iankelling.org Git - distro-setup/blob - hssh

   1 #!/bin/bash
   2 set -eE -o pipefail
   3 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
   4
   5 # restricted ssh does not allow arguments, but they exist in $SSH_ORIGINAL_COMMAND
   6 # debug
   7 dfile=/tmp/hssh-debug-$(id -u)
   8 date >>$dfile
   9 echo SSH_ORIGINAL_COMMAND: $SSH_ORIGINAL_COMMAND >>$dfile
  10
  11 if [[ ! $SSH_ORIGINAL_COMMAND ]]; then
  12   echo "no SSH_ORIGINAL_COMMAND" >&2
  13   exit 1
  14 fi
  15
  16 mapfile -t cmds <<'EOF'
  17 # btrbk-run
  18 date +%z
  19 cat /a/bin/bash_unpublished/source-state
  20 cat /etc/hostname
  21 ps --no-headers -o comm 1
  22 systemctl is-active btrbk.service
  23 mkdir -p /mnt/root/btrbk && date +%z && df --output=size,pcent / | tail -n1
  24 DISPLAY=:0 xprintidle
  25 rsync --server --sender -logDtprRe.iLsfxC . /usr/local/./bin/mount-latest-subvol /usr/local/./bin/check-subvol-stale /usr/local/./lib/err
  26 rsync --server --sender -logDtpre.iLsfxC . /usr/local/lib/err
  27 rsync --server --sender -logDtpre.iLsfxC . /usr/local/bin/mount-latest-subvol /usr/local/bin/check-subvol-stale
  28 scp -f /a/bin/distro-setup/btrbk-run
  29 # mount-latest-remote
  30 timeout -s 9 600 /usr/local/bin/mount-latest-subvol
  31 rsync --server -OtpRe.LsfxC . /usr/local
  32 /a/exe/mail-backup-clean
  33 EOF
  34
  35 allow=false
  36 for c in "${cmds[@]}"; do
  37   # echo "c $c" # debug
  38   if [[ $c == \#* ]]; then continue; fi
  39   if [[ $SSH_ORIGINAL_COMMAND == "$c" ]]; then
  40     allow=true
  41     break
  42   fi
  43 done
  44 if $allow; then
  45   eval $SSH_ORIGINAL_COMMAND || exit $?
  46 else
  47   f=/usr/local/bin/ssh_filter_btrbk.sh
  48   if [[ ! -e $f ]]; then
  49     f=/a/opt/btrbk/ssh_filter_btrbk.sh
  50   fi
  51   $f --target --delete --source --info || exit $?
  52 fi