updated gitea to use openssh-server instead of builtin ssh server, and put host keys in a volume so redeploying does not change host ID

gitea/Containerfile

@@ -11,6 +11,7 @@ LABEL config_default="\
 -v /srv/vol/gitea/git:/vol/git \
 -v /srv/vol/gitea/data:/vol/data \
 -v /srv/vol/gitea/log:/vol/log \
+-v /srv/vol/gitea/keys:/vol/keys \
 "
 
 # Build variables
@@ -27,7 +28,10 @@ ENV DBNAME=gitea
 ###
 
 # install packages we want
-RUN apt update -y && apt install -y postgresql postgresql-doc git
+RUN apt update -y && apt install -y postgresql postgresql-doc git openssh-server
+
+# create directories for volumes
+RUN mkdir -p /vol/git /vol/data /vol/log /vol/keys
 
 # put database variables in /etc/environment so anyone can access them
 # also autodetect versions of postgres and gitea and put them in /etc/environment as well
@@ -39,7 +43,7 @@ RUN echo "DBUSER=$DBUSER" >> /etc/environment && \
 
 # create gitea user with file owner UID
 RUN addgroup --gid $FILESUID gitea && \
-    adduser gitea --ingroup gitea --uid $FILESUID --disabled-password --gecos "Gitea Server" --shell /usr/sbin/nologin --home /var/lib/gitea
+    adduser gitea --ingroup gitea --uid $FILESUID --disabled-password --gecos "Gitea Server" --shell /bin/bash --home /var/lib/gitea
 
 # copy our custom scripts
 COPY assets/bin/ /usr/local/bin/
@@ -49,6 +53,16 @@ RUN mkdir -p /vol/log && \
     rm -r /var/log && \
     ln -s /vol/log /var/log
 
+###
+### SSH Server ###
+###
+
+# copy sshd config
+COPY assets/sshd_config
+
+# make link to keys volume
+RUN ln -s /vol/keys /etc/ssh/keys
+
 ###
 ### PostgreSQL ###
 ###

gitea/assets/app.ini.esh

@@ -29,10 +29,10 @@ ROOT = /vol/git/repos
 DOMAIN           = git.alemor.org
 ROOT_URL         = https://git.alemor.org/
 HTTP_PORT        = 80
-START_SSH_SERVER = true
+START_SSH_SERVER = false
 SSH_PORT         = 4323
 SSH_LISTEN_PORT  = 22
-LFS_START_SERVER = trxue
+LFS_START_SERVER = true
 LFS_CONTENT_PATH = /vol/git/lfs
 LFS_JWT_SECRET   = <%= $(gitea generate secret JWT_SECRET) %>
 OFFLINE_MODE     = true

gitea/assets/sshd_config

@@ -0,0 +1,32 @@
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+# Listening:
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# Host Keys:
+HostKey /etc/ssh/keys/ssh_host_rsa_key
+HostKey /etc/ssh/keys/ssh_host_ecdsa_key
+HostKey /etc/ssh/keys/ssh_host_ed25519_key
+
+# Authentication:
+PermitRootLogin no
+PubkeyAuthentication yes
+PasswordAuthentication no
+PermitEmptyPasswords no
+ChallengeResponseAuthentication no
+
+# Settings:
+X11Forwarding no
+PrintMotd no
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/openssh/sftp-server