diff --git a/modules/pi_control/module.json b/modules/pi_control/module.json index e6292f7..419ddd6 100644 --- a/modules/pi_control/module.json +++ b/modules/pi_control/module.json @@ -34,7 +34,10 @@ { "name": "ttyd_url", "label": "ttyd URL", "type": "text", "required": false, "help": "z.B. https://staging.nexus.int.kusche.berlin/ttyd" }, { "name": "terminal_token_ttl", "label": "Token TTL (Minuten)", "type": "number", "required": false, "help": "Gültigkeit der Konsole-Token, z.B. 10" }, { "name": "terminal_shared_secret", "label": "Terminal Shared Secret", "type": "password", "required": false, "help": "Zusätzliche Absicherung für terminal_info (Header X-Terminal-Secret)" }, + { "name": "terminal_tmux_session", "label": "tmux Session-Name", "type": "text", "required": false, "help": "Session-Name für bestehende Konsole (Standard: nexus)" }, + { "name": "terminal_strict_hostkey", "label": "Strict Host-Key Checking", "type": "checkbox", "required": false, "help": "Aktiviert StrictHostKeyChecking (accept-new) statt Insecure." }, { "name": "exec_default_timeout", "label": "Command-Timeout (Sek.)", "type": "number", "required": false, "help": "Default-Timeout für Befehle, z.B. 300" }, + { "name": "settings_reload_sec", "label": "Settings Reload (Sek.)", "type": "number", "required": false, "help": "Wie oft der Worker Settings neu lädt (Standard 30s)" }, { "name": "redis.host", "label": "Redis Host", "type": "text", "required": false, "help": "Service-Name, z.B. redis" }, { "name": "redis.port", "label": "Redis Port", "type": "number", "required": false, "help": "Standard 6379" }, { "name": "redis.password", "label": "Redis Passwort", "type": "password", "required": false }, diff --git a/modules/pi_control/pages/console.php b/modules/pi_control/pages/console.php index 9225f9a..d37bf1e 100644 --- a/modules/pi_control/pages/console.php +++ b/modules/pi_control/pages/console.php @@ -328,7 +328,8 @@ if (isset($_GET['send_active_json'])) { if (!$host) { $error = 'Host nicht gefunden.'; } else { - $strictHostKey = getenv('PI_CONTROL_STRICT_HOSTKEY') === '1'; + $settings = modules()->settings('pi_control'); + $strictHostKey = !empty($settings['terminal_strict_hostkey']) || getenv('PI_CONTROL_STRICT_HOSTKEY') === '1'; [$ok, $sendError] = sendToActiveConsole($host, $commandText, $strictHostKey); if ($ok) { $notice = 'Befehl wurde in der bestehenden Konsole ausgeführt.'; diff --git a/modules/pi_control/pages/terminal_info.php b/modules/pi_control/pages/terminal_info.php index d0a37ed..7f8741f 100644 --- a/modules/pi_control/pages/terminal_info.php +++ b/modules/pi_control/pages/terminal_info.php @@ -77,5 +77,7 @@ echo json_encode([ 'password' => (string)($host['password'] ?? ''), ], 'command' => $commandText, + 'strict_hostkey' => !empty($settings['terminal_strict_hostkey']), + 'tmux_session' => (string)($settings['terminal_tmux_session'] ?? ''), ]); exit; diff --git a/tools/pi_control/pi_worker.php b/tools/pi_control/pi_worker.php index 19acde8..fe347b0 100644 --- a/tools/pi_control/pi_worker.php +++ b/tools/pi_control/pi_worker.php @@ -18,8 +18,7 @@ $module = 'pi_control'; $pdo = module_fn($module, 'pdo'); module_fn($module, 'ensure_schema'); $table = fn(string $name) => module_fn($module, 'table', $name); -$settingsReloadSec = (int)(getenv('PI_CONTROL_SETTINGS_RELOAD_SEC') !