summaryrefslogtreecommitdiffstats
path: root/docker/root/etc/s6
diff options
context:
space:
mode:
Diffstat (limited to 'docker/root/etc/s6')
-rwxr-xr-xdocker/root/etc/s6/.s6-svscan/finish2
-rwxr-xr-xdocker/root/etc/s6/gitea/finish2
-rwxr-xr-xdocker/root/etc/s6/gitea/run6
-rwxr-xr-xdocker/root/etc/s6/gitea/setup66
-rwxr-xr-xdocker/root/etc/s6/openssh/finish2
-rwxr-xr-xdocker/root/etc/s6/openssh/run6
-rwxr-xr-xdocker/root/etc/s6/openssh/setup51
7 files changed, 135 insertions, 0 deletions
diff --git a/docker/root/etc/s6/.s6-svscan/finish b/docker/root/etc/s6/.s6-svscan/finish
new file mode 100755
index 00000000..06bd9865
--- /dev/null
+++ b/docker/root/etc/s6/.s6-svscan/finish
@@ -0,0 +1,2 @@
+#!/bin/bash
+exit 0
diff --git a/docker/root/etc/s6/gitea/finish b/docker/root/etc/s6/gitea/finish
new file mode 100755
index 00000000..5d44f417
--- /dev/null
+++ b/docker/root/etc/s6/gitea/finish
@@ -0,0 +1,2 @@
+#!/bin/bash
+s6-svscanctl -t /etc/s6/
diff --git a/docker/root/etc/s6/gitea/run b/docker/root/etc/s6/gitea/run
new file mode 100755
index 00000000..7b858350
--- /dev/null
+++ b/docker/root/etc/s6/gitea/run
@@ -0,0 +1,6 @@
+#!/bin/bash
+[[ -f ./setup ]] && source ./setup
+
+pushd /app/gitea >/dev/null
+exec su-exec $USER /usr/local/bin/gitea web
+popd
diff --git a/docker/root/etc/s6/gitea/setup b/docker/root/etc/s6/gitea/setup
new file mode 100755
index 00000000..f8d76273
--- /dev/null
+++ b/docker/root/etc/s6/gitea/setup
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+if [ ! -d /data/git/.ssh ]; then
+ mkdir -p /data/git/.ssh
+fi
+
+# Set the correct permissions on the .ssh directory and authorized_keys file,
+# or sshd will refuse to use them and lead to clone/push/pull failures.
+# It could happen when users have copied their data to a new volume and changed the file permission by accident,
+# and it would be very hard to troubleshoot unless users know how to check the logs of sshd which is started by s6.
+chmod 700 /data/git/.ssh
+if [ -f /data/git/.ssh/authorized_keys ]; then
+ chmod 600 /data/git/.ssh/authorized_keys
+fi
+
+if [ ! -f /data/git/.ssh/environment ]; then
+ echo "GITEA_CUSTOM=$GITEA_CUSTOM" >| /data/git/.ssh/environment
+ chmod 600 /data/git/.ssh/environment
+
+elif ! grep -q "^GITEA_CUSTOM=$GITEA_CUSTOM$" /data/git/.ssh/environment; then
+ sed -i /^GITEA_CUSTOM=/d /data/git/.ssh/environment
+ echo "GITEA_CUSTOM=$GITEA_CUSTOM" >> /data/git/.ssh/environment
+fi
+
+if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then
+ mkdir -p ${GITEA_CUSTOM}/conf
+
+ # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and
+ # INSTALL_LOCK is empty
+ if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then
+ INSTALL_LOCK=true
+ fi
+
+ # Substitute the environment variables in the template
+ APP_NAME=${APP_NAME:-"Forgejo: Beyond coding. We forge."} \
+ RUN_MODE=${RUN_MODE:-"prod"} \
+ DOMAIN=${DOMAIN:-"localhost"} \
+ SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
+ HTTP_PORT=${HTTP_PORT:-"3000"} \
+ ROOT_URL=${ROOT_URL:-""} \
+ DISABLE_SSH=${DISABLE_SSH:-"false"} \
+ SSH_PORT=${SSH_PORT:-"22"} \
+ SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \
+ LFS_START_SERVER=${LFS_START_SERVER:-"false"} \
+ DB_TYPE=${DB_TYPE:-"sqlite3"} \
+ DB_HOST=${DB_HOST:-"localhost:3306"} \
+ DB_NAME=${DB_NAME:-"gitea"} \
+ DB_USER=${DB_USER:-"root"} \
+ DB_PASSWD=${DB_PASSWD:-""} \
+ INSTALL_LOCK=${INSTALL_LOCK:-"false"} \
+ DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \
+ REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \
+ SECRET_KEY=${SECRET_KEY:-""} \
+ envsubst < /etc/templates/app.ini > ${GITEA_CUSTOM}/conf/app.ini
+
+ chown ${USER}:git ${GITEA_CUSTOM}/conf/app.ini
+fi
+
+# Replace app.ini settings with env variables in the form GITEA__SECTION_NAME__KEY_NAME
+environment-to-ini --config ${GITEA_CUSTOM}/conf/app.ini
+
+# only chown if current owner is not already the gitea ${USER}. No recursive check to save time
+if ! [[ $(ls -ld /data/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/gitea; fi
+if ! [[ $(ls -ld /app/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /app/gitea; fi
+if ! [[ $(ls -ld /data/git | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/git; fi
+chmod 0755 /data/gitea /app/gitea /data/git
diff --git a/docker/root/etc/s6/openssh/finish b/docker/root/etc/s6/openssh/finish
new file mode 100755
index 00000000..06bd9865
--- /dev/null
+++ b/docker/root/etc/s6/openssh/finish
@@ -0,0 +1,2 @@
+#!/bin/bash
+exit 0
diff --git a/docker/root/etc/s6/openssh/run b/docker/root/etc/s6/openssh/run
new file mode 100755
index 00000000..a40b5b11
--- /dev/null
+++ b/docker/root/etc/s6/openssh/run
@@ -0,0 +1,6 @@
+#!/bin/bash
+[[ -f ./setup ]] && source ./setup
+
+pushd /root >/dev/null
+exec su-exec root /usr/sbin/sshd -D -e 2>&1
+popd
diff --git a/docker/root/etc/s6/openssh/setup b/docker/root/etc/s6/openssh/setup
new file mode 100755
index 00000000..dbb3bafd
--- /dev/null
+++ b/docker/root/etc/s6/openssh/setup
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+if [ ! -d /data/ssh ]; then
+ mkdir -p /data/ssh
+fi
+
+if [ ! -f /data/ssh/ssh_host_ed25519_key ]; then
+ echo "Generating /data/ssh/ssh_host_ed25519_key..."
+ ssh-keygen -t ed25519 -f /data/ssh/ssh_host_ed25519_key -N "" > /dev/null
+fi
+
+if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
+ echo "Generating /data/ssh/ssh_host_rsa_key..."
+ ssh-keygen -t rsa -b 3072 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null
+fi
+
+if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
+ echo "Generating /data/ssh/ssh_host_ecdsa_key..."
+ ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
+fi
+
+if [ -e /data/ssh/ssh_host_ed25519_cert ]; then
+ SSH_ED25519_CERT=${SSH_ED25519_CERT:-"/data/ssh/ssh_host_ed25519_cert"}
+fi
+
+if [ -e /data/ssh/ssh_host_rsa_cert ]; then
+ SSH_RSA_CERT=${SSH_RSA_CERT:-"/data/ssh/ssh_host_rsa_cert"}
+fi
+
+if [ -e /data/ssh/ssh_host_ecdsa_cert ]; then
+ SSH_ECDSA_CERT=${SSH_ECDSA_CERT:-"/data/ssh/ssh_host_ecdsa_cert"}
+fi
+
+if [ -d /etc/ssh ]; then
+ SSH_PORT=${SSH_PORT:-"22"} \
+ SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \
+ SSH_ED25519_CERT="${SSH_ED25519_CERT:+"HostCertificate "}${SSH_ED25519_CERT}" \
+ SSH_RSA_CERT="${SSH_RSA_CERT:+"HostCertificate "}${SSH_RSA_CERT}" \
+ SSH_ECDSA_CERT="${SSH_ECDSA_CERT:+"HostCertificate "}${SSH_ECDSA_CERT}" \
+ SSH_MAX_STARTUPS="${SSH_MAX_STARTUPS:+"MaxStartups "}${SSH_MAX_STARTUPS}" \
+ SSH_MAX_SESSIONS="${SSH_MAX_SESSIONS:+"MaxSessions "}${SSH_MAX_SESSIONS}" \
+ SSH_INCLUDE_FILE="${SSH_INCLUDE_FILE:+"Include "}${SSH_INCLUDE_FILE}" \
+ SSH_LOG_LEVEL=${SSH_LOG_LEVEL:-"INFO"} \
+ envsubst < /etc/templates/sshd_config > /etc/ssh/sshd_config
+
+ chmod 0644 /etc/ssh/sshd_config
+fi
+
+chown root:root /data/ssh/*
+chmod 0700 /data/ssh
+chmod 0600 /data/ssh/*