c12e36e0a4
- Add journalctl_recent command and scrum4me-web to whitelist in commands.yml.example - Add SYSTEMD_UNITS env var to .env.example - lib/parse-systemd.ts: parse activeState, subState, uptime, description - /app/systemd: server page reading SYSTEMD_UNITS, client list with 10s polling and status badges - /app/systemd/[unit]: server detail page, client component showing systemctl status + last 100 journal lines (polling 10s) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
65 lines
2.1 KiB
Text
65 lines
2.1 KiB
Text
# Whitelist of allowed commands for ops-agent.
|
|
# Copy to /etc/ops-agent/commands.yml on the host.
|
|
# Restart ops-agent after changes.
|
|
#
|
|
# Schema per command:
|
|
# cmd: required — command + static args as array (no shell, no interpolation)
|
|
# cwd: optional — working directory for the subprocess
|
|
# cwd_pattern: optional — working directory as a glob/pattern (resolved at runtime)
|
|
# args:
|
|
# allowed: optional — whitelist of argument values accepted from the caller
|
|
# If absent or empty, the command takes no extra arguments.
|
|
# description: optional — human-readable description
|
|
|
|
commands:
|
|
docker_ps:
|
|
cmd: ["docker", "ps", "--format", "table"]
|
|
description: "List running Docker containers"
|
|
|
|
git_status:
|
|
cmd: ["git", "status", "--short", "--branch"]
|
|
cwd_pattern: "/srv/"
|
|
description: "Git status with branch info (first arg = repo path, must start with /srv/)"
|
|
|
|
git_log_ahead:
|
|
cmd: ["git", "log", "@{upstream}..HEAD", "--oneline"]
|
|
cwd_pattern: "/srv/"
|
|
description: "Local commits not yet pushed (first arg = repo path)"
|
|
|
|
git_diff:
|
|
cmd: ["git", "diff", "HEAD"]
|
|
cwd_pattern: "/srv/"
|
|
description: "Uncommitted diff against HEAD (first arg = repo path)"
|
|
|
|
git_fetch:
|
|
cmd: ["git", "fetch", "--quiet"]
|
|
cwd_pattern: "/srv/"
|
|
description: "Fetch all remotes silently (first arg = repo path)"
|
|
|
|
systemctl_status:
|
|
cmd: ["systemctl", "status", "--no-pager", "-l"]
|
|
args:
|
|
allowed:
|
|
- scrum4me-web
|
|
- ops-agent
|
|
- caddy
|
|
- docker
|
|
- nginx
|
|
- postgresql
|
|
description: "Show systemctl status for an allowed service"
|
|
|
|
journalctl_recent:
|
|
cmd: ["journalctl", "--since", "1 hour ago", "-n", "100", "--no-pager", "-u"]
|
|
args:
|
|
allowed:
|
|
- scrum4me-web
|
|
- ops-agent
|
|
- caddy
|
|
- docker
|
|
- nginx
|
|
- postgresql
|
|
description: "Last 100 journal lines from the past hour for an allowed service"
|
|
|
|
caddy_show_config:
|
|
cmd: ["caddy", "fmt", "/etc/caddy/Caddyfile"]
|
|
description: "Print the formatted Caddy config"
|