private/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

dsds

Browse Source
This commit is contained in:
Lars Gebhardt-Kusche
2026-03-07 22:40:46 +01:00
parent 9566b8c36a
commit 706917ec7c
5 changed files with 18 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
modules/pi_control/module.json
View File

@@ -34,7 +34,10 @@
{ "name": "ttyd_url", "label": "ttyd URL", "type": "text", "required": false, "help": "z.B. https://staging.nexus.int.kusche.berlin/ttyd" }, { "name": "ttyd_url", "label": "ttyd URL", "type": "text", "required": false, "help": "z.B. https://staging.nexus.int.kusche.berlin/ttyd" },
{ "name": "terminal_token_ttl", "label": "Token TTL (Minuten)", "type": "number", "required": false, "help": "Gültigkeit der Konsole-Token, z.B. 10" }, { "name": "terminal_token_ttl", "label": "Token TTL (Minuten)", "type": "number", "required": false, "help": "Gültigkeit der Konsole-Token, z.B. 10" },
{ "name": "terminal_shared_secret", "label": "Terminal Shared Secret", "type": "password", "required": false, "help": "Zusätzliche Absicherung für terminal_info (Header X-Terminal-Secret)" }, { "name": "terminal_shared_secret", "label": "Terminal Shared Secret", "type": "password", "required": false, "help": "Zusätzliche Absicherung für terminal_info (Header X-Terminal-Secret)" },
{ "name": "terminal_tmux_session", "label": "tmux Session-Name", "type": "text", "required": false, "help": "Session-Name für bestehende Konsole (Standard: nexus)" },
{ "name": "terminal_strict_hostkey", "label": "Strict Host-Key Checking", "type": "checkbox", "required": false, "help": "Aktiviert StrictHostKeyChecking (accept-new) statt Insecure." },
{ "name": "exec_default_timeout", "label": "Command-Timeout (Sek.)", "type": "number", "required": false, "help": "Default-Timeout für Befehle, z.B. 300" }, { "name": "exec_default_timeout", "label": "Command-Timeout (Sek.)", "type": "number", "required": false, "help": "Default-Timeout für Befehle, z.B. 300" },
{ "name": "settings_reload_sec", "label": "Settings Reload (Sek.)", "type": "number", "required": false, "help": "Wie oft der Worker Settings neu lädt (Standard 30s)" },
{ "name": "redis.host", "label": "Redis Host", "type": "text", "required": false, "help": "Service-Name, z.B. redis" }, { "name": "redis.host", "label": "Redis Host", "type": "text", "required": false, "help": "Service-Name, z.B. redis" },
{ "name": "redis.port", "label": "Redis Port", "type": "number", "required": false, "help": "Standard 6379" }, { "name": "redis.port", "label": "Redis Port", "type": "number", "required": false, "help": "Standard 6379" },
{ "name": "redis.password", "label": "Redis Passwort", "type": "password", "required": false }, { "name": "redis.password", "label": "Redis Passwort", "type": "password", "required": false },

3
modules/pi_control/pages/console.php
View File

@@ -328,7 +328,8 @@ if (isset($_GET['send_active_json'])) {
if (!$host) { if (!$host) {
$error = 'Host nicht gefunden.'; $error = 'Host nicht gefunden.';
} else { } else {
$strictHostKey = getenv('PI_CONTROL_STRICT_HOSTKEY') === '1'; $settings = modules()->settings('pi_control');
$strictHostKey = !empty($settings['terminal_strict_hostkey']) || getenv('PI_CONTROL_STRICT_HOSTKEY') === '1';
[$ok, $sendError] = sendToActiveConsole($host, $commandText, $strictHostKey); [$ok, $sendError] = sendToActiveConsole($host, $commandText, $strictHostKey);
if ($ok) { if ($ok) {
$notice = 'Befehl wurde in der bestehenden Konsole ausgeführt.'; $notice = 'Befehl wurde in der bestehenden Konsole ausgeführt.';

2
modules/pi_control/pages/terminal_info.php
View File

@@ -77,5 +77,7 @@ echo json_encode([
'password' => (string)($host['password'] ?? ''), 'password' => (string)($host['password'] ?? ''),
], ],
'command' => $commandText, 'command' => $commandText,
'strict_hostkey' => !empty($settings['terminal_strict_hostkey']),
'tmux_session' => (string)($settings['terminal_tmux_session'] ?? ''),
]); ]);
exit; exit;

