summaryrefslogtreecommitdiffstats
path: root/docker/root
diff options
context:
space:
mode:
Diffstat (limited to 'docker/root')
-rw-r--r--docker/root/etc/nsswitch.conf15
-rwxr-xr-xdocker/root/etc/profile.d/gitea.sh2
-rwxr-xr-xdocker/root/etc/s6/.s6-svscan/finish2
-rwxr-xr-xdocker/root/etc/s6/gitea/finish2
-rwxr-xr-xdocker/root/etc/s6/gitea/run6
-rwxr-xr-xdocker/root/etc/s6/gitea/setup46
-rwxr-xr-xdocker/root/etc/s6/openssh/finish2
-rwxr-xr-xdocker/root/etc/s6/openssh/run6
-rwxr-xr-xdocker/root/etc/s6/openssh/setup29
-rw-r--r--docker/root/etc/ssh/sshd_config33
-rw-r--r--docker/root/etc/templates/app.ini51
-rwxr-xr-xdocker/root/usr/bin/entrypoint37
12 files changed, 231 insertions, 0 deletions
diff --git a/docker/root/etc/nsswitch.conf b/docker/root/etc/nsswitch.conf
new file mode 100644
index 0000000000..25fad995e6
--- /dev/null
+++ b/docker/root/etc/nsswitch.conf
@@ -0,0 +1,15 @@
+# /etc/nsswitch.conf
+
+passwd: compat
+group: compat
+shadow: compat
+
+hosts: files dns
+networks: files
+
+protocols: db files
+services: db files
+ethers: db files
+rpc: db files
+
+netgroup: nis
diff --git a/docker/root/etc/profile.d/gitea.sh b/docker/root/etc/profile.d/gitea.sh
new file mode 100755
index 0000000000..41afd4cfb8
--- /dev/null
+++ b/docker/root/etc/profile.d/gitea.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+export GITEA_CUSTOM=/data/gitea
diff --git a/docker/root/etc/s6/.s6-svscan/finish b/docker/root/etc/s6/.s6-svscan/finish
new file mode 100755
index 0000000000..06bd986563
--- /dev/null
+++ b/docker/root/etc/s6/.s6-svscan/finish
@@ -0,0 +1,2 @@
+#!/bin/bash
+exit 0
diff --git a/docker/root/etc/s6/gitea/finish b/docker/root/etc/s6/gitea/finish
new file mode 100755
index 0000000000..06bd986563
--- /dev/null
+++ b/docker/root/etc/s6/gitea/finish
@@ -0,0 +1,2 @@
+#!/bin/bash
+exit 0
diff --git a/docker/root/etc/s6/gitea/run b/docker/root/etc/s6/gitea/run
new file mode 100755
index 0000000000..da5fd6b535
--- /dev/null
+++ b/docker/root/etc/s6/gitea/run
@@ -0,0 +1,6 @@
+#!/bin/bash
+[[ -f ./setup ]] && source ./setup
+
+pushd /app/gitea > /dev/null
+ exec su-exec $USER /app/gitea/gitea web
+popd
diff --git a/docker/root/etc/s6/gitea/setup b/docker/root/etc/s6/gitea/setup
new file mode 100755
index 0000000000..2b0fb6c37b
--- /dev/null
+++ b/docker/root/etc/s6/gitea/setup
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+if [ ! -d /data/git/.ssh ]; then
+ mkdir -p /data/git/.ssh
+ chmod 700 /data/git/.ssh
+fi
+
+if [ ! -f /data/git/.ssh/environment ]; then
+ echo "GITEA_CUSTOM=/data/gitea" >| /data/git/.ssh/environment
+ chmod 600 /data/git/.ssh/environment
+fi
+
+if [ ! -f /data/gitea/conf/app.ini ]; then
+ mkdir -p /data/gitea/conf
+
+ # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and
