cloudron-support: embed the terms

2025-07-11 10:33:22 +02:00
parent 4bbae73be1
commit b043e6bf52
1 changed files with 63 additions and 1 deletions
--- a/scripts/cloudron-support
+++ b/scripts/cloudron-support
@@ -11,6 +11,7 @@ fi
 readonly RED='\033[31m'
 readonly GREEN='\033[32m'
 readonly YELLOW='\033[33m'
+readonly BOLD='\033[1m'
 readonly DONE='\033[m'

 readonly PASTEBIN="https://paste.cloudron.io"
@@ -23,6 +24,7 @@ readonly HELP_MESSAGE="
 Options:
   --disable-dnssec           Disable DNSSEC
   --enable-remote-support    Enable SSH Remote Access for the Cloudron support team
+   --disable-remote-support   Disable SSH Remote Access for the Cloudron support team
   --fix-docker-version       Ensures the correct docker version is installed
   --owner-login              Login as owner
   --patch                    Apply a patch from git. WARNING: Do not use unless you know what you are doing!
@@ -57,7 +59,51 @@ function enable_remote_support() {
    local -r ssh_user="cloudron-support"
    local -r keys_file="/home/cloudron-support/.ssh/authorized_keys"

-    echo -n "Enabling Remote Access for the Cloudron support team..."
+    echo -e "
+================= ${BOLD}SSH ACCESS DISCLAIMER${DONE} =================
+
+By granting us SSH or remote access to your systems, you acknowledge and
+agree to the following:
+
+1. ${BOLD}Access to Customer Data${DONE}
+   Our team may have visibility into customer data during the course of
+   investigating or resolving issues. While we take all reasonable steps to
+   respect your privacy and handle data securely, you acknowledge that such
+   access may occur as part of the support process.
+
+2. ${BOLD}No Liability for Data Loss or System Changes${DONE}
+   Although we strive to exercise caution and due diligence, you acknowledge
+   and accept that:
+     ${BOLD}-${DONE} There is an inherent risk of data loss, corruption, or system
+       disruption during troubleshooting or configuration changes.
+     ${BOLD}-${DONE} We shall not be held liable for any loss of data, service
+       downtime, or unintended consequences arising from our access or any
+       actions taken during the support process.
+
+3. ${BOLD}Backups and Safeguards${DONE}
+   You are solely responsible for ensuring that up-to-date and complete
+   backups of your systems and data exist prior to granting us access.
+
+4. ${BOLD}Local Changes and Auto-Updates${DONE}
+   Your system may receive automatic updates as part of regular maintenance or
+   feature releases. Any local modifications or patches applied during support
+   may be overwritten by future updates. ${BOLD}-${DONE} It is the customer's
+   responsibility to track such changes and reapply them if necessary, or to
+   coordinate with us for permanent integration where applicable.
+
+5. ${BOLD}Consent to Proceed${DONE}
+   By providing access, you confirm that you have read, understood, and agreed
+   to the terms above and expressly authorize us to proceed with accessing
+   your systems for support purposes.
+
+=======================================================================
+"
+    read -p "Do you accept these terms? [y/N] " choice
+    choice=${choice:-n}
+
+    [[ ! $choice =~ ^[Yy]$ ]] && exit 1
+
+    echo -n "Terms accepted. Enabling Remote Access for the Cloudron support team..."
    mkdir -p $(dirname "${keys_file}")       # .ssh does not exist sometimes
    touch "${keys_file}"                # required for concat to work
    if ! grep -q "${cloudron_support_public_key}" "${keys_file}"; then
@@ -69,6 +115,21 @@ function enable_remote_support() {
    echo "Done"
 }

+function disable_remote_support() {
+    local -r cloudron_support_public_key="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWS+930b8QdzbchGljt3KSljH9wRhYvht8srrtQHdzg support@cloudron.io"
+    local -r ssh_user="cloudron-support"
+    local -r keys_file="/home/cloudron-support/.ssh/authorized_keys"
+
+    echo -n "Disabling Remote Access for the Cloudron support team..."
+    mkdir -p $(dirname "${keys_file}")       # .ssh does not exist sometimes
+    touch "${keys_file}"                     # required for del below to work
+    if grep -q "${cloudron_support_public_key}" "${keys_file}"; then
+        sed "/${cloudron_support_public_key}/d" "${keys_file}"
+    fi
+
+    echo "Done"
+}
+
 function wait_systemd_service() {
    local -r service="$1"

@@ -794,6 +855,7 @@ while true; do
        # fall through
        ;&
    --enable-remote-support) enable_remote_support; exit 0;;
+    --disable-remote-support) disable_remote_support; exit 0;;
    --admin-login)
        # fall through
        ;&