6
tools/pi_control/pi_worker.php
View File

@@ -18,8 +18,7 @@ $module = 'pi_control';
$pdo = module_fn($module, 'pdo'); $pdo = module_fn($module, 'pdo');
module_fn($module, 'ensure_schema'); module_fn($module, 'ensure_schema');
$table = fn(string $name) => module_fn($module, 'table', $name); $table = fn(string $name) => module_fn($module, 'table', $name);
$settingsReloadSec = (int)(getenv('PI_CONTROL_SETTINGS_RELOAD_SEC') !== false ? (int)getenv('PI_CONTROL_SETTINGS_RELOAD_SEC') : 30); $settingsReloadSec = 30;
$settingsReloadSec = $settingsReloadSec > 0 ? $settingsReloadSec : 30;
$redis = null; $redis = null;
$queueName = 'pi_control:queue'; $queueName = 'pi_control:queue';
@@ -37,6 +36,9 @@ while (true) {
$queueName = (string)($settings['redis']['queue'] ?? ($settings['redis.queue'] ?? (getenv('PI_CONTROL_REDIS_QUEUE') ?: 'pi_control:queue'))); $queueName = (string)($settings['redis']['queue'] ?? ($settings['redis.queue'] ?? (getenv('PI_CONTROL_REDIS_QUEUE') ?: 'pi_control:queue')));
$defaultTimeout = (int)($settings['exec_default_timeout'] ?? (getenv('PI_CONTROL_EXEC_DEFAULT_TIMEOUT') !== false ? (int)getenv('PI_CONTROL_EXEC_DEFAULT_TIMEOUT') : 300)); $defaultTimeout = (int)($settings['exec_default_timeout'] ?? (getenv('PI_CONTROL_EXEC_DEFAULT_TIMEOUT') !== false ? (int)getenv('PI_CONTROL_EXEC_DEFAULT_TIMEOUT') : 300));
$defaultTimeout = $defaultTimeout > 0 ? $defaultTimeout : 300; $defaultTimeout = $defaultTimeout > 0 ? $defaultTimeout : 300;
$settingsReloadSec = (int)($settings['settings_reload_sec'] ?? (getenv('PI_CONTROL_SETTINGS_RELOAD_SEC') !== false ? (int)getenv('PI_CONTROL_SETTINGS_RELOAD_SEC') : 30));
$settingsReloadSec = $settingsReloadSec > 0 ? $settingsReloadSec : 30;
$strictHostKey = !empty($settings['terminal_strict_hostkey']) || getenv('PI_CONTROL_STRICT_HOSTKEY') === '1';
$redis = module_fn($module, 'redis'); $redis = module_fn($module, 'redis');
$lastSettingsAt = time(); $lastSettingsAt = time();
} }

7
tools/pi_control/terminal_entry.sh
View File

@@ -34,6 +34,8 @@ USER="$(echo "${JSON}" | jq -r '.host.username')"
AUTH_TYPE="$(echo "${JSON}" | jq -r '.host.auth_type')" AUTH_TYPE="$(echo "${JSON}" | jq -r '.host.auth_type')"
KEY_PATH="$(echo "${JSON}" | jq -r '.host.key_path')" KEY_PATH="$(echo "${JSON}" | jq -r '.host.key_path')"
PASSWORD="$(echo "${JSON}" | jq -r '.host.password')" PASSWORD="$(echo "${JSON}" | jq -r '.host.password')"
STRICT_HOSTKEY="$(echo "${JSON}" | jq -r '.strict_hostkey // false')"
TMUX_SESSION_JSON="$(echo "${JSON}" | jq -r '.tmux_session // ""')"
COMMAND="$(echo "${JSON}" | jq -r '.command // ""')" COMMAND="$(echo "${JSON}" | jq -r '.command // ""')"
if [[ -z "${COMMAND}" && -n "${ENC_COMMAND}" ]]; then if [[ -z "${COMMAND}" && -n "${ENC_COMMAND}" ]]; then
@@ -46,14 +48,17 @@ if [[ -z "${HOST}" || -z "${USER}" ]]; then
fi fi
SSH_OPTS=() SSH_OPTS=()
if [[ "${PI_CONTROL_STRICT_HOSTKEY:-}" == "1" ]]; then if [[ "${STRICT_HOSTKEY}" == "true" || "${PI_CONTROL_STRICT_HOSTKEY:-}" == "1" ]]; then
SSH_OPTS=(-o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=/root/.ssh/known_hosts) SSH_OPTS=(-o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=/root/.ssh/known_hosts)
else else
SSH_OPTS=(-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null) SSH_OPTS=(-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null)
fi fi
SSH_TARGET="${USER}@${HOST}" SSH_TARGET="${USER}@${HOST}"
TMUX_SESSION="${TMUX_SESSION_JSON:-}"
if [[ -z "${TMUX_SESSION}" ]]; then
TMUX_SESSION="${PI_CONTROL_TMUX_SESSION:-nexus}" TMUX_SESSION="${PI_CONTROL_TMUX_SESSION:-nexus}"
fi
if [[ -n "${COMMAND}" ]]; then if [[ -n "${COMMAND}" ]]; then
COMMAND_B64="$(printf '%s' "${COMMAND}" | base64)" COMMAND_B64="$(printf '%s' "${COMMAND}" | base64)"
REMOTE_CMD="CMD_B64='${COMMAND_B64}'; CMD=\"\$(printf '%s' \"\$CMD_B64\" | base64 -d)\"; if command -v tmux >/dev/null 2>&1; then SESSION=\"${TMUX_SESSION}\"; tmux has-session -t \"\$SESSION\" 2>/dev/null || tmux new-session -d -s \"\$SESSION\"; tmux send-keys -t \"\$SESSION\" \"\$CMD\" C-m; exec tmux attach -t \"\$SESSION\"; else eval \"\$CMD\"; exec /bin/bash -il; fi" REMOTE_CMD="CMD_B64='${COMMAND_B64}'; CMD=\"\$(printf '%s' \"\$CMD_B64\" | base64 -d)\"; if command -v tmux >/dev/null 2>&1; then SESSION=\"${TMUX_SESSION}\"; tmux has-session -t \"\$SESSION\" 2>/dev/null || tmux new-session -d -s \"\$SESSION\"; tmux send-keys -t \"\$SESSION\" \"\$CMD\" C-m; exec tmux attach -t \"\$SESSION\"; else eval \"\$CMD\"; exec /bin/bash -il; fi"