https://github.com/queil/seon

Script Execution Over the Network
https://github.com/queil/seon

Last synced: over 1 year ago
JSON representation

Script Execution Over the Network

• Host: GitHub
• URL: https://github.com/queil/seon
• Owner: queil
• License: apache-2.0
• Created: 2023-05-26T09:25:38.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2023-06-13T15:31:13.000Z (about 3 years ago)
• Last Synced: 2025-01-23T12:46:34.842Z (over 1 year ago)
• Language: F#
• Size: 49.8 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Seon

A configurable JWT-authenticated sub-claim-authorized endpoint for running bash scripts on Linux hosts via `https` (`curl` and the like). It's parameterless and fire'n'forget i.e. you only run a POST request to configured endpoints, (each can have a different script), and get HTTP status codes back. 

## Example usage (client)

*Assuming you have a `/deploy` endpoint configured*

```sh

curl -vvv -sS --fail-with-body -X POST -H "Authorization: Bearer $DEPLOY_TOKEN" \

      https://your.url.com/deploy

```

## Install

### Publish the project:

```sh

dotnet publish -r linux-x64 -c Release -p:PublishSingleFile=true --self-contained -p:PublishTrimmed=true

```

### Copy files to your Linux host 

(e.g. to `/opt/seon`): `seon`, `seon.pdb`, `appsettings.json`.

### Configure seon

:warning: For seon to be useful it needs to be available either on the internet or your internal network. Configuring that is beyond the scope of this document.

If all your endpoints use the same JWT config you can configure it on the root level but you can override 

if per endpoint, just add the `jwt` node there.

*appsettings.json*

```json

{

  "Logging": {

    "LogLevel": {

      "Default": "Debug",

      "System": "Debug",

      "Microsoft": "Debug"

    }

  },

  "Urls": "http://127.0.0.1:5000",

  "basePath": "",

  "seon": {

    "endpoints": {

      "/run": {

        "command": {

          "path": "/tmp/test/test.sh",

          "workingDir": "/tmp/test"

        },

        "auth": {

          "allowedSub": ""

        }

      }

    },

    "jwt": {

      "authority": "",

      "issuer": "",

      "audience": "",

      "debug": false

    }

  }

}

```

### Configure systemd

*Assuming you save it in /opt/seon/seon.service*

Example unit file:

```sh

[Unit]

Description=Script Execution Over the Network

[Service]

Type=exec

ExecStart=/opt/seon/seon

WorkingDirectory=/opt/seon

Environment=DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1

[Install]

WantedBy=multi-user.target

```

### Install the service

* Symlink `/opt/seon/seon.service` to `/etc/systemd/system/seon.service`

* Reload config: `sudo systemctl daemon-reload`

* Enable & start the service: `sudo systemctl enable seon.service --now`

* View logs: `journalctl -u seon -xn100 | less`