From c8b4d4a0d81fe0ee9935f5a212df173c3563cf9c Mon Sep 17 00:00:00 2001
From: "courtmanr@gmail.com" <courtmanr@gmail.com>
Date: Thu, 20 Nov 2025 13:22:32 +0000
Subject: [PATCH] Implement sensor proxy installation and configuration updates

---
 cmd/pulse-sensor-proxy/main.go  | 34 +++++++++++++++++++++++++++++++++
 internal/api/config_handlers.go | 20 +++++++++++++++++--
 internal/api/router.go          | 15 ++++++++++++++-
 scripts/install-sensor-proxy.sh | 27 ++++++++++++++++++++++----
 4 files changed, 89 insertions(+), 7 deletions(-)

diff --git a/cmd/pulse-sensor-proxy/main.go b/cmd/pulse-sensor-proxy/main.go
index 5408ddfc6..794829e23 100644
--- a/cmd/pulse-sensor-proxy/main.go
+++ b/cmd/pulse-sensor-proxy/main.go
@@ -76,8 +76,42 @@ var versionCmd = &cobra.Command{
 	},
 }
 
+var keysCmd = &cobra.Command{
+	Use:   "keys",
+	Short: "Print SSH public keys",
+	Run: func(cmd *cobra.Command, args []string) {
+		sshDir := os.Getenv("PULSE_SENSOR_PROXY_SSH_DIR")
+		if sshDir == "" {
+			sshDir = defaultSSHKeyPath
+		}
+
+		pubKeyPath := filepath.Join(sshDir, "id_ed25519.pub")
+		pubKeyBytes, err := os.ReadFile(pubKeyPath)
+		if err != nil {
+			// Try to find the key in the working directory as fallback
+			if wd, wdErr := os.Getwd(); wdErr == nil {
+				localPath := filepath.Join(wd, "id_ed25519.pub")
+				if localBytes, localErr := os.ReadFile(localPath); localErr == nil {
+					pubKeyBytes = localBytes
+				} else {
+					fmt.Fprintf(os.Stderr, "Failed to read public key from %s: %v\n", pubKeyPath, err)
+					os.Exit(1)
+				}
+			} else {
+				fmt.Fprintf(os.Stderr, "Failed to read public key from %s: %v\n", pubKeyPath, err)
+				os.Exit(1)
+			}
+		}
+		pubKey := strings.TrimSpace(string(pubKeyBytes))
+
+		fmt.Printf("Proxy Public Key: %s\n", pubKey)
+		fmt.Printf("Sensors Public Key: %s\n", pubKey)
+	},
+}
+
 func init() {
 	rootCmd.AddCommand(versionCmd)
+	rootCmd.AddCommand(keysCmd)
 	rootCmd.PersistentFlags().StringVar(&configPath, "config", "", "Path to configuration file (default: /etc/pulse-sensor-proxy/config.yaml)")
 }
 
diff --git a/internal/api/config_handlers.go b/internal/api/config_handlers.go
index 62a9ff065..a0b82818e 100644
--- a/internal/api/config_handlers.go
+++ b/internal/api/config_handlers.go
@@ -4205,7 +4205,15 @@ if [ "$TEMP_MONITORING_AVAILABLE" = true ] && [ "$PULSE_IS_CONTAINERIZED" = true
                 # Fetch the proxy's SSH public key now that it's installed and running
                 if [ "$TEMP_MONITORING_AVAILABLE" = true ] && [ "$PROXY_HEALTHY" = true ]; then
                     echo "  • Fetching SSH public key from proxy..."
-                    TEMPERATURE_PROXY_KEY=$(curl -s -f "$PROXY_KEY_URL" 2>/dev/null || echo "")
+                    # Try CLI command first
+                    TEMPERATURE_PROXY_KEY=$(/opt/pulse/sensor-proxy/bin/pulse-sensor-proxy keys 2>/dev/null | grep "Proxy Public Key:" | cut -d' ' -f4-)
+                    
+                    # Fallback: try to read keys directly from file
+                    if [ -z "$TEMPERATURE_PROXY_KEY" ] && [ -f "/var/lib/pulse-sensor-proxy/ssh/id_ed25519.pub" ]; then
+                        TEMPERATURE_PROXY_KEY=$(cat /var/lib/pulse-sensor-proxy/ssh/id_ed25519.pub)
+                        echo "  ✓ Fetched SSH key from file"
+                    fi
+
                     if [ -n "$TEMPERATURE_PROXY_KEY" ] && [[ "$TEMPERATURE_PROXY_KEY" =~ ^ssh-(rsa|ed25519) ]]; then
                         SSH_SENSORS_PUBLIC_KEY="$TEMPERATURE_PROXY_KEY"
                         SSH_SENSORS_KEY_ENTRY="command=\"sensors -j\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $TEMPERATURE_PROXY_KEY # pulse-sensor-proxy"
@@ -4346,7 +4354,15 @@ if [ "$SKIP_TEMPERATURE_PROMPT" = true ]; then
                     if [ "$PROXY_HEALTHY" = true ]; then
                         # Fetch the proxy's SSH public key
                         echo "  • Fetching SSH public key from proxy..."
-                        TEMPERATURE_PROXY_KEY=$(curl -s -f "$PROXY_KEY_URL" 2>/dev/null || echo "")
+                        # Try CLI command first
+                        TEMPERATURE_PROXY_KEY=$(/opt/pulse/sensor-proxy/bin/pulse-sensor-proxy keys 2>/dev/null | grep "Proxy Public Key:" | cut -d' ' -f4-)
+                        
+                        # Fallback: try to read keys directly from file
+                        if [ -z "$TEMPERATURE_PROXY_KEY" ] && [ -f "/var/lib/pulse-sensor-proxy/ssh/id_ed25519.pub" ]; then
+                            TEMPERATURE_PROXY_KEY=$(cat /var/lib/pulse-sensor-proxy/ssh/id_ed25519.pub)
+                            echo "  ✓ Fetched SSH key from file"
+                        fi
+
                         if [ -n "$TEMPERATURE_PROXY_KEY" ] && [[ "$TEMPERATURE_PROXY_KEY" =~ ^ssh-(rsa|ed25519) ]]; then
                             SSH_SENSORS_PUBLIC_KEY="$TEMPERATURE_PROXY_KEY"
                             SSH_SENSORS_KEY_ENTRY="command=\"sensors -j\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $TEMPERATURE_PROXY_KEY # pulse-sensor-proxy"
diff --git a/internal/api/router.go b/internal/api/router.go
index 359e527d6..35cb646fe 100644
--- a/internal/api/router.go
+++ b/internal/api/router.go
@@ -3682,10 +3682,23 @@ func (r *Router) handleDownloadPulseSensorProxy(w http.ResponseWriter, req *http
 		tmpFile.Close()
 		defer os.Remove(tmpFileName)
 
