diff options
Diffstat (limited to 'entrypoint.sh')
| -rwxr-xr-x | entrypoint.sh | 173 |
1 files changed, 173 insertions, 0 deletions
diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..11c2a7e --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,173 @@ +#!/bin/sh +printf "\033[1;31m" +set -e +set -x + +SSHD_PORT="${SSHD_PORT:-8022}" +NGINX_LISTEN="${NGINX_LISTEN:-8080}" +# This is shown on the cgit user interface by default, you may +# wish to change it +FULL_NAME="${FULL_NAME:-Default Cgit User}" +# Bash is installed by default, feel free to change this +CGIT_SHELL="${CGIT_SHELL:-/bin/ash}" +# UID and GID used by the `git` user inside of the container +CGIT_UID="${CGIT_UID:-3500}" +CGIT_GID="${CGIT_GID:-3500}" +# Threads for fcgiwrap +CGIT_THREADS="${CGIT_THREADS:-1}" +# Where the SSH host keys will be stored, +SSH_HOST_KEY_DIR="${SSH_HOST_KEY_DIR:-/var/hostkeys/}" +NGINX_WORKER_PROCESSES="${NGINX_WORKER_PROCESSES:-1}" +NGINX_WORKER_CONNECTIONS="${NGINX_WORKER_CONNECTIONS:-1024}" + +printf "\033[0m" + +setup() { +if [ "$(find /var/git -type f | wc -l)" -eq 0 ] ; then + cp -r /var/default/git/* /var/git/ +fi + +addgroup -g "${CGIT_GID}" git +adduser -h /var/git --gecos "$FULL_NAME" -D -s "${CGIT_SHELL}" -u "${CGIT_UID}" -G git git +chown -R git:git /var/git +passwd -u git + +addgroup nginx git + +if [ -n "$AUTHORIZED_KEYS" ] ; then + mkdir -p /etc/ssh/keys + echo "$AUTHORIZED_KEYS" | tee /etc/ssh/keys/git +fi +} + +# exec runsvdir /var/service +# /var/service/nginx/run & + +run_nginx() { +cat > /etc/nginx/nginx.conf <<NGINX +worker_processes $NGINX_WORKER_PROCESSES; +error_log /dev/fd/2; +events { + worker_connections $NGINX_WORKER_CONNECTIONS; +} +http { + access_log /dev/fd/1; + include mime.types; + default_type application/octet-stream; + sendfile on; + keepalive_timeout 65; + gzip on; + server_tokens off; + server { + listen $NGINX_LISTEN; listen [::]:$NGINX_LISTEN; + root /var/git; + + location /local { + alias /var/git/local; + add_header Cache-Control "public, max-age=604800"; + } + + location / { + try_files \$uri @cgit; + } + + # Serve static files with nginx and allow local files to override + location ~* ^.+(cgit.(css|png)|favicon.ico|robots.txt) { + try_files @webappstatic @overrides; + } + location @webappstatic { + root /usr/share/webapps/cgit; + expires 30d; + } + location @overrides { + root /var/git; + expires 30d; + } + + location @cgit { + gzip off; + fastcgi_param PATH_INFO \$uri; + fastcgi_param QUERY_STRING \$args; + fastcgi_param HTTP_HOST \$server_name; + fastcgi_param CGIT_CONFIG /var/git/cgit; + fastcgi_param SCRIPT_FILENAME /usr/share/webapps/cgit/cgit.cgi; + fastcgi_pass unix:/tmp/cgit/cgit.sock; + } + + # Make go-get work + if (\$arg_go-get = 1) { + return 200 '<meta name="go-import" + content="\$host\$uri git \$scheme://\$host\$uri.git">\\n'; + # content="\$host\$uri git \$scheme://\$host/cgi-bin/cgit.cgi\$uri.git">\\n'; + } + } +} +NGINX + +mkdir -p /run/nginx +nginx -g 'daemon off;' & +} + +run_cgit() { +#!/bin/sh +sockdir=/tmp/cgit +if ! [ -d "$sockdir" ] ; then + mkdir "$sockdir" +fi +chown -R git:git /tmp/cgit +socket="/tmp/cgit/cgit.sock" +if [ -e "$socket" ] ; then + rm "$socket" +fi +umask 007 +# su git -c "fcgiwrap -c$CGIT_THREADS -s \"unix:$socket\" &" +su git -c "fcgiwrap -f -c$CGIT_THREADS -s \"unix:$socket\" &" +} + + +run_sshd() { + if [ -d "$SSH_HOST_KEY_DIR" ] ; then + cp -v "$SSH_HOST_KEY_DIR"/* /etc/ssh/ || echo "" + fi + ssh-keygen -A + if [ -d "$SSH_HOST_KEY_DIR" ] ; then + cp -v /etc/ssh/ssh_host* "$SSH_HOST_KEY_DIR"/ + fi + + cat > /etc/ssh/sshd_config <<SSH_CONFIG +Port $SSHD_PORT +ChallengeResponseAuthentication no +PasswordAuthentication no +AuthorizedKeysFile /etc/ssh/keys/%u .ssh/authorized_keys +GatewayPorts no +X11Forwarding no +SSH_CONFIG + + /usr/sbin/sshd -e -D & +} + +watchServices() { +interval="$1"; shift +while true ; do + for service in nginx fcgiwrap sshd ; do + if ! pgrep "$service" >/dev/null ; then + echo "Service $service has stopped... quitting!" + exit 1 + fi + done + sleep "$interval" +done +} + + +setup +run_nginx +run_cgit +run_sshd + + +set +x +# Bail out if a service stops, poll it every 30 seconds +watchServices 30 +# or if you comment out the above, drop into a shell +# exec /bin/ash "$@" |