-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy path10-setup.sh
executable file
·103 lines (90 loc) · 3.21 KB
/
10-setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#!/bin/sh
set -eu
warn() { echo "warning: ${1}" >&2; }
if [ -n "${DEBUG-}" ]; then set -x; fi
# Set specific UID and GID for the git user
if [ -n "${GIT_USER_UID-}" ]; then
if [ -z "${GIT_USER_GID-}" ]; then
GIT_USER_GID="${GIT_USER_UID}";
fi
# Due to no `usermod` command on Alpine Linux, we need to
# delete and re-add the git user
# `deluser` deletes both the user and the group
deluser "${GIT_USER}"
addgroup -g "${GIT_USER_GID}" "${GIT_GROUP}"
adduser \
--gecos 'Git User' \
--shell "$(which git-shell)" \
--uid "${GIT_USER_UID}" \
--ingroup "${GIT_GROUP}" \
--no-create-home \
--disabled-password \
"${GIT_USER}"
if ! tmp=$(echo "${GIT_USER}:12345" | chpasswd 2>&1); then
echo "$tmp"; exit 1
fi
fi
# Change password of the git user
# A password on file is preferred over the environment variable one
if [ -n "${GIT_PASSWORD_FILE-}" ]; then
if [ -f "${GIT_PASSWORD_FILE}" ]; then
echo "${GIT_USER}:$(cat "${GIT_PASSWORD_FILE}")" | chpasswd
else
warn "File '${GIT_PASSWORD_FILE}' not found."
warn "Password for ${GIT_USER} is unchanged."
fi
elif [ -n "${GIT_PASSWORD-}" ]; then
echo "${GIT_USER}":"${GIT_PASSWORD}" | chpasswd
fi
# Make the git user the onwer of all repositories and (re)set file
# permissions
if [ -d "${GIT_REPOSITORIES_PATH}" ]; then
cd "${GIT_REPOSITORIES_PATH}"/.
chown -R "${GIT_USER}":"${GIT_GROUP}" .
find . -type f -exec chmod u=rwX,go=rX '{}' \;
find . -type d -exec chmod u=rwx,go=rx '{}' \;
else
warn "Directory '${GIT_REPOSITORIES_PATH}' not found."
fi
# Fetch an `authorized_keys` file from an URL if provided
if [ -n "${SSH_AUTHORIZED_KEYS_URL-}" ]; then
mkdir -p "${GIT_HOME}/.ssh"
wget -q -O "${SSH_AUTHORIZED_KEYS_FILE}" "${SSH_AUTHORIZED_KEYS_URL}" || \
warn "Failed to fetch authorized keys from URL."
fi
# Make the git user the owner of his home directory
# Required by the SSH server to allow public key login
if [ -f "${SSH_AUTHORIZED_KEYS_FILE}" ]; then
chown -R "${GIT_USER}":"${GIT_GROUP}" "${GIT_HOME}"
else
warn "File '${SSH_AUTHORIZED_KEYS_FILE}' not found."
warn "Login using public keys will not be available."
fi
# Replace host SSH keys (if given)
if [ -n "${SSH_HOST_KEYS_PATH-}" ]; then
if [ -d "${SSH_HOST_KEYS_PATH}" ]; then
cd /etc/ssh
rm -rf ssh_host_*
cp "${SSH_HOST_KEYS_PATH}"/ssh_host_* .
chmod 600 ssh_host_*
chmod 644 ssh_host_*.pub
else
warn "Directory '${SSH_HOST_KEYS_PATH}' not found."
warn "Default SSH host keys will be used instead."
fi
fi
# Configure the SSH server configuration file
SSHD_CONFIG_FILE='/etc/ssh/sshd_config'
if [ -n "${SSH_AUTH_METHODS-}" ]; then
sed -i "s/.*AuthenticationMethods.*//g" ${SSHD_CONFIG_FILE}
echo "AuthenticationMethods ${SSH_AUTH_METHODS}" >> ${SSHD_CONFIG_FILE}
fi
# Link the repositories folder on git user's home directory
if [ -n "${REPOSITORIES_HOME_LINK-}" ]; then
if [ -d "${REPOSITORIES_HOME_LINK}" ]; then
ln -sf "${REPOSITORIES_HOME_LINK}" "${GIT_HOME}"
else
warn "Directory '${REPOSITORIES_HOME_LINK}' not found."
warn "Home link not created."
fi
fi