Valentin Lab
9 months ago
3 changed files with 266 additions and 0 deletions
-
100docker-host/hooks/install.d/90-ntfy.sh
-
166docker-host/src/bin/send
-
BINdocker-host/src/etc/ssh/ntfy-key
@ -0,0 +1,100 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
set -eux |
||||
|
|
||||
|
NTFY_BROKER="${NTFY_BROKER:-core-01.0k.io}" |
||||
|
|
||||
|
|
||||
|
## Uncipher ntfy key to destination |
||||
|
|
||||
|
umask 077 |
||||
|
ntfy_key_ciphered="src/etc/ssh/ntfy-key" |
||||
|
if [ ! -f "$ntfy_key_ciphered" ]; then |
||||
|
echo "Error: ciphered ntfy key not found" >&2 |
||||
|
exit 1 |
||||
|
fi |
||||
|
|
||||
|
ntfy_key_dest=/etc/ssh/ntfy-key |
||||
|
if [ ! -f "$ntfy_key_dest" ]; then |
||||
|
cat "$ntfy_key_ciphered" | |
||||
|
gpg -d --batch --yes --passphrase 'uniquepass' > "$ntfy_key_dest" || { |
||||
|
echo "Error while unpacking ntfy key to '${ntfy_key_dest}'" >&2 |
||||
|
exit 1 |
||||
|
} |
||||
|
fi |
||||
|
|
||||
|
|
||||
|
## Request token to ntfy server and add to config file |
||||
|
|
||||
|
known_host="/root/.ssh/known_hosts" |
||||
|
if ! ssh-keygen -F "$NTFY_BROKER" -f "$known_host" >/dev/null; then |
||||
|
ssh-keyscan -H "$NTFY_BROKER" >> "$known_host" || { |
||||
|
echo "Error while adding '$NTFY_BROKER' to known_hosts" >&2 |
||||
|
exit 1 |
||||
|
} |
||||
|
fi |
||||
|
|
||||
|
config_file="/etc/ntfy/ntfy.conf" |
||||
|
mkdir -p "${config_file%/*}" |
||||
|
if ! [ -f "$config_file" ]; then |
||||
|
touch "$config_file" || { |
||||
|
echo "Error: couldn’t create config file '$config_file'" >&2; |
||||
|
exit 1 |
||||
|
} |
||||
|
fi |
||||
|
|
||||
|
LOGIN="" |
||||
|
PASSWORD="" |
||||
|
source "$config_file" || { |
||||
|
echo "Error: couldn't source config file '$config_file'" >&2 |
||||
|
exit 1 |
||||
|
} |
||||
|
|
||||
|
## Note that we require the forcing of stdin to /dev/null to avoid |
||||
|
## the rest of the script to be vacuumed by the ssh command. |
||||
|
## This effect will only happen when launching this script in special |
||||
|
## conditions involving stdin. |
||||
|
cred=$(ssh -i "$ntfy_key_dest" ntfy@"${NTFY_BROKER}" \ |
||||
|
request-token "$LOGIN" "$PASSWORD" </dev/null) || { |
||||
|
echo "Error while requesting token to ntfy server" >&2 |
||||
|
exit 1 |
||||
|
} |
||||
|
|
||||
|
## XXXvlab: ideally it should be received from the last call |
||||
|
server="https://ntfy.0k.io/" |
||||
|
login=$(printf "%q" "${cred%$'\n'*}") |
||||
|
password=$(printf "%q" "${cred#*$'\n'}") |
||||
|
|
||||
|
## check if password doesn't contain '%' |
||||
|
|
||||
|
for var in server login password; do |
||||
|
if [ "${!var}" == "''" ] || [[ "${!var}" == *$'\n'* ]]; then |
||||
|
echo "Error: empty or invalid multi-line values retrieved for '$var'" \ |
||||
|
"from ntfy server. Received:" >&2 |
||||
|
printf "%s" "$cred" | sed -r 's/^/ | /g' >&2 |
||||
|
exit 1 |
||||
|
fi |
||||
|
if [[ "${!var}" == *%* ]]; then |
||||
|
