iankelling.org Git - distro-setup/blob - hssh

   1 #!/bin/bash
   2 set -eE -o pipefail
   3 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
   4
   5 # restricted ssh does not allow arguments, but they exist in $SSH_ORIGINAL_COMMAND
   6 # debug
   7 dfile=/tmp/hssh-debug-$(id -u)
   8 date >>$dfile
   9 echo SSH_ORIGINAL_COMMAND: $SSH_ORIGINAL_COMMAND >>$dfile
  10
  11 if [[ ! $SSH_ORIGINAL_COMMAND ]]; then
  12   echo "no SSH_ORIGINAL_COMMAND" >&2
  13   exit 1
  14 fi
  15
  16 mapfile -t cmds <<'EOF'
  17 # btrbk-run
  18 date +%z
  19 cat /a/bin/bash_unpublished/source-state
  20 cat /etc/hostname
  21 ps --no-headers -o comm 1
  22 systemctl is-active btrbk.service
  23 mkdir -p /mnt/root/btrbk && date +%z && df --output=size,pcent / | tail -n1
  24 DISPLAY=:0 xprintidle
  25 rsync --server --sender -logDtprRe.iLsfxC . /usr/local/./bin/mount-latest-subvol /usr/local/./bin/check-subvol-stale /usr/local/./lib/err
  26 rsync --server --sender -logDtpre.iLsfxC . /usr/local/lib/err
  27 rsync --server --sender -logDtpre.iLsfxC . /usr/local/bin/mount-latest-subvol /usr/local/bin/check-subvol-stale
  28 scp -f /a/bin/distro-setup/btrbk-run
  29 # mount-latest-remote
  30 timeout -s 9 600 /usr/local/bin/mount-latest-subvol
  31 rsync --server -OtpRe.LsfxC . /usr/local
  32 /usr/local/bin/mail-backup-clean
  33 /usr/local/bin/check-mailq
  34 EOF
  35
  36 allow=false
  37 for c in "${cmds[@]}"; do
  38   # echo "c $c" # debug
  39   if [[ $c == \#* ]]; then continue; fi
  40   if [[ $SSH_ORIGINAL_COMMAND == "$c" ]]; then
  41     allow=true
  42     break
  43   fi
  44 done
  45 if $allow; then
  46   eval $SSH_ORIGINAL_COMMAND || exit $?
  47 else
  48   f=/usr/local/bin/ssh_filter_btrbk.sh
  49   if [[ ! -e $f ]]; then
  50     f=/a/opt/btrbk/ssh_filter_btrbk.sh
  51   fi
  52   $f --target --delete --source --info || exit $?
  53 fi