new: [docker-host] add ``ntfy`` installation and connection

docker-host/hooks/install.d/90-ntfy.sh

@@ -0,0 +1,100 @@
+#!/bin/bash
+
+set -eux
+
+NTFY_BROKER="${NTFY_BROKER:-core-01.0k.io}"
+
+
+## Uncipher ntfy key to destination
+
+umask 077
+ntfy_key_ciphered="src/etc/ssh/ntfy-key"
+if [ ! -f "$ntfy_key_ciphered" ]; then
+    echo "Error: ciphered ntfy key not found" >&2
+    exit 1
+fi
+
+ntfy_key_dest=/etc/ssh/ntfy-key
+if [ ! -f "$ntfy_key_dest" ]; then
+    cat "$ntfy_key_ciphered" |
+        gpg -d --batch --yes --passphrase 'uniquepass' > "$ntfy_key_dest" || {
+        echo "Error while unpacking ntfy key to '${ntfy_key_dest}'" >&2
+        exit 1
+    }
+fi
+
+
+## Request token to ntfy server and add to config file 
+
+known_host="/root/.ssh/known_hosts"
+if ! ssh-keygen -F "$NTFY_BROKER" -f "$known_host" >/dev/null; then
+    ssh-keyscan -H "$NTFY_BROKER" >> "$known_host" || {
+        echo "Error while adding '$NTFY_BROKER' to known_hosts" >&2
+        exit 1
+    }
+fi
+
+config_file="/etc/ntfy/ntfy.conf"
+mkdir -p "${config_file%/*}"
+if ! [ -f "$config_file" ]; then
+    touch "$config_file" || {
+        echo "Error: couldn’t create config file '$config_file'" >&2;
+        exit 1
+    }
+fi
+
+LOGIN=""
+PASSWORD=""
+source "$config_file" || {
+    echo "Error: couldn't source config file '$config_file'" >&2
+    exit 1
+}
+
+## Note that we require the forcing of stdin to /dev/null to avoid
+## the rest of the script to be vacuumed by the ssh command.
+## This effect will only happen when launching this script in special
+## conditions involving stdin.
+cred=$(ssh -i "$ntfy_key_dest" ntfy@"${NTFY_BROKER}" \
+           request-token "$LOGIN" "$PASSWORD" </dev/null) || {
+    echo "Error while requesting token to ntfy server" >&2
+    exit 1
+}
+
+## XXXvlab: ideally it should be received from the last call
+server="https://ntfy.0k.io/"
+login=$(printf "%q" "${cred%$'\n'*}")
+password=$(printf "%q" "${cred#*$'\n'}")
+
+## check if password doesn't contain '%'
+
+for var in server login password; do
+    if [ "${!var}" == "''" ] || [[ "${!var}" == *$'\n'* ]]; then
+        echo "Error: empty or invalid multi-line values retrieved for '$var'" \
+             "from ntfy server. Received:" >&2
+        printf "%s" "$cred" | sed -r 's/^/  | /g' >&2
+        exit 1
+    fi
+    if [[ "${!var}" == *%* ]]; then
+        ## We need a separator char for sed replacement in the config file
+        echo "Error: forbidden character '%' found in $var" >&2
+        exit 1
+    fi
+    if grep -qE "^${var^^}=" "$config_file"; then
+        sed -ri "s%^${var^^}=.*$%${var^^}=\"${!var}\"%g" "$config_file"
+    else
+        echo "${var^^}=\"${!var}\"" >> "$config_file"
+    fi
+done
+
+
+if ! [ -f "/etc/ntfy/topics.yml" ]; then
+    cat <<'EOF' > /etc/ntfy/topics.yml
+.*\.(emerg|alert|crit|err|warning|notice):
+  - ${LOGIN}_main
+EOF
+fi
+
+
+## provide 'send' command
+
+cp -f "$PWD/src/bin/send" /usr/local/bin/send

docker-host/src/bin/send

@@ -0,0 +1,157 @@
+#!/bin/bash
+
+## Send a notification with NTFY and check if the config file is complete
+
+if [[ "$UID" == "0" ]]; then
+    NTFY_CONFIG_DIR="${NTFY_CONFIG_DIR:-/etc/ntfy}"
+else
+    NTFY_CONFIG_DIR="${NTFY_CONFIG_DIR:-~/.config/ntfy}"
+fi
+NTFY_CONFIG_FILE="$NTFY_CONFIG_DIR/ntfy.conf"
+
+SERVER="https://ntfy.0k.io"
+
+[ -f "$NTFY_CONFIG_DIR/topics.yml" ] || {
+    echo "Error: no 'topics.yml' file found in $NTFY_CONFIG_DIR" >&2
+    echo "  Please setup the topics for the notification channels in this file." >&2
+    exit 1
+}
+
+if ! [ -e "$NTFY_CONFIG_FILE" ]; then
+    mkdir -p "${NTFY_CONFIG_FILE%/*}"
+    ## default option to change if needed
+    echo "SERVER=$SERVER" > "$NTFY_CONFIG_FILE"
+elif ! grep -q "^SERVER=" "$NTFY_CONFIG_FILE"; then
+    echo "SERVER=$SERVER" >> "$NTFY_CONFIG_FILE"
+fi
+
+source "$NTFY_CONFIG_FILE" || {
+    echo "Error: could not source '$NTFY_CONFIG_FILE'" >&2
+    exit 1
+}
+
+SERVER="${SERVER%/}"
+
+for var in SERVER LOGIN PASSWORD; do
+    if ! [ -v "$var" ]; then
+        echo "Error: missing $var in $NTFY_CONFIG_FILE"
+        exit 1
+    fi
+done
+
+
+exname=${0##*/}
+channels=()
+
+
+usage="Usage: $exname [-c CHANNEL...] [-t TITLE ] MESSAGE 
+----------------------------------------------
+--- Send MESSAGE with TITLE to the differents topics defined by a CHANNEL. ---
+--- If no CHANNEL is provided, the message will be sent to the default channel. ---
+----------------------------------------------
+-c CHANNEL: One or multiple channels. If no CHANNEL is provided,
+    the message will be sent to the main channel.
+    You can provide multiple channels with -c channel1 -c channel2 ...  
+    topics are configured in $NTFY_CONFIG_DIR/topics.yml
+-t TITLE: If no TITLE is provided, the message will be sent with the hostname as title.
+- MESSAGE: The message to send.
+"
+
+while [ "$#" -gt 0 ]; do
+    arg="$1"
+    shift
+    case "$arg" in
+        -h|--help)
+            echo "$usage"
+            exit 0
+            ;;
+        -c|--channel)
+            [ -n "$1" ] || {
+                echo "Error: no argument for channel option." >&2
+                echo "$usage" >&2
+                exit 1
+            }
+            IFS=", " channels+=($1)
+            shift
+            ;;
+        -t|--title)
+            [ -n "$1" ] || {
+                echo "Error: no argument for title option." >&2
+                echo "$usage" >&2
+                exit 1
+            }
+            title="$1"
+            shift 
+            ;;
+        *)  
+            [ -z "$message" ] && { message="$arg"; continue; }
+            echo "Error : Unexpected positional argument '$arg'." >&2
+            echo "$usage" >&2
+            exit 1
+            ;;
+    esac
+done
+
+[ -n "$message" ] || {
+    echo "Error: missing message." >&2
+    echo "$usage" >&2
+    exit 1
+}
+
+read-0() {
+    local eof='' IFS=''
+    while [ "$1" ]; do
+        read -r -d '' -- "$1" || eof=1
+        shift
+    done
+    [ -z "$eof" ]
+}
+
+curl_opts=(
+    -s 
+    -u "$LOGIN:$PASSWORD"
+    -d "$message"
+)
+
+title="[$(hostname)] $title"
+title="${title%%+([[:space:]])}"
+curl_opts+=(-H "Title: $title")
+
+declare -A sent_topic=()
+
+if [ "${#channels[@]}" -eq 0 ]; then
+    channels=("main")
+fi
+
+for channel in "${channels[@]}"; do
+    channel_quoted=$(printf "%q" "$channel")
+    content=$(cat "$NTFY_CONFIG_DIR/topics.yml")
+    while read-0 channel_regex topics; do
+        [[ "$channel" =~ ^$channel_regex$ ]] || continue
+        rematch=("${BASH_REMATCH[@]}")
+        while read-0 topic; do
+            ttopic=$(printf "%s" "$topic" | yq "type")
+            if [ "$ttopic" != '!!str' ]; then
+                echo "Error: Unexpected '$ttopic' type for value of channel $channel." >&2
+                exit 1
+            fi
+            topic=$(printf "%s" "$topic" | yq -r " \"\" + .")
+            if ! [[ "$topic" =~ ^[a-zA-Z0-9\$\{\}*\ \,_.-]+$ ]]; then
+                echo "Error: Invalid topic value '$topic' expression in $channel channel." >&2
+                exit 1
+            fi
+            new_topics=($(set -- "${rematch[@]}"; eval echo "${topic//\*/\\*}"))
+            for new_topic in "${new_topics[@]}"; do
+                [ -n "${sent_topic["$new_topic"]}" ] && continue
+                sent_topic["$new_topic"]=1
+                if ! out=$(curl "${curl_opts[@]}" "$SERVER/${new_topic}"); then
+                    echo "Error: could not send message to $new_topic." >&2
+                    echo "curl command:" >&2
+                    echo "  curl ${curl_opts[@]} $SERVER/${new_topic}" >&2
+                    echo "$out" | sed 's/^/  | /' >&2
+                    exit 1
+                fi
+            done
+        done < <(printf "%s" "$topics" | yq e -0 '.[]')
+    done < <(printf "%s" "$content" | yq e -0 'to_entries | .[] | [.key, .value] |.[]')
+done