+ # INSTALL_LOCK is empty
+ if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then
+ INSTALL_LOCK=true
+ fi
+
+ # Substitude the environment variables in the template
+ APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
+ RUN_MODE=${RUN_MODE:-"dev"} \
+ SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
+ HTTP_PORT=${HTTP_PORT:-"3000"} \
+ ROOT_URL=${ROOT_URL:-""} \
+ DISABLE_SSH=${DISABLE_SSH:-"false"} \
+ SSH_PORT=${SSH_PORT:-"22"} \
+ DB_TYPE=${DB_TYPE:-"sqlite3"} \
+ DB_HOST=${DB_HOST:-"localhost:3306"} \
+ DB_NAME=${DB_NAME:-"gitea"} \
+ DB_USER=${DB_USER:-"root"} \
+ DB_PASSWD=${DB_PASSWD:-""} \
+ INSTALL_LOCK=${INSTALL_LOCK:-"false"} \
+ DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \
+ REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \
+ SECRET_KEY=${SECRET_KEY:-""} \
+ envsubst < /etc/templates/app.ini > /data/gitea/conf/app.ini
+fi
+
+# only chown if current owner is not already the gitea ${USER}. No recursive check to save time
+if ! [[ $(ls -ld /data/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/gitea; fi
+if ! [[ $(ls -ld /app/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /app/gitea; fi
+if ! [[ $(ls -ld /data/git | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/git; fi
+chmod 0755 /data/gitea /app/gitea /data/git
diff --git a/docker/root/etc/s6/openssh/finish b/docker/root/etc/s6/openssh/finish
new file mode 100755
index 0000000000..06bd986563
--- /dev/null
+++ b/docker/root/etc/s6/openssh/finish
@@ -0,0 +1,2 @@
+#!/bin/bash
+exit 0
diff --git a/docker/root/etc/s6/openssh/run b/docker/root/etc/s6/openssh/run
new file mode 100755
index 0000000000..6395024825
--- /dev/null
+++ b/docker/root/etc/s6/openssh/run
@@ -0,0 +1,6 @@
+#!/bin/bash
+[[ -f ./setup ]] && source ./setup
+
+pushd /root > /dev/null
+ exec su-exec root /usr/sbin/sshd -D -e 2>&1
+popd
diff --git a/docker/root/etc/s6/openssh/setup b/docker/root/etc/s6/openssh/setup
new file mode 100755
index 0000000000..f8ef816a95
--- /dev/null
+++ b/docker/root/etc/s6/openssh/setup
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+if [ ! -d /data/ssh ]; then
+ mkdir -p /data/ssh
+fi
+
+if [ ! -f /data/ssh/ssh_host_ed25519_key ]; then
+ echo "Generating /data/ssh/ssh_host_ed25519_key..."
+ ssh-keygen -t ed25519 -f /data/ssh/ssh_host_ed25519_key -N "" > /dev/null
+fi
+
+if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
+ echo "Generating /data/ssh/ssh_host_rsa_key..."
+ ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null
+fi
+
+if [ ! -f /data/ssh/ssh_host_dsa_key ]; then
+ echo "Generating /data/ssh/ssh_host_dsa_key..."
+ ssh-keygen -t dsa -f /data/ssh/ssh_host_dsa_key -N "" > /dev/null
+fi
+
+if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
+ echo "Generating /data/ssh/ssh_host_ecdsa_key..."
+ ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
+fi
+
+chown root:root /data/ssh/*
+chmod 0700 /data/ssh
+chmod 0600 /data/ssh/*
diff --git a/docker/root/etc/ssh/sshd_config b/docker/root/etc/ssh/sshd_config
new file mode 100644
index 0000000000..6af082c419
--- /dev/null
+++ b/docker/root/etc/ssh/sshd_config
@@ -0,0 +1,33 @@
+Port 22
+Protocol 2
+
+AddressFamily any
+ListenAddress 0.0.0.0
+ListenAddress ::
+
+LogLevel INFO
+
+HostKey /data/ssh/ssh_host_ed25519_key
+HostKey /data/ssh/ssh_host_rsa_key
+HostKey /data/ssh/ssh_host_dsa_key
+HostKey /data/ssh/ssh_host_ecdsa_key
+
+AuthorizedKeysFile .ssh/authorized_keys
+
+UseDNS no
+AllowAgentForwarding no
+AllowTcpForwarding no
+PrintMotd no
+
+PermitUserEnvironment yes
+PermitRootLogin no
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+PermitEmptyPasswords no
+
+AllowUsers git
+
+Banner none
+Subsystem sftp /usr/lib/ssh/sftp-server
+
+AcceptEnv GIT_PROTOCOL \ No newline at end of file
diff --git a/docker/root/etc/templates/app.ini b/docker/root/etc/templates/app.ini
new file mode 100644
index 0000000000..589271b4a0
--- /dev/null
+++ b/docker/root/etc/templates/app.ini
@@ -0,0 +1,51 @@
+APP_NAME = $APP_NAME
+RUN_MODE = $RUN_MODE
+
+[repository]
+ROOT = /data/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH = /data/gitea
+SSH_DOMAIN = $SSH_DOMAIN
+HTTP_PORT = $HTTP_PORT
+ROOT_URL = $ROOT_URL
+DISABLE_SSH = $DISABLE_SSH
+SSH_PORT = $SSH_PORT
+LFS_CONTENT_PATH = /data/git/lfs
+
+[database]
+PATH = /data/gitea/gitea.db
+DB_TYPE = $DB_TYPE
+HOST = $DB_HOST
+NAME = $DB_NAME
+USER = $DB_USER
+PASSWD = $DB_PASSWD
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+
+[picture]
+AVATAR_UPLOAD_PATH = /data/gitea/avatars
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+ROOT_PATH = /data/gitea/log
+
+[security]
+INSTALL_LOCK = $INSTALL_LOCK
+SECRET_KEY = $SECRET_KEY
+
+[service]
+DISABLE_REGISTRATION = $DISABLE_REGISTRATION
+REQUIRE_SIGNIN_VIEW = $REQUIRE_SIGNIN_VIEW
diff --git a/docker/root/usr/bin/entrypoint b/docker/root/usr/bin/entrypoint
new file mode 100755
index 0000000000..d8e68b9404
--- /dev/null
+++ b/docker/root/usr/bin/entrypoint
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+if [ "${USER}" != "git" ]; then
+ # rename user
+ sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd
+ # switch sshd config to different user
+ sed -i -e "s/AllowUsers git$/AllowUsers ${USER}/g" /etc/ssh/sshd_config
+fi
+
+if [ -z "${USER_GID}" ]; then
+ USER_GID="`id -g ${USER}`"
+fi
+
+if [ -z "${USER_UID}" ]; then
+ USER_UID="`id -u ${USER}`"
+fi
+
+## Change GID for USER?
+if [ -n "${USER_GID}" ] && [ "${USER_GID}" != "`id -g ${USER}`" ]; then
+ sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/" /etc/group
+ sed -i -e "s/^${USER}:\([^:]*\):\([0-9]*\):[0-9]*/${USER}:\1:\2:${USER_GID}/" /etc/passwd
+fi
+
+## Change UID for USER?
+if [ -n "${USER_UID}" ] && [ "${USER_UID}" != "`id -u ${USER}`" ]; then
+ sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:\([0-9]*\)/${USER}:\1:${USER_UID}:\2/" /etc/passwd
+fi
+
+for FOLDER in /data/gitea/conf /data/gitea/log /data/git /data/ssh; do
+ mkdir -p ${FOLDER}
+done
+
+if [ $# -gt 0 ]; then
+ exec "$@"
+else
+ exec /bin/s6-svscan /etc/s6
+fi