diff options
| author | 2025-10-19 20:05:24 +0200 | |
|---|---|---|
| committer | 2025-10-19 20:05:24 +0200 | |
| commit | 17ee046b844bd418cd58cc7dfbcd8c5bdb5b179a (patch) | |
| tree | 65b54ba6316153a0875970ef6df6efd65c8d7c89 | |
| parent | 2c1352ab5d08270aa35c446eb108f4e24342d5d2 (diff) | |
Added environment parsing of repos and users
| -rw-r--r-- | Dockerfile | 3 | ||||
| -rw-r--r-- | docker-compose.yml | 8 | ||||
| -rwxr-xr-x | init | 62 |
3 files changed, 50 insertions, 23 deletions
@@ -1,6 +1,8 @@ FROM alpine RUN apk add --no-cache openssh-server fish git sudo +ENV GIT_UID=1000 + # Modified ssh conf with disabled root login and no password authentication COPY ssh.conf /etc/ssh/sshd_config.d/ COPY sudo-git /etc/sudoers.d/ @@ -13,4 +15,3 @@ RUN chmod +x /usr/local/bin/run COPY init /usr/local/bin/ RUN chmod +x /usr/local/bin/init ENTRYPOINT ["/usr/local/bin/init"] - diff --git a/docker-compose.yml b/docker-compose.yml index 537fccd..c353e7f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,11 +7,9 @@ services: ports: - "2222:22" restart: no - command: - - --users - - pass,yolo,git - - --repos - - /pass.git:pass,/yolo.git:yolo + environment: + - USER_PASS=pass + - REPO_PASS=/pass.git:pass volumes: - ./ssh:/var/ssh - ./repos:/srv/repos @@ -1,10 +1,13 @@ #!/usr/bin/env fish -argparse 'u/users=+' 'r/repos=+' -- $argv -or exit 1; +# +# +# function definitions +# +# -set REPO_PERMISSIONS /etc/repo-permissions -set REPO_REGEX "^((?:\/[a-zA-Z-]+)+.git)\$" +set _REPO_PERMISSIONS /etc/repo-permissions +set _REPO_REGEX "^((?:\/[a-zA-Z-]+)+.git)\$" function createUser set -l user $argv[1] @@ -18,6 +21,7 @@ function createUser # user is not restricted, this is done in ssh config with forceCommand # we need to be able to run a fish script to check for permissions adduser --home $HOME -D "$user" + # unlock account to allow ssh logins passwd -u "$user" mkdir "$HOME/.ssh" cp "/var/ssh/clients/$user" "$HOME/.ssh/authorized_keys" @@ -31,7 +35,7 @@ function setupRepo set -l repo $parsedConfig[1] # check repo name - set -l matcher (string match -r -g $REPO_REGEX $repo) + set -l matcher (string match -r -g $_REPO_REGEX $repo) if test -z $matcher[1] echo "Invalid repo name $repo" return 1 @@ -44,7 +48,7 @@ function setupRepo # write user as allowed into permission file for user in $parsedConfig[2..] - echo "$repoDir:$user" >> $REPO_PERMISSIONS + echo "$repoDir:$user" >> $_REPO_PERMISSIONS end # setup repo dir @@ -57,22 +61,46 @@ function setupRepo end # -# Setup users -# First and reserved is git user, which has access to all -# git repos # -adduser git -D --shell "/usr/bin/git-shell" -for user in (string split ',' $_flag_u) +# main +# +# + +argparse 'g/git-uid=?' 'u/user=+' 'r/repo=+' 'h/help' -- $argv +or exit 1; + +if set -q _flag_h + echo "Usage: $(status filename) [ OPTIONS ]..." + echo -e "" + echo -e "OPTIONS" + echo -e "\t -h, --help \t\t Display this page" + echo -e "\t -g, --git-uid \t UID of the git user that is used also as ownership for all repos" + echo -e "\t -u, --user \t\t Setting up a user" + echo -e "\t -r, --repo \t\t Setting up a repo in form <repo-path>[:user1]+ for each user who should have access to it" + echo -e "" + return +end + +# read environment variables +set -l users $_flag_u +for user in (set -n | string match -r "^USER_\S+") + set users $users (eval echo \$$user) +end + +set -l repos $_flag_r +for repo in (set -n | string match -r "^REPO_\S+") + set repos $repos (eval echo \$$repo) +end + +# Setup users +adduser git -u $GIT_UID -D --shell "/usr/bin/git-shell" +for user in $users createUser "$user" end -# # Setup repos -# First and reserved is git user, which has access to all -# git repos -# -echo > $REPO_PERMISSIONS -for repoConfig in (string split ',' $_flag_r) +echo > $_REPO_PERMISSIONS +for repoConfig in $repos setupRepo "$repoConfig" end |
