Pre-load SSH keys.
This commit is contained in:
parent
3800053073
commit
43c85cdf5b
3 changed files with 34 additions and 4 deletions
12
Dockerfile
12
Dockerfile
|
|
@ -6,7 +6,7 @@ RUN apt-get update
|
||||||
|
|
||||||
|
|
||||||
# Install supervisor for managing services
|
# Install supervisor for managing services
|
||||||
RUN apt-get install -q -y supervisor cron openssh-server pwgen reprepro screen vim-tiny
|
RUN apt-get install -q -y supervisor cron openssh-server pwgen reprepro screen vim-tiny sudo
|
||||||
|
|
||||||
RUN service supervisor stop
|
RUN service supervisor stop
|
||||||
ADD configs/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
|
ADD configs/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
|
||||||
|
|
@ -20,13 +20,21 @@ RUN sed -i 's/\(session *required *pam_loginuid.so\)/#\1/' /etc/pam.d/cron
|
||||||
# Install ssh
|
# Install ssh
|
||||||
ADD configs/supervisor-ssh.conf /etc/supervisor/conf.d/ssh.conf
|
ADD configs/supervisor-ssh.conf /etc/supervisor/conf.d/ssh.conf
|
||||||
RUN mkdir /var/run/sshd
|
RUN mkdir /var/run/sshd
|
||||||
|
RUN service ssh start ; sleep 1
|
||||||
|
RUN service ssh stop
|
||||||
|
|
||||||
|
# Setup root & sudo access
|
||||||
|
RUN echo "root:docker" | chpasswd
|
||||||
|
RUN echo %sudo ALL=NOPASSWD: ALL >> /etc/sudoers
|
||||||
|
|
||||||
|
|
||||||
ENV DEBIAN_FRONTEND newt
|
ENV DEBIAN_FRONTEND newt
|
||||||
|
|
||||||
ADD scripts/start.sh /start.sh
|
ADD scripts/start.sh /start.sh
|
||||||
RUN chmod 755 /start.sh
|
RUN chmod 755 /start.sh
|
||||||
|
|
||||||
VOLUME /data
|
VOLUME ["/docker/keys", "/docker/incoming"]
|
||||||
|
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 22
|
EXPOSE 22
|
||||||
CMD ["/bin/bash", "/start.sh"]
|
CMD ["/bin/bash", "/start.sh"]
|
||||||
|
|
|
||||||
11
Makefile
11
Makefile
|
|
@ -1,7 +1,16 @@
|
||||||
|
DEBUG=0
|
||||||
|
|
||||||
|
ifeq ($(DEBUG),0)
|
||||||
|
RUNCMD=
|
||||||
|
else
|
||||||
|
RUNCMD=-i /bin/bash
|
||||||
|
endif
|
||||||
|
|
||||||
build:
|
build:
|
||||||
docker build -t glenux/debian-repo .
|
docker build -t glenux/debian-repo .
|
||||||
|
|
||||||
run:
|
run:
|
||||||
docker run -i -t glenux/debian-repo /bin/bash
|
ID=$$(docker run -v $$(pwd)/keys:/docker/keys -d -t glenux/debian-repo $(RUNCMD)); \
|
||||||
|
(docker inspect $$ID |sed -n -e 's/.*"IPAddress": "\(.*\)".*/\1/p'); \
|
||||||
|
docker logs -f $$ID
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -3,14 +3,27 @@
|
||||||
# Many thanks to John Fink <john.fink@gmail.com> for the
|
# Many thanks to John Fink <john.fink@gmail.com> for the
|
||||||
# inspiration and to his great work on docker-wordpress'
|
# inspiration and to his great work on docker-wordpress'
|
||||||
|
|
||||||
|
# reset root password
|
||||||
|
|
||||||
# let's create a user to SSH into
|
# let's create a user to SSH into
|
||||||
SSH_USERPASS=`pwgen -c -n -1 8`
|
SSH_USERPASS=`pwgen -c -n -1 8`
|
||||||
mkdir /home/user
|
mkdir /home/user
|
||||||
useradd -G sudo -d /home/user user
|
useradd -G sudo -d /home/user -s /bin/bash user
|
||||||
chown user /home/user
|
chown user /home/user
|
||||||
echo "user:$SSH_USERPASS" | chpasswd
|
echo "user:$SSH_USERPASS" | chpasswd
|
||||||
echo "ssh user password: $SSH_USERPASS"
|
echo "ssh user password: $SSH_USERPASS"
|
||||||
|
|
||||||
|
# pre-fill with SSH keys
|
||||||
|
echo "Pre-loading SSH keys from /docker/keys"
|
||||||
|
mkdir -p /home/user/.ssh
|
||||||
|
rm -f /home/user/.ssh/authorized_keys
|
||||||
|
for key in /docker/keys/*.pub ; do
|
||||||
|
echo "- adding key $key"
|
||||||
|
cat $key >> /home/user/.ssh/authorized_keys
|
||||||
|
done
|
||||||
|
chown -R user /home/user/.ssh
|
||||||
|
|
||||||
|
# load cron
|
||||||
CRONFILE=`mktemp`
|
CRONFILE=`mktemp`
|
||||||
cat > $CRONFILE <<EOF
|
cat > $CRONFILE <<EOF
|
||||||
* * * * * echo "pif" >> /home/user/pif.log
|
* * * * * echo "pif" >> /home/user/pif.log
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue