From c11a6871836d1baab0aa007b496e3d2c658eb2ac Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 1 Apr 2024 19:35:36 +0200 Subject: mpv-headless: add simple ssh control interface --- inventory/host_vars/ele-tarvos.yml | 5 ++++ roles/streaming/mpv-headless/defaults/main.yml | 3 +++ roles/streaming/mpv-headless/tasks/main.yml | 14 ++++++++++ .../mpv-headless/templates/ssh-forced.sh.j2 | 31 ++++++++++++++++++++++ 4 files changed, 53 insertions(+) create mode 100644 roles/streaming/mpv-headless/templates/ssh-forced.sh.j2 diff --git a/inventory/host_vars/ele-tarvos.yml b/inventory/host_vars/ele-tarvos.yml index a1f206d4..e1fee7bc 100644 --- a/inventory/host_vars/ele-tarvos.yml +++ b/inventory/host_vars/ele-tarvos.yml @@ -37,6 +37,9 @@ network: base_modules_blacklist: "{{ base_modules_blacklist_all_but_sound }}" +sshd_allowusers_host: + - player + apt_repo_components: - main @@ -54,3 +57,5 @@ mpv_headless_media_storage: #mpv_headless_audio_device: "alsa/default" mpv_headless_audio_device: "alsa/hdmi" mpv_headless_video_mode: "1920x1080@50" + +mpv_headless_ssh_keys: "{{ users.equinox.ssh }}" diff --git a/roles/streaming/mpv-headless/defaults/main.yml b/roles/streaming/mpv-headless/defaults/main.yml index 816fa8e9..0ef41a75 100644 --- a/roles/streaming/mpv-headless/defaults/main.yml +++ b/roles/streaming/mpv-headless/defaults/main.yml @@ -8,3 +8,6 @@ mpv_headless_video_mode: "1920x1080@50" mpv_headless_play_script: | #!/bin/sh exec mpv --osd-level=0 --audio-device='{{ mpv_headless_audio_device }}' --vo=gpu --hwdec=vaapi --gpu-context=drm --drm-mode='{{ mpv_headless_video_mode }}' $@ + +# mpv_headless_ssh_keys: +# - ssh-ed25519 ... diff --git a/roles/streaming/mpv-headless/tasks/main.yml b/roles/streaming/mpv-headless/tasks/main.yml index 79ca1e31..f3a1e684 100644 --- a/roles/streaming/mpv-headless/tasks/main.yml +++ b/roles/streaming/mpv-headless/tasks/main.yml @@ -39,6 +39,14 @@ owner: player group: player +- name: Generate authorized_keys file for player + authorized_key: + user: player + key: |- + {% for key in mpv_headless_ssh_keys %} + no-agent-forwarding,no-port-forwarding,no-pty,no-X11-forwarding,no-user-rc,command="/var/lib/player/ssh-forced.sh" {{ key }} + {% endfor %} + - name: install .profile copy: content: | @@ -62,6 +70,12 @@ group: player mode: 0755 +- name: install ssh forced command + template: + src: ssh-forced.sh.j2 + dest: /var/lib/player/ssh-forced.sh + mode: 0755 + - name: create override direcotry for getty@tty1 service unit file: path: /etc/systemd/system/getty@tty1.service.d diff --git a/roles/streaming/mpv-headless/templates/ssh-forced.sh.j2 b/roles/streaming/mpv-headless/templates/ssh-forced.sh.j2 new file mode 100644 index 00000000..777f0b32 --- /dev/null +++ b/roles/streaming/mpv-headless/templates/ssh-forced.sh.j2 @@ -0,0 +1,31 @@ +#!/bin/sh + +if [ -z "${SSH_ORIGINAL_COMMAND}" ]; then + echo "please specify a command!" + exit 1 +fi + +command=$(echo "${SSH_ORIGINAL_COMMAND}" | awk '{print($1)}') +arg=$(echo "${SSH_ORIGINAL_COMMAND}" | awk '{print($2)}') + +case "$command" in + list) + ls --hide "lost+found" -1 /srv/media + ;; + play) + media_file="/srv/media/$(basename "$arg")" + if [ -e "$media_file" ]; then + exec ./play "$media_file" + else + echo "file '$media_file' not found!" + exit 1 + fi + ;; + stop) + killall mpv + ;; + *) + echo "invalid command: '$command'" + exit 1 + ;; +esac -- cgit v1.2.3