A configurable JWT-authenticated sub-claim-authorized endpoint for running bash scripts on Linux hosts via https (curl and the like). It's parameterless and fire'n'forget i.e. you only run a POST request to configured endpoints, (each can have a different script), and get HTTP status codes back.

Assuming you have a /deploy endpoint configured

curl -vvv -sS --fail-with-body -X POST -H "Authorization: Bearer $DEPLOY_TOKEN" \
      https://your.url.com/deploy

dotnet publish -r linux-x64 -c Release -p:PublishSingleFile=true --self-contained -p:PublishTrimmed=true

(e.g. to /opt/seon): seon, seon.pdb, appsettings.json.

⚠️ For seon to be useful it needs to be available either on the internet or your internal network. Configuring that is beyond the scope of this document.

If all your endpoints use the same JWT config you can configure it on the root level but you can override if per endpoint, just add the jwt node there.

appsettings.json

{
  "Logging": {
    "LogLevel": {
      "Default": "Debug",
      "System": "Debug",
      "Microsoft": "Debug"
    }
  },
  "Urls": "http://127.0.0.1:5000",
  "basePath": "",
  "seon": {
    "endpoints": {
      "/run": {
        "command": {
          "path": "/tmp/test/test.sh",
          "workingDir": "/tmp/test"
        },
        "auth": {
          "allowedSub": ""
        }
      }
    },
    "jwt": {
      "authority": "",
      "issuer": "",
      "audience": "",
      "debug": false
    }
  }
}

Assuming you save it in /opt/seon/seon.service

Example unit file:

[Unit]
Description=Script Execution Over the Network

[Service]
Type=exec
ExecStart=/opt/seon/seon
WorkingDirectory=/opt/seon
Environment=DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1

[Install]
WantedBy=multi-user.target

• Symlink /opt/seon/seon.service to /etc/systemd/system/seon.service
• Reload config: sudo systemctl daemon-reload
• Enable & start the service: sudo systemctl enable seon.service --now
• View logs: journalctl -u seon -xn100 | less