## We need a separator char for sed replacement in the config file |
||||
|
echo "Error: forbidden character '%' found in $var" >&2 |
||||
|
exit 1 |
||||
|
fi |
||||
|
if grep -qE "^${var^^}=" "$config_file"; then |
||||
|
sed -ri "s%^${var^^}=.*$%${var^^}=\"${!var}\"%g" "$config_file" |
||||
|
else |
||||
|
echo "${var^^}=\"${!var}\"" >> "$config_file" |
||||
|
fi |
||||
|
done |
||||
|
|
||||
|
|
||||
|
if ! [ -f "/etc/ntfy/topics.yml" ]; then |
||||
|
cat <<'EOF' > /etc/ntfy/topics.yml |
||||
|
.*\.(emerg|alert|crit|err|warning|notice): |
||||
|
- ${LOGIN}_main |
||||
|
EOF |
||||
|
fi |
||||
|
|
||||
|
|
||||
|
## provide 'send' command |
||||
|
|
||||
|
cp -f "$PWD/src/bin/send" /usr/local/bin/send |
@ -0,0 +1,166 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
## Send a notification with NTFY and check if the config file is complete |
||||
|
|
||||
|
if [[ "$UID" == "0" ]]; then |
||||
|
NTFY_CONFIG_DIR="${NTFY_CONFIG_DIR:-/etc/ntfy}" |
||||
|
else |
||||
|
NTFY_CONFIG_DIR="${NTFY_CONFIG_DIR:-~/.config/ntfy}" |
||||
|
fi |
||||
|
NTFY_CONFIG_FILE="$NTFY_CONFIG_DIR/ntfy.conf" |
||||
|
|
||||
|
SERVER="https://ntfy.0k.io" |
||||
|
|
||||
|
[ -f "$NTFY_CONFIG_DIR/topics.yml" ] || { |
||||
|
echo "Error: no 'topics.yml' file found in $NTFY_CONFIG_DIR" >&2 |
||||
|
echo " Please setup the topics for the notification channels in this file." >&2 |
||||
|
exit 1 |
||||
|
} |
||||
|
|
||||
|
if ! [ -e "$NTFY_CONFIG_FILE" ]; then |
||||
|
mkdir -p "${NTFY_CONFIG_FILE%/*}" |
||||
|
## default option to change if needed |
||||
|
echo "SERVER=$SERVER" > "$NTFY_CONFIG_FILE" |
||||
|
elif ! grep -q "^SERVER=" "$NTFY_CONFIG_FILE"; then |
||||
|
echo "SERVER=$SERVER" >> "$NTFY_CONFIG_FILE" |
||||
|
fi |
||||
|
|
||||
|
source "$NTFY_CONFIG_FILE" || { |
||||
|
echo "Error: could not source '$NTFY_CONFIG_FILE'" >&2 |
||||
|
exit 1 |
||||
|
} |
||||
|
|
||||
|
SERVER="${SERVER%/}" |
||||
|
|
||||
|
for var in SERVER LOGIN PASSWORD; do |
||||
|
if ! [ -v "$var" ]; then |
||||
|
echo "Error: missing $var in $NTFY_CONFIG_FILE" |
||||
|
exit 1 |
||||
|
fi |
||||
|
done |
||||
|
|
||||
|
|
||||
|
exname=${0##*/} |
||||
|
channels=() |
||||
|
|
||||
|
usage="$exname [options] MESSAGE" |
||||
|
help="\ |
||||
|
|
||||
|
Send MESSAGE with TITLE to the differents topics defined by a CHANNEL |
||||
|
|
||||
|
$exname will read the $NTFY_CONFIG_DIR/topics.yml for channel to |
||||
|
topics conversion. |
||||
|
|
||||
|
|
||||
|
Usage: |
||||
|
$usage |
||||
|
|
||||
|
Options: |
||||
|
-c CHANNEL Specify one or multiple channels. Default 'main'. |
||||
|
(can be provided mulitiple time) |
||||
|
-t TITLE Specify the title of the message. (it'll still be |
||||
|
prefixed with the hostname) |
||||
|
Default is empty |
||||
|
MESSAGE message to send. |
||||
|
-h Display this help and exit. |
||||
|
|
||||
|
" |
||||
|
|
||||
|
while [ "$#" -gt 0 ]; do |
||||
|
arg="$1" |
||||
|
shift |
||||
|
case "$arg" in |
||||
|
-h|--help) |
||||
|
