16 lines
694 B
Bash
Executable File
16 lines
694 B
Bash
Executable File
#!/usr/bin/env bash
|
|
# Forced command for the Void's restricted key. Maps a whitelisted action id to a
|
|
# concrete systemctl restart. The id arrives via SSH_ORIGINAL_COMMAND; nothing else
|
|
# is honoured. Edit the case list per host. Keep in sync with config/actions.json.
|
|
#
|
|
# Install on each target host:
|
|
# install -m 755 void-act /usr/local/bin/void-act
|
|
# # in voidact's ~/.ssh/authorized_keys, prefix the Void's pubkey with:
|
|
# command="/usr/local/bin/void-act",no-port-forwarding,no-pty,no-X11-forwarding <pubkey>
|
|
set -euo pipefail
|
|
id="${SSH_ORIGINAL_COMMAND:-}"
|
|
case "$id" in
|
|
restart-caddy-ct100) exec systemctl restart caddy ;;
|
|
*) echo "void-act: refused '$id'" >&2; exit 13 ;;
|
|
esac
|