OliveTin

OliveTin is a lightweight, self‑hosted automation platform written in Go that exposes pre‑defined shell commands through a web interface. From a developer’s standpoint, it functions as a minimal HTTP server that parses a YAML configuration file describing command groups, parameters, and execution rules. The server then renders a responsive UI (React‑style components built with Go templates) that presents each command as a button or form. When invoked, OliveTin spawns a child process via os/exec, streams the output back to the client, and optionally triggers post‑execution hooks. This design keeps the core footprint under 10 MB of RAM and a single binary, making it ideal for embedded devices or containerized environments.

• Language & Runtime: Go 1.20+, leveraging the standard net/http package for routing and html/template for server‑side rendering. The binary is statically linked, facilitating distribution as a single file or Docker image.
• Configuration: A declarative YAML schema defines command trees, argument placeholders ({{ variable }}), dropdown options, and access controls. The YAML parser uses gopkg.in/yaml.v3, enabling comments and anchors for reusable blocks.
• Execution Engine: Commands are executed with exec.CommandContext, allowing timeouts and cancellation. Output is captured via pipes, streamed to the client over WebSockets for real‑time feedback.
• Security Layer: OliveTin runs as a non‑root user by default, with optional capabilities to grant limited sudo rights. The YAML schema supports role‑based access, whitelisting commands per user group and preventing arbitrary shell injection.
• Extensibility Hooks: Post‑execution HTTP callbacks (webhooks) and environment variable injection are supported out of the box, enabling integration with CI/CD pipelines or monitoring tools.

• Command Catalog: Group commands hierarchically; each command can expose positional arguments, flags, and templated variables. The UI automatically generates dropdowns or text inputs based on the YAML schema.
• Real‑time Output: WebSocket streams provide instant feedback for long‑running processes, with optional log truncation or color formatting.
• State Persistence: Optional SQLite backing stores command execution history and user sessions, though the default in‑memory mode suffices for most use cases.
• Webhooks & Callbacks: After a command finishes, OliveTin can POST JSON payloads to external endpoints (e.g., Slack, Grafana) or trigger local scripts.
• API Surface: A minimal REST API (/api/v1/...) exposes command metadata, execution status, and configuration reloads. Authentication can be wired to OAuth2 or basic auth via reverse proxy.

OliveTin is designed for container‑first deployment. The official Docker image (olivetin/olivetin:latest) mounts a /config volume for the YAML file and optionally a /data volume for SQLite logs. It listens on port 8080 by default and supports TLS termination when behind a reverse proxy (Traefik, Nginx). For bare‑metal installations, the single binary can be placed in /usr/local/bin and managed by systemd. Scaling horizontally is straightforward: multiple instances can run behind a load balancer, each with its own configuration or shared via NFS/Consul. Because OliveTin is stateless (except for optional SQLite), it scales linearly with CPU cores, and its memory footprint remains negligible even under heavy load.

• Plugin System: While not a traditional plugin framework, OliveTin allows developers to write custom Go modules that register new command types or output formatters. These can be compiled into the binary or loaded via Go plugins (plugin.Open).
• External APIs: Since OliveTin merely executes shell commands, any system that exposes a CLI can be integrated—curl, kubectl, docker, or even proprietary tools. Scripts can be wrapped in the YAML config to expose complex workflows.
• Webhook Ecosystem: The built‑in webhook support means OliveTin can act as a trigger point for event‑driven architectures, sending metrics to Prometheus or alerts to PagerDuty.
• Custom UI Components: The front‑end is built with Go templates; developers can replace the template files to adjust styling or add custom JavaScript widgets, all without recompiling the core logic.

OliveTin’s documentation (docs.olivetin.app) is concise, with a clear API reference and example YAML snippets. The community is active on Discord, providing rapid support for configuration questions or integration ideas. Because the core is a single Go binary with no external dependencies, contributors can focus on feature branches without worrying about complex build pipelines. The project follows CII Best Practices and has a mature Go test suite, ensuring that new changes are vetted before release.

1. Home Automation: Expose wake-on-lan, podman restart plex, or custom backup scripts to family members via a tablet‑friendly UI.
2. Junior Admin Onboarding: Provide a web form that maps to backupScript.sh --folder {{ customerName }}, allowing non‑technical staff to trigger scripts safely.
3. Temporary Access Control: Run firewall-cmd --add-service ssh --timeout 20m from a web button to grant short‑lived SSH access.