetupScript(string(keys)))
+		return nil
+	}
+
 	app := air.New()
+	app.GET("/setup.sh", getSetupScript)
 	app.GET("/checks", getCheck)
 	app.GET("/checks/:server", getCheck)
 	app.GET("/checks/:server/:check", getCheck)

check.go

@@ -21,7 +21,7 @@ func RunCheck(checkName string, check *types.Check, shell []string) {
 	logg.Tag("check", checkName).Debug("Executing command: %#v", append(shell, check.Command))
 	ctx, cancel := context.WithTimeout(context.Background(), ConnectionTimeout)
 	defer cancel()
-	c := exec.CommandContext(ctx, shell[0], append(shell[1:], check.Command)...)
+	c := exec.CommandContext(ctx, shell[0], append(shell[1:], "[ -e ~/.chihuahuarc ] && source ~/.chihuahuarc; " + check.Command)...)
 	var errbuf bytes.Buffer
 	c.Stderr = &errbuf
 	output, err := c.Output()

setup.go

@@ -0,0 +1,36 @@
+package chihuahua
+
+import "strings"
+
+func SetupScript(keys string) string {
+    return `#!/bin/sh
+# Install basic monitoring-plugins
+apt-get install -y monitoring-plugins
+
+# Create user "chihuahua" and add authorized SSH keys
+useradd -M -d /var/chihuahua -r -s /bin/sh chihuahua
+mkdir -p /var/chihuahua/.ssh
+echo 'export PATH="/var/chihuahua/:/usr/lib/nagios/plugins/:/usr/local/bin:/usr/bin:/bin"' > /var/chihuahua/.chihuahuarc
+
+cat <<'EOF' > /var/chihuahua/.ssh/authorized_keys
+` + strings.TrimSpace(keys) + `
+EOF
+
+# Add "check_sudo" script to securely run checks as root
+cat <<'EOF' > /usr/local/bin/check_sudo
+#!/bin/sh
+[ $# -gt 0 ] || { echo "Usage: sudo /usr/local/bin/check_sudo check_... ..."; exit 3; }
+cmd=$(realpath --canonicalize-existing --no-symlinks "/usr/lib/nagios/plugins/$1" | grep --max-count 1 '^/usr/lib/nagios/plugins/check_') || { echo "Not a nagios plugin."; exit 3; }
+shift
+exec "$cmd" "$@"
+EOF
+cat <<'EOF' > /var/chihuahua/check_sudo
+#!/bin/sh
+sudo /usr/local/bin/check_sudo "$@"
+EOF
+chmod +x /usr/local/bin/check_sudo /var/chihuahua/check_sudo
+grep chihuahua /etc/sudoers >/dev/null || { echo 'chihuahua ALL=(root) NOPASSWD: /usr/local/bin/check_sudo' >> /etc/sudoers; }
+
+chown -R chihuahua:chihuahua /var/chihuahua
+`
+}