diff --git a/gitea/Containerfile b/gitea/Containerfile index 5521084..c76d31a 100644 --- a/gitea/Containerfile +++ b/gitea/Containerfile @@ -11,6 +11,7 @@ LABEL config_default="\ -v /srv/vol/gitea/git:/vol/git \ -v /srv/vol/gitea/data:/vol/data \ -v /srv/vol/gitea/log:/vol/log \ +-v /srv/vol/gitea/keys:/vol/keys \ " # Build variables @@ -27,7 +28,10 @@ ENV DBNAME=gitea ### # install packages we want -RUN apt update -y && apt install -y postgresql postgresql-doc git +RUN apt update -y && apt install -y postgresql postgresql-doc git openssh-server + +# create directories for volumes +RUN mkdir -p /vol/git /vol/data /vol/log /vol/keys # put database variables in /etc/environment so anyone can access them # also autodetect versions of postgres and gitea and put them in /etc/environment as well @@ -39,7 +43,7 @@ RUN echo "DBUSER=$DBUSER" >> /etc/environment && \ # create gitea user with file owner UID RUN addgroup --gid $FILESUID gitea && \ - adduser gitea --ingroup gitea --uid $FILESUID --disabled-password --gecos "Gitea Server" --shell /usr/sbin/nologin --home /var/lib/gitea + adduser gitea --ingroup gitea --uid $FILESUID --disabled-password --gecos "Gitea Server" --shell /bin/bash --home /var/lib/gitea # copy our custom scripts COPY assets/bin/ /usr/local/bin/ @@ -49,6 +53,16 @@ RUN mkdir -p /vol/log && \ rm -r /var/log && \ ln -s /vol/log /var/log +### +### SSH Server ### +### + +# copy sshd config +COPY assets/sshd_config + +# make link to keys volume +RUN ln -s /vol/keys /etc/ssh/keys + ### ### PostgreSQL ### ### diff --git a/gitea/assets/app.ini.esh b/gitea/assets/app.ini.esh index ca4ff61..82230ad 100644 --- a/gitea/assets/app.ini.esh +++ b/gitea/assets/app.ini.esh @@ -29,10 +29,10 @@ ROOT = /vol/git/repos DOMAIN = git.alemor.org ROOT_URL = https://git.alemor.org/ HTTP_PORT = 80 -START_SSH_SERVER = true +START_SSH_SERVER = false SSH_PORT = 4323 SSH_LISTEN_PORT = 22 -LFS_START_SERVER = trxue +LFS_START_SERVER = true LFS_CONTENT_PATH = /vol/git/lfs LFS_JWT_SECRET = <%= $(gitea generate secret JWT_SECRET) %> OFFLINE_MODE = true diff --git a/gitea/assets/sshd_config b/gitea/assets/sshd_config new file mode 100644 index 0000000..4044d96 --- /dev/null +++ b/gitea/assets/sshd_config @@ -0,0 +1,32 @@ +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +# Listening: +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# Host Keys: +HostKey /etc/ssh/keys/ssh_host_rsa_key +HostKey /etc/ssh/keys/ssh_host_ecdsa_key +HostKey /etc/ssh/keys/ssh_host_ed25519_key + +# Authentication: +PermitRootLogin no +PubkeyAuthentication yes +PasswordAuthentication no +PermitEmptyPasswords no +ChallengeResponseAuthentication no + +# Settings: +X11Forwarding no +PrintMotd no + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server