diff options
Diffstat (limited to 'docker/root')
-rw-r--r-- | docker/root/etc/nsswitch.conf | 15 | ||||
-rwxr-xr-x | docker/root/etc/profile.d/gitea.sh | 2 | ||||
-rwxr-xr-x | docker/root/etc/s6/.s6-svscan/finish | 2 | ||||
-rwxr-xr-x | docker/root/etc/s6/gitea/finish | 2 | ||||
-rwxr-xr-x | docker/root/etc/s6/gitea/run | 6 | ||||
-rwxr-xr-x | docker/root/etc/s6/gitea/setup | 46 | ||||
-rwxr-xr-x | docker/root/etc/s6/openssh/finish | 2 | ||||
-rwxr-xr-x | docker/root/etc/s6/openssh/run | 6 | ||||
-rwxr-xr-x | docker/root/etc/s6/openssh/setup | 29 | ||||
-rw-r--r-- | docker/root/etc/ssh/sshd_config | 33 | ||||
-rw-r--r-- | docker/root/etc/templates/app.ini | 51 | ||||
-rwxr-xr-x | docker/root/usr/bin/entrypoint | 37 |
12 files changed, 231 insertions, 0 deletions
diff --git a/docker/root/etc/nsswitch.conf b/docker/root/etc/nsswitch.conf new file mode 100644 index 0000000000..25fad995e6 --- /dev/null +++ b/docker/root/etc/nsswitch.conf @@ -0,0 +1,15 @@ +# /etc/nsswitch.conf + +passwd: compat +group: compat +shadow: compat + +hosts: files dns +networks: files + +protocols: db files +services: db files +ethers: db files +rpc: db files + +netgroup: nis diff --git a/docker/root/etc/profile.d/gitea.sh b/docker/root/etc/profile.d/gitea.sh new file mode 100755 index 0000000000..41afd4cfb8 --- /dev/null +++ b/docker/root/etc/profile.d/gitea.sh @@ -0,0 +1,2 @@ +#!/bin/bash +export GITEA_CUSTOM=/data/gitea diff --git a/docker/root/etc/s6/.s6-svscan/finish b/docker/root/etc/s6/.s6-svscan/finish new file mode 100755 index 0000000000..06bd986563 --- /dev/null +++ b/docker/root/etc/s6/.s6-svscan/finish @@ -0,0 +1,2 @@ +#!/bin/bash +exit 0 diff --git a/docker/root/etc/s6/gitea/finish b/docker/root/etc/s6/gitea/finish new file mode 100755 index 0000000000..06bd986563 --- /dev/null +++ b/docker/root/etc/s6/gitea/finish @@ -0,0 +1,2 @@ +#!/bin/bash +exit 0 diff --git a/docker/root/etc/s6/gitea/run b/docker/root/etc/s6/gitea/run new file mode 100755 index 0000000000..da5fd6b535 --- /dev/null +++ b/docker/root/etc/s6/gitea/run @@ -0,0 +1,6 @@ +#!/bin/bash +[[ -f ./setup ]] && source ./setup + +pushd /app/gitea > /dev/null + exec su-exec $USER /app/gitea/gitea web +popd diff --git a/docker/root/etc/s6/gitea/setup b/docker/root/etc/s6/gitea/setup new file mode 100755 index 0000000000..2b0fb6c37b --- /dev/null +++ b/docker/root/etc/s6/gitea/setup @@ -0,0 +1,46 @@ +#!/bin/bash + +if [ ! -d /data/git/.ssh ]; then + mkdir -p /data/git/.ssh + chmod 700 /data/git/.ssh +fi + +if [ ! -f /data/git/.ssh/environment ]; then + echo "GITEA_CUSTOM=/data/gitea" >| /data/git/.ssh/environment + chmod 600 /data/git/.ssh/environment +fi + +if [ ! -f /data/gitea/conf/app.ini ]; then + mkdir -p /data/gitea/conf + + # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and + # INSTALL_LOCK is empty + if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then + INSTALL_LOCK=true + fi + + # Substitude the environment variables in the template + APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \ + RUN_MODE=${RUN_MODE:-"dev"} \ + SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \ + HTTP_PORT=${HTTP_PORT:-"3000"} \ + ROOT_URL=${ROOT_URL:-""} \ + DISABLE_SSH=${DISABLE_SSH:-"false"} \ + SSH_PORT=${SSH_PORT:-"22"} \ + DB_TYPE=${DB_TYPE:-"sqlite3"} \ + DB_HOST=${DB_HOST:-"localhost:3306"} \ + DB_NAME=${DB_NAME:-"gitea"} \ + DB_USER=${DB_USER:-"root"} \ + DB_PASSWD=${DB_PASSWD:-""} \ + INSTALL_LOCK=${INSTALL_LOCK:-"false"} \ + DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \ + REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \ + SECRET_KEY=${SECRET_KEY:-""} \ + envsubst < /etc/templates/app.ini > /data/gitea/conf/app.ini +fi + +# only chown if current owner is not already the gitea ${USER}. No recursive check to save time +if ! [[ $(ls -ld /data/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/gitea; fi +if ! [[ $(ls -ld /app/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /app/gitea; fi +if ! [[ $(ls -ld /data/git | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/git; fi +chmod 0755 /data/gitea /app/gitea /data/git diff --git a/docker/root/etc/s6/openssh/finish b/docker/root/etc/s6/openssh/finish new file mode 100755 index 0000000000..06bd986563 --- /dev/null +++ b/docker/root/etc/s6/openssh/finish @@ -0,0 +1,2 @@ +#!/bin/bash +exit 0 diff --git a/docker/root/etc/s6/openssh/run b/docker/root/etc/s6/openssh/run new file mode 100755 index 0000000000..6395024825 --- /dev/null +++ b/docker/root/etc/s6/openssh/run @@ -0,0 +1,6 @@ +#!/bin/bash +[[ -f ./setup ]] && source ./setup + +pushd /root > /dev/null + exec su-exec root /usr/sbin/sshd -D -e 2>&1 +popd diff --git a/docker/root/etc/s6/openssh/setup b/docker/root/etc/s6/openssh/setup new file mode 100755 index 0000000000..f8ef816a95 --- /dev/null +++ b/docker/root/etc/s6/openssh/setup @@ -0,0 +1,29 @@ +#!/bin/bash + +if [ ! -d /data/ssh ]; then + mkdir -p /data/ssh +fi + +if [ ! -f /data/ssh/ssh_host_ed25519_key ]; then + echo "Generating /data/ssh/ssh_host_ed25519_key..." + ssh-keygen -t ed25519 -f /data/ssh/ssh_host_ed25519_key -N "" > /dev/null +fi + +if [ ! -f /data/ssh/ssh_host_rsa_key ]; then + echo "Generating /data/ssh/ssh_host_rsa_key..." + ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null +fi + +if [ ! -f /data/ssh/ssh_host_dsa_key ]; then + echo "Generating /data/ssh/ssh_host_dsa_key..." + ssh-keygen -t dsa -f /data/ssh/ssh_host_dsa_key -N "" > /dev/null +fi + +if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then + echo "Generating /data/ssh/ssh_host_ecdsa_key..." + ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null +fi + +chown root:root /data/ssh/* +chmod 0700 /data/ssh +chmod 0600 /data/ssh/* diff --git a/docker/root/etc/ssh/sshd_config b/docker/root/etc/ssh/sshd_config new file mode 100644 index 0000000000..6af082c419 --- /dev/null +++ b/docker/root/etc/ssh/sshd_config @@ -0,0 +1,33 @@ +Port 22 +Protocol 2 + +AddressFamily any +ListenAddress 0.0.0.0 +ListenAddress :: + +LogLevel INFO + +HostKey /data/ssh/ssh_host_ed25519_key +HostKey /data/ssh/ssh_host_rsa_key +HostKey /data/ssh/ssh_host_dsa_key +HostKey /data/ssh/ssh_host_ecdsa_key + +AuthorizedKeysFile .ssh/authorized_keys + +UseDNS no +AllowAgentForwarding no +AllowTcpForwarding no +PrintMotd no + +PermitUserEnvironment yes +PermitRootLogin no +ChallengeResponseAuthentication no +PasswordAuthentication no +PermitEmptyPasswords no + +AllowUsers git + +Banner none +Subsystem sftp /usr/lib/ssh/sftp-server + +AcceptEnv GIT_PROTOCOL
\ No newline at end of file diff --git a/docker/root/etc/templates/app.ini b/docker/root/etc/templates/app.ini new file mode 100644 index 0000000000..589271b4a0 --- /dev/null +++ b/docker/root/etc/templates/app.ini @@ -0,0 +1,51 @@ +APP_NAME = $APP_NAME +RUN_MODE = $RUN_MODE + +[repository] +ROOT = /data/git/repositories + +[repository.local] +LOCAL_COPY_PATH = /data/gitea/tmp/local-repo + +[repository.upload] +TEMP_PATH = /data/gitea/uploads + +[server] +APP_DATA_PATH = /data/gitea +SSH_DOMAIN = $SSH_DOMAIN +HTTP_PORT = $HTTP_PORT +ROOT_URL = $ROOT_URL +DISABLE_SSH = $DISABLE_SSH +SSH_PORT = $SSH_PORT +LFS_CONTENT_PATH = /data/git/lfs + +[database] +PATH = /data/gitea/gitea.db +DB_TYPE = $DB_TYPE +HOST = $DB_HOST +NAME = $DB_NAME +USER = $DB_USER +PASSWD = $DB_PASSWD + +[indexer] +ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve + +[session] +PROVIDER_CONFIG = /data/gitea/sessions + +[picture] +AVATAR_UPLOAD_PATH = /data/gitea/avatars + +[attachment] +PATH = /data/gitea/attachments + +[log] +ROOT_PATH = /data/gitea/log + +[security] +INSTALL_LOCK = $INSTALL_LOCK +SECRET_KEY = $SECRET_KEY + +[service] +DISABLE_REGISTRATION = $DISABLE_REGISTRATION +REQUIRE_SIGNIN_VIEW = $REQUIRE_SIGNIN_VIEW diff --git a/docker/root/usr/bin/entrypoint b/docker/root/usr/bin/entrypoint new file mode 100755 index 0000000000..d8e68b9404 --- /dev/null +++ b/docker/root/usr/bin/entrypoint @@ -0,0 +1,37 @@ +#!/bin/sh + +if [ "${USER}" != "git" ]; then + # rename user + sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd + # switch sshd config to different user + sed -i -e "s/AllowUsers git$/AllowUsers ${USER}/g" /etc/ssh/sshd_config +fi + +if [ -z "${USER_GID}" ]; then + USER_GID="`id -g ${USER}`" +fi + +if [ -z "${USER_UID}" ]; then + USER_UID="`id -u ${USER}`" +fi + +## Change GID for USER? +if [ -n "${USER_GID}" ] && [ "${USER_GID}" != "`id -g ${USER}`" ]; then + sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/" /etc/group + sed -i -e "s/^${USER}:\([^:]*\):\([0-9]*\):[0-9]*/${USER}:\1:\2:${USER_GID}/" /etc/passwd +fi + +## Change UID for USER? +if [ -n "${USER_UID}" ] && [ "${USER_UID}" != "`id -u ${USER}`" ]; then + sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:\([0-9]*\)/${USER}:\1:${USER_UID}:\2/" /etc/passwd +fi + +for FOLDER in /data/gitea/conf /data/gitea/log /data/git /data/ssh; do + mkdir -p ${FOLDER} +done + +if [ $# -gt 0 ]; then + exec "$@" +else + exec /bin/s6-svscan /etc/s6 +fi |