diff --git a/linux_apt-upgrade.yaml b/linux_apt-upgrade.yaml new file mode 100644 index 0000000..cc2c32f --- /dev/null +++ b/linux_apt-upgrade.yaml @@ -0,0 +1,80 @@ +id: linux-apt-upgrade +namespace: homelab.docker + +inputs: + - id: host + type: STRING + displayName: "Server IP oder Hostname" + description: "Zielserver, z.B. 91.99.167.128" + + - id: user + type: STRING + displayName: "SSH Benutzer" + description: "SSH-Benutzer auf dem Zielserver" + defaults: meinuser + + - id: sudo_password + type: SECRET + displayName: "Sudo Passwort" + description: "Sudo-Passwort für den Benutzer meinuser" + +tasks: + - id: apt-upgrade + type: io.kestra.plugin.scripts.shell.Commands + containerImage: alpine:latest + + env: + SSH_PRIVATE_KEY: "{{ secret('SSH_PRIVATE_KEY') }}" + SUDO_PASSWORD: "{{ inputs.sudo_password }}" + + beforeCommands: + - apk add --no-cache openssh-client bash + + commands: + - | + set -eo pipefail + + mkdir -p ~/.ssh + chmod 700 ~/.ssh + + printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + + printf '%s\n' "$SUDO_PASSWORD" | ssh \ + -i ~/.ssh/id_rsa \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null \ + "{{ inputs.user }}@{{ inputs.host }}" \ + 'bash -lc '"'"' + set -euo pipefail + + export DEBIAN_FRONTEND=noninteractive + + echo "Angemeldet als: $(whoami)" + + if [ "$(id -u)" -eq 0 ]; then + echo "Benutzer ist root. Führe apt direkt aus." + apt-get update + apt-get -y upgrade + else + echo "Benutzer ist nicht root. Prüfe sudo." + + sudo -S -p "" -v + + echo "Sudo erfolgreich. Führe apt mit sudo aus." + sudo apt-get update + sudo DEBIAN_FRONTEND=noninteractive apt-get -y upgrade + fi + + if [ -f /var/run/reboot-required ]; then + echo "REBOOT_REQUIRED=yes" + else + echo "REBOOT_REQUIRED=no" + fi + '"'"'' + + - id: log-result + type: io.kestra.plugin.core.log.Log + message: | + ✅ apt update && apt upgrade wurde auf {{ inputs.user }}@{{ inputs.host }} ausgeführt. +