notify: add ssh key for running remote notifications; add notify.sh

2021-10-15 23:24:33 -04:00 · 2021-10-15 23:24:33 -04:00 · 2c841f0851
commit 2c841f0851
parent 4bb9c944bf
2 changed files with 22 additions and 1 deletions
--- a/initial-setup.sh
+++ b/initial-setup.sh
@ -130,6 +130,8 @@ configure_ssh()
    log "Creating SSH keys"
    ssh-keygen -N "" -t ecdsa \
               -C "backup-appendonly@$HOSTID" -f "$SSH/id_ecdsa_appendonly"
+    ssh-keygen -N "" -t ecdsa \
+               -C "backup-notify@$HOSTID" -f "$SSH/id_ecdsa_notify"
    ssh-keygen -N "$PASS_SSH" -t ecdsa \
               -C "backup@$HOSTID" -f "$SSH/id_ecdsa"

@ -177,7 +179,7 @@ EOF
    run_ssh_command "if cmp -s $backup $keys; then rm $backup ; fi"
    run_ssh_command "cat >> .ssh/authorized_keys" <<EOF
 command="$cmd --append-only",restrict $(cat "$SSH/id_ecdsa_appendonly.pub")
-command="borg/notify.sh",restrict $(cat "$SSH/id_ecdsa_appendonly.pub")
+command="borg/notify.sh",restrict $(cat "$SSH/id_ecdsa_notify.pub")
 command="$cmd",restrict $(cat "$SSH/id_ecdsa.pub")
 EOF

--- a/notify.sh
+++ b/notify.sh
@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -e
+. "$(dirname "$0")"/vars.sh
+
+# Send notification email using a script on the backup host
+# First argument is our hostname, second argument is destination;
+# mail body is provided on stdin.
+
+if tty -s ; then
+    echo 'Refusing to read mail body from terminal'
+    exit 1
+fi
+
+ssh \
+    -F "$SSH/config" \
+    -i "$SSH/id_ecdsa_notify" \
+    "$BACKUP_USER@$BACKUP_HOST" \
+    borg/notify.sh "$HOSTNAME" "$1"