== false ? (int)getenv('PI_CONTROL_SETTINGS_RELOAD_SEC') : 30); -$settingsReloadSec = $settingsReloadSec > 0 ? $settingsReloadSec : 30; +$settingsReloadSec = 30; $redis = null; $queueName = 'pi_control:queue'; @@ -37,6 +36,9 @@ while (true) { $queueName = (string)($settings['redis']['queue'] ?? ($settings['redis.queue'] ?? (getenv('PI_CONTROL_REDIS_QUEUE') ?: 'pi_control:queue'))); $defaultTimeout = (int)($settings['exec_default_timeout'] ?? (getenv('PI_CONTROL_EXEC_DEFAULT_TIMEOUT') !== false ? (int)getenv('PI_CONTROL_EXEC_DEFAULT_TIMEOUT') : 300)); $defaultTimeout = $defaultTimeout > 0 ? $defaultTimeout : 300; + $settingsReloadSec = (int)($settings['settings_reload_sec'] ?? (getenv('PI_CONTROL_SETTINGS_RELOAD_SEC') !== false ? (int)getenv('PI_CONTROL_SETTINGS_RELOAD_SEC') : 30)); + $settingsReloadSec = $settingsReloadSec > 0 ? $settingsReloadSec : 30; + $strictHostKey = !empty($settings['terminal_strict_hostkey']) || getenv('PI_CONTROL_STRICT_HOSTKEY') === '1'; $redis = module_fn($module, 'redis'); $lastSettingsAt = time(); } diff --git a/tools/pi_control/terminal_entry.sh b/tools/pi_control/terminal_entry.sh index 1cd8d3a..d322c25 100644 --- a/tools/pi_control/terminal_entry.sh +++ b/tools/pi_control/terminal_entry.sh @@ -34,6 +34,8 @@ USER="$(echo "${JSON}" | jq -r '.host.username')" AUTH_TYPE="$(echo "${JSON}" | jq -r '.host.auth_type')" KEY_PATH="$(echo "${JSON}" | jq -r '.host.key_path')" PASSWORD="$(echo "${JSON}" | jq -r '.host.password')" +STRICT_HOSTKEY="$(echo "${JSON}" | jq -r '.strict_hostkey // false')" +TMUX_SESSION_JSON="$(echo "${JSON}" | jq -r '.tmux_session // ""')" COMMAND="$(echo "${JSON}" | jq -r '.command // ""')" if [[ -z "${COMMAND}" && -n "${ENC_COMMAND}" ]]; then @@ -46,14 +48,17 @@ if [[ -z "${HOST}" || -z "${USER}" ]]; then fi SSH_OPTS=() -if [[ "${PI_CONTROL_STRICT_HOSTKEY:-}" == "1" ]]; then +if [[ "${STRICT_HOSTKEY}" == "true" || "${PI_CONTROL_STRICT_HOSTKEY:-}" == "1" ]]; then SSH_OPTS=(-o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=/root/.ssh/known_hosts) else SSH_OPTS=(-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null) fi SSH_TARGET="${USER}@${HOST}" -TMUX_SESSION="${PI_CONTROL_TMUX_SESSION:-nexus}" +TMUX_SESSION="${TMUX_SESSION_JSON:-}" +if [[ -z "${TMUX_SESSION}" ]]; then + TMUX_SESSION="${PI_CONTROL_TMUX_SESSION:-nexus}" +fi if [[ -n "${COMMAND}" ]]; then COMMAND_B64="$(printf '%s' "${COMMAND}" | base64)" REMOTE_CMD="CMD_B64='${COMMAND_B64}'; CMD=\"\$(printf '%s' \"\$CMD_B64\" | base64 -d)\"; if command -v tmux >/dev/null 2>&1; then SESSION=\"${TMUX_SESSION}\"; tmux has-session -t \"\$SESSION\" 2>/dev/null || tmux new-session -d -s \"\$SESSION\"; tmux send-keys -t \"\$SESSION\" \"\$CMD\" C-m; exec tmux attach -t \"\$SESSION\"; else eval \"\$CMD\"; exec /bin/bash -il; fi"