From c11a6871836d1baab0aa007b496e3d2c658eb2ac Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 1 Apr 2024 19:35:36 +0200
Subject: mpv-headless: add simple ssh control interface

---
 roles/streaming/mpv-headless/tasks/main.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'roles/streaming/mpv-headless/tasks/main.yml')

diff --git a/roles/streaming/mpv-headless/tasks/main.yml b/roles/streaming/mpv-headless/tasks/main.yml
index 79ca1e31..f3a1e684 100644
--- a/roles/streaming/mpv-headless/tasks/main.yml
+++ b/roles/streaming/mpv-headless/tasks/main.yml
@@ -39,6 +39,14 @@
     owner: player
     group: player
 
+- name: Generate authorized_keys file for player
+  authorized_key:
+    user: player
+    key: |-
+      {% for key in  mpv_headless_ssh_keys %}
+      no-agent-forwarding,no-port-forwarding,no-pty,no-X11-forwarding,no-user-rc,command="/var/lib/player/ssh-forced.sh" {{ key }}
+      {% endfor %}
+
 - name: install .profile
   copy:
     content: |
@@ -62,6 +70,12 @@
     group: player
     mode: 0755
 
+- name: install ssh forced command
+  template:
+    src: ssh-forced.sh.j2
+    dest: /var/lib/player/ssh-forced.sh
+    mode: 0755
+
 - name: create override direcotry for getty@tty1 service unit
   file:
     path: /etc/systemd/system/getty@tty1.service.d
-- 
cgit v1.2.3