-		cmd := exec.Command("go", "build", "-o", tmpFileName, "./cmd/pulse-sensor-proxy")
+		// Determine target architecture
+		targetArch := "amd64"
+		if strings.Contains(arch, "arm64") {
+			targetArch = "arm64"
+		} else if strings.Contains(arch, "arm") {
+			targetArch = "arm"
+		} else if strings.Contains(arch, "386") {
+			targetArch = "386"
+		}
+
+		ldflags := "-X main.Version=4.32.0-dev"
+		cmd := exec.Command("go", "build", "-ldflags", ldflags, "-o", tmpFileName, "./cmd/pulse-sensor-proxy")
 		cmd.Dir = r.projectRoot
 		cmd.Env = append(os.Environ(),
 			"CGO_ENABLED=0",
+			"GOOS=linux",
+			fmt.Sprintf("GOARCH=%s", targetArch),
 		)
 
 		buildOutput, err := cmd.CombinedOutput()
diff --git a/scripts/install-sensor-proxy.sh b/scripts/install-sensor-proxy.sh
index 20ce1c334..33f63e3fa 100755
--- a/scripts/install-sensor-proxy.sh
+++ b/scripts/install-sensor-proxy.sh
@@ -1210,6 +1210,13 @@ else
     print_info "Service account pulse-sensor-proxy already exists"
 fi
 
+# Ensure group exists (in case user was created without it)
+if ! getent group pulse-sensor-proxy >/dev/null 2>&1; then
+    print_info "Creating pulse-sensor-proxy group..."
+    groupadd --system pulse-sensor-proxy
+    usermod -aG pulse-sensor-proxy pulse-sensor-proxy
+fi
+
 # Add pulse-sensor-proxy user to www-data group for Proxmox IPC access (pvecm commands)
 if ! groups pulse-sensor-proxy | grep -q '\bwww-data\b'; then
     print_info "Adding pulse-sensor-proxy to www-data group for Proxmox IPC access..."
@@ -1466,10 +1473,22 @@ fi
 
 # Create remaining directories with proper ownership (handles fresh installs and upgrades)
 print_info "Setting up service directories with proper ownership..."
-install -d -o pulse-sensor-proxy -g pulse-sensor-proxy -m 0750 /var/lib/pulse-sensor-proxy
-install -d -o pulse-sensor-proxy -g pulse-sensor-proxy -m 0700 "$SSH_DIR"
-install -m 0600 -o pulse-sensor-proxy -g pulse-sensor-proxy /dev/null "$SSH_DIR/known_hosts"
-install -d -o pulse-sensor-proxy -g pulse-sensor-proxy -m 0755 /etc/pulse-sensor-proxy
+if ! install -d -o pulse-sensor-proxy -g pulse-sensor-proxy -m 0750 /var/lib/pulse-sensor-proxy; then
+    print_error "Failed to create /var/lib/pulse-sensor-proxy"
+    exit 1
+fi
+if ! install -d -o pulse-sensor-proxy -g pulse-sensor-proxy -m 0700 "$SSH_DIR"; then
+    print_error "Failed to create $SSH_DIR"
+    exit 1
+fi
+if ! install -m 0600 -o pulse-sensor-proxy -g pulse-sensor-proxy /dev/null "$SSH_DIR/known_hosts"; then
+    print_error "Failed to create $SSH_DIR/known_hosts"
+    exit 1
+fi
+if ! install -d -o pulse-sensor-proxy -g pulse-sensor-proxy -m 0755 /etc/pulse-sensor-proxy; then
+    print_error "Failed to create /etc/pulse-sensor-proxy"
+    exit 1
+fi
 
 if [[ -n "$CTID" ]]; then
     echo "$CTID" > "$CTID_FILE"