echo "$help" |
||||
|
exit 0 |
||||
|
;; |
||||
|
-c|--channel) |
||||
|
[ -n "$1" ] || { |
||||
|
echo "Error: no argument for channel option." >&2 |
||||
|
echo "$usage" >&2 |
||||
|
exit 1 |
||||
|
} |
||||
|
IFS=", " channels+=($1) |
||||
|
shift |
||||
|
;; |
||||
|
-t|--title) |
||||
|
[ -n "$1" ] || { |
||||
|
echo "Error: no argument for title option." >&2 |
||||
|
echo "$usage" >&2 |
||||
|
exit 1 |
||||
|
} |
||||
|
title="$1" |
||||
|
shift |
||||
|
;; |
||||
|
*) |
||||
|
[ -z "$message" ] && { message="$arg"; continue; } |
||||
|
echo "Error : Unexpected positional argument '$arg'." >&2 |
||||
|
echo "$usage" >&2 |
||||
|
exit 1 |
||||
|
;; |
||||
|
esac |
||||
|
done |
||||
|
|
||||
|
[ -n "$message" ] || { |
||||
|
echo "Error: missing message." >&2 |
||||
|
echo "$usage" >&2 |
||||
|
exit 1 |
||||
|
} |
||||
|
|
||||
|
read-0() { |
||||
|
local eof='' IFS='' |
||||
|
while [ "$1" ]; do |
||||
|
read -r -d '' -- "$1" || eof=1 |
||||
|
shift |
||||
|
done |
||||
|
[ -z "$eof" ] |
||||
|
} |
||||
|
|
||||
|
curl_opts=( |
||||
|
-s |
||||
|
-u "$LOGIN:$PASSWORD" |
||||
|
-d "$message" |
||||
|
) |
||||
|
|
||||
|
title="[$(hostname)] $title" |
||||
|
title="${title%%+([[:space:]])}" |
||||
|
curl_opts+=(-H "Title: $title") |
||||
|
|
||||
|
declare -A sent_topic=() |
||||
|
|
||||
|
if [ "${#channels[@]}" -eq 0 ]; then |
||||
|
channels=("main") |
||||
|
fi |
||||
|
|
||||
|
for channel in "${channels[@]}"; do |
||||
|
channel_quoted=$(printf "%q" "$channel") |
||||
|
content=$(cat "$NTFY_CONFIG_DIR/topics.yml") |
||||
|
while read-0 channel_regex topics; do |
||||
|
[[ "$channel" =~ ^$channel_regex$ ]] || continue |
||||
|
rematch=("${BASH_REMATCH[@]}") |
||||
|
while read-0 topic; do |
||||
|
ttopic=$(printf "%s" "$topic" | yq "type") |
||||
|
if [ "$ttopic" != '!!str' ]; then |
||||
|
echo "Error: Unexpected '$ttopic' type for value of channel $channel." >&2 |
||||
|
exit 1 |
||||
|
fi |
||||
|
topic=$(printf "%s" "$topic" | yq -r " \"\" + .") |
||||
|
if ! [[ "$topic" =~ ^[a-zA-Z0-9\$\{\}*\ \,_.-]+$ ]]; then |
||||
|
echo "Error: Invalid topic value '$topic' expression in $channel channel." >&2 |
||||
|
exit 1 |
||||
|
fi |
||||
|
new_topics=($(set -- "${rematch[@]}"; eval echo "${topic//\*/\\*}")) |
||||
|
for new_topic in "${new_topics[@]}"; do |
||||
|
[ -n "${sent_topic["$new_topic"]}" ] && continue |
||||
|
sent_topic["$new_topic"]=1 |
||||
|
if ! out=$(curl "${curl_opts[@]}" "$SERVER/${new_topic}"); then |
||||
|
echo "Error: could not send message to $new_topic." >&2 |
||||
|
echo "curl command:" >&2 |
||||
|
echo " curl ${curl_opts[@]} $SERVER/${new_topic}" >&2 |
||||
|
echo "$out" | sed 's/^/ | /' >&2 |
||||
|
exit 1 |
||||
|
fi |
||||
|
done |
||||
|
done < <(printf "%s" "$topics" | yq e -0 '.[]') |
||||
|
done < <(printf "%s" "$content" | yq e -0 'to_entries | .[] | [.key, .value] |.[]') |
||||
|
done |
Write
Preview
Loading…
Cancel
Save
Reference in new issue