diff options
Diffstat (limited to 'docker/root/etc/s6')
-rwxr-xr-x | docker/root/etc/s6/.s6-svscan/finish | 2 | ||||
-rwxr-xr-x | docker/root/etc/s6/gitea/finish | 2 | ||||
-rwxr-xr-x | docker/root/etc/s6/gitea/run | 6 | ||||
-rwxr-xr-x | docker/root/etc/s6/gitea/setup | 66 | ||||
-rwxr-xr-x | docker/root/etc/s6/openssh/finish | 2 | ||||
-rwxr-xr-x | docker/root/etc/s6/openssh/run | 6 | ||||
-rwxr-xr-x | docker/root/etc/s6/openssh/setup | 51 |
7 files changed, 135 insertions, 0 deletions
diff --git a/docker/root/etc/s6/.s6-svscan/finish b/docker/root/etc/s6/.s6-svscan/finish new file mode 100755 index 00000000..06bd9865 --- /dev/null +++ b/docker/root/etc/s6/.s6-svscan/finish @@ -0,0 +1,2 @@ +#!/bin/bash +exit 0 diff --git a/docker/root/etc/s6/gitea/finish b/docker/root/etc/s6/gitea/finish new file mode 100755 index 00000000..5d44f417 --- /dev/null +++ b/docker/root/etc/s6/gitea/finish @@ -0,0 +1,2 @@ +#!/bin/bash +s6-svscanctl -t /etc/s6/ diff --git a/docker/root/etc/s6/gitea/run b/docker/root/etc/s6/gitea/run new file mode 100755 index 00000000..7b858350 --- /dev/null +++ b/docker/root/etc/s6/gitea/run @@ -0,0 +1,6 @@ +#!/bin/bash +[[ -f ./setup ]] && source ./setup + +pushd /app/gitea >/dev/null +exec su-exec $USER /usr/local/bin/gitea web +popd diff --git a/docker/root/etc/s6/gitea/setup b/docker/root/etc/s6/gitea/setup new file mode 100755 index 00000000..f8d76273 --- /dev/null +++ b/docker/root/etc/s6/gitea/setup @@ -0,0 +1,66 @@ +#!/bin/bash + +if [ ! -d /data/git/.ssh ]; then + mkdir -p /data/git/.ssh +fi + +# Set the correct permissions on the .ssh directory and authorized_keys file, +# or sshd will refuse to use them and lead to clone/push/pull failures. +# It could happen when users have copied their data to a new volume and changed the file permission by accident, +# and it would be very hard to troubleshoot unless users know how to check the logs of sshd which is started by s6. +chmod 700 /data/git/.ssh +if [ -f /data/git/.ssh/authorized_keys ]; then + chmod 600 /data/git/.ssh/authorized_keys +fi + +if [ ! -f /data/git/.ssh/environment ]; then + echo "GITEA_CUSTOM=$GITEA_CUSTOM" >| /data/git/.ssh/environment + chmod 600 /data/git/.ssh/environment + +elif ! grep -q "^GITEA_CUSTOM=$GITEA_CUSTOM$" /data/git/.ssh/environment; then + sed -i /^GITEA_CUSTOM=/d /data/git/.ssh/environment + echo "GITEA_CUSTOM=$GITEA_CUSTOM" >> /data/git/.ssh/environment +fi + +if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then + mkdir -p ${GITEA_CUSTOM}/conf + + # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and + # INSTALL_LOCK is empty + if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then + INSTALL_LOCK=true + fi + + # Substitute the environment variables in the template + APP_NAME=${APP_NAME:-"Forgejo: Beyond coding. We forge."} \ + RUN_MODE=${RUN_MODE:-"prod"} \ + DOMAIN=${DOMAIN:-"localhost"} \ + SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \ + HTTP_PORT=${HTTP_PORT:-"3000"} \ + ROOT_URL=${ROOT_URL:-""} \ + DISABLE_SSH=${DISABLE_SSH:-"false"} \ + SSH_PORT=${SSH_PORT:-"22"} \ + SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \ + LFS_START_SERVER=${LFS_START_SERVER:-"false"} \ + DB_TYPE=${DB_TYPE:-"sqlite3"} \ + DB_HOST=${DB_HOST:-"localhost:3306"} \ + DB_NAME=${DB_NAME:-"gitea"} \ + DB_USER=${DB_USER:-"root"} \ + DB_PASSWD=${DB_PASSWD:-""} \ + INSTALL_LOCK=${INSTALL_LOCK:-"false"} \ + DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \ + REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \ + SECRET_KEY=${SECRET_KEY:-""} \ + envsubst < /etc/templates/app.ini > ${GITEA_CUSTOM}/conf/app.ini + + chown ${USER}:git ${GITEA_CUSTOM}/conf/app.ini +fi + +# Replace app.ini settings with env variables in the form GITEA__SECTION_NAME__KEY_NAME +environment-to-ini --config ${GITEA_CUSTOM}/conf/app.ini + +# only chown if current owner is not already the gitea ${USER}. No recursive check to save time +if ! [[ $(ls -ld /data/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/gitea; fi +if ! [[ $(ls -ld /app/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /app/gitea; fi +if ! [[ $(ls -ld /data/git | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/git; fi +chmod 0755 /data/gitea /app/gitea /data/git diff --git a/docker/root/etc/s6/openssh/finish b/docker/root/etc/s6/openssh/finish new file mode 100755 index 00000000..06bd9865 --- /dev/null +++ b/docker/root/etc/s6/openssh/finish @@ -0,0 +1,2 @@ +#!/bin/bash +exit 0 diff --git a/docker/root/etc/s6/openssh/run b/docker/root/etc/s6/openssh/run new file mode 100755 index 00000000..a40b5b11 --- /dev/null +++ b/docker/root/etc/s6/openssh/run @@ -0,0 +1,6 @@ +#!/bin/bash +[[ -f ./setup ]] && source ./setup + +pushd /root >/dev/null +exec su-exec root /usr/sbin/sshd -D -e 2>&1 +popd diff --git a/docker/root/etc/s6/openssh/setup b/docker/root/etc/s6/openssh/setup new file mode 100755 index 00000000..dbb3bafd --- /dev/null +++ b/docker/root/etc/s6/openssh/setup @@ -0,0 +1,51 @@ +#!/bin/bash + +if [ ! -d /data/ssh ]; then + mkdir -p /data/ssh +fi + +if [ ! -f /data/ssh/ssh_host_ed25519_key ]; then + echo "Generating /data/ssh/ssh_host_ed25519_key..." + ssh-keygen -t ed25519 -f /data/ssh/ssh_host_ed25519_key -N "" > /dev/null +fi + +if [ ! -f /data/ssh/ssh_host_rsa_key ]; then + echo "Generating /data/ssh/ssh_host_rsa_key..." + ssh-keygen -t rsa -b 3072 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null +fi + +if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then + echo "Generating /data/ssh/ssh_host_ecdsa_key..." + ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null +fi + +if [ -e /data/ssh/ssh_host_ed25519_cert ]; then + SSH_ED25519_CERT=${SSH_ED25519_CERT:-"/data/ssh/ssh_host_ed25519_cert"} +fi + +if [ -e /data/ssh/ssh_host_rsa_cert ]; then + SSH_RSA_CERT=${SSH_RSA_CERT:-"/data/ssh/ssh_host_rsa_cert"} +fi + +if [ -e /data/ssh/ssh_host_ecdsa_cert ]; then + SSH_ECDSA_CERT=${SSH_ECDSA_CERT:-"/data/ssh/ssh_host_ecdsa_cert"} +fi + +if [ -d /etc/ssh ]; then + SSH_PORT=${SSH_PORT:-"22"} \ + SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \ + SSH_ED25519_CERT="${SSH_ED25519_CERT:+"HostCertificate "}${SSH_ED25519_CERT}" \ + SSH_RSA_CERT="${SSH_RSA_CERT:+"HostCertificate "}${SSH_RSA_CERT}" \ + SSH_ECDSA_CERT="${SSH_ECDSA_CERT:+"HostCertificate "}${SSH_ECDSA_CERT}" \ + SSH_MAX_STARTUPS="${SSH_MAX_STARTUPS:+"MaxStartups "}${SSH_MAX_STARTUPS}" \ + SSH_MAX_SESSIONS="${SSH_MAX_SESSIONS:+"MaxSessions "}${SSH_MAX_SESSIONS}" \ + SSH_INCLUDE_FILE="${SSH_INCLUDE_FILE:+"Include "}${SSH_INCLUDE_FILE}" \ + SSH_LOG_LEVEL=${SSH_LOG_LEVEL:-"INFO"} \ + envsubst < /etc/templates/sshd_config > /etc/ssh/sshd_config + + chmod 0644 /etc/ssh/sshd_config +fi + +chown root:root /data/ssh/* +chmod 0700 /data/ssh +chmod 0600 /data/ssh/* |