fixes

app/onboarding

@@ -1,23 +1,27 @@
 #!/bin/bash
-template templates/hosthostname /etc/hostname
+template templates/hostname /etc/hostname
+
+
+rex doas apk update
+rex doas apk add bash doas openssh
+
+
 # ass swap file ????
-# ------ create user 4server
-
-
 # ------ disable root user and login
 
 
 # ----- install nabula
 echo "prsync nebula bin"
-prsync -h "$hosts_file" -avz ./templates/nebula/nebula /4server/nebula
+prsync -h "$hosts_file" -avz ./sbin/nebula /4server/nebula
 rex doas mv /4server/nebula /usr/bin/ 
 
 rex doas mkdir -p /etc/nebula
 rex doas chmod 700 /etc/nebula
 
-template templates/nebula/nebula.yml /etc/nebula/config.yml
+template templates/nebula/config.yml /etc/nebula/config.yml
 template templates/nebula/host.key /etc/nebula/host.key            
 template templates/nebula/host.crt /etc/nebula/host.crt
+template templates/nebula/ca.crt /etc/nebula/ca.crt
 
 rex doas chmod 700 /etc/nebula
 
@@ -34,6 +38,22 @@ rex doas rc-update add ping_service default
 rex doas rc-service ping_service restart
 
 
-#! ----------- install ufe
-- ssh, 8080 only on nebula
-- only 80, 443 to the world
+# ADD USER 4SERVER
+rex doas adduser -D -s /bin/bash 4server
+
+SSH_DIR="/home/4server/.ssh"
+rex doas mkdir -p "$SSH_DIR"
+rex doas chmod 700 "$SSH_DIR"
+rex doas chown 4server:4server "$SSH_DIR"
+
+template templates/ssh/id_ed25519 /home/4server/.ssh/id_ed25519
+template templates/ssh/id_ed25519.pub /home/4server/.ssh/id_ed25519.pub
+rex "doas bash -c 'chmod 700 /home/4server/.ssh/*'"
+rex "doas bash -c 'chown -R 4server:4server /home/4server/.ssh/*'"
+
+template templates/.bashrc /home/4server/.bashrc
+rex doas mkdir -p /etc/doas.d
+
+rex "doas sh -c 'grep -q \"permit nopass 4server as root\" /etc/doas.d/4server.conf 2>/dev/null || echo \"permit nopass 4server as root\" | tee -a /etc/doas.d/4server.conf > /dev/null'"
+
+