From 578b04e3f380cfd674cd545f6a4d673b4e046bf5 Mon Sep 17 00:00:00 2001
From: Mitch Riedstra <mitch@riedstra.us>
Date: Sun, 13 Sep 2020 16:10:11 -0400
Subject: Initial

---
 entrypoint.sh | 173 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 173 insertions(+)
 create mode 100755 entrypoint.sh

(limited to 'entrypoint.sh')

diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..11c2a7e
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,173 @@
+#!/bin/sh
+printf "\033[1;31m"
+set -e
+set -x
+
+SSHD_PORT="${SSHD_PORT:-8022}"
+NGINX_LISTEN="${NGINX_LISTEN:-8080}"
+# This is shown on the cgit user interface by default, you may
+# wish to change it
+FULL_NAME="${FULL_NAME:-Default Cgit User}"
+# Bash is installed by default, feel free to change this
+CGIT_SHELL="${CGIT_SHELL:-/bin/ash}"
+# UID and GID used by the `git` user inside of the container
+CGIT_UID="${CGIT_UID:-3500}"
+CGIT_GID="${CGIT_GID:-3500}"
+# Threads for fcgiwrap
+CGIT_THREADS="${CGIT_THREADS:-1}"
+# Where the SSH host keys will be stored, 
+SSH_HOST_KEY_DIR="${SSH_HOST_KEY_DIR:-/var/hostkeys/}"
+NGINX_WORKER_PROCESSES="${NGINX_WORKER_PROCESSES:-1}"
+NGINX_WORKER_CONNECTIONS="${NGINX_WORKER_CONNECTIONS:-1024}"
+
+printf "\033[0m"
+
+setup() {
+if [ "$(find /var/git -type f | wc -l)" -eq 0 ] ; then
+	cp -r /var/default/git/* /var/git/
+fi
+
+addgroup -g "${CGIT_GID}" git 
+adduser -h /var/git --gecos "$FULL_NAME" -D -s "${CGIT_SHELL}" -u "${CGIT_UID}" -G git git
+chown -R git:git /var/git
+passwd -u git
+
+addgroup nginx git
+
+if [ -n "$AUTHORIZED_KEYS" ] ; then
+		mkdir -p /etc/ssh/keys
+		echo "$AUTHORIZED_KEYS" | tee /etc/ssh/keys/git
+fi
+}
+
+# exec runsvdir /var/service
+# /var/service/nginx/run &
+
+run_nginx() {
+cat > /etc/nginx/nginx.conf <<NGINX
+worker_processes $NGINX_WORKER_PROCESSES;
+error_log /dev/fd/2;
+events {
+	worker_connections  $NGINX_WORKER_CONNECTIONS;
+}
+http {
+	access_log /dev/fd/1;
+	include	   mime.types;
+	default_type  application/octet-stream;
+	sendfile		on;
+	keepalive_timeout  65;
+	gzip  on;
+	server_tokens off;
+	server {
+		listen $NGINX_LISTEN; listen [::]:$NGINX_LISTEN;
+		root /var/git;
+	
+		location /local {
+			alias /var/git/local;
+			add_header Cache-Control "public, max-age=604800";
+		}
+	
+		location / {
+			try_files \$uri @cgit;
+		}
+
+		# Serve static files with nginx and allow local files to override
+		location ~* ^.+(cgit.(css|png)|favicon.ico|robots.txt) {
+			try_files @webappstatic @overrides;
+		}
+		location @webappstatic {
+			root /usr/share/webapps/cgit;
+			expires 30d;
+		}
+		location @overrides {
+			root /var/git;
+			expires 30d;
+		}
+
+		location @cgit {
+			gzip off;
+			fastcgi_param PATH_INFO \$uri;
+			fastcgi_param QUERY_STRING \$args;
+			fastcgi_param HTTP_HOST \$server_name;
+			fastcgi_param CGIT_CONFIG /var/git/cgit;
+			fastcgi_param  SCRIPT_FILENAME	/usr/share/webapps/cgit/cgit.cgi;
+			fastcgi_pass unix:/tmp/cgit/cgit.sock;
+		}
+	
+		# Make go-get work
+		if (\$arg_go-get = 1) {
+			return 200 '<meta name="go-import"
+			content="\$host\$uri git \$scheme://\$host\$uri.git">\\n';
+			# content="\$host\$uri git \$scheme://\$host/cgi-bin/cgit.cgi\$uri.git">\\n';
+		}
+	}
+}
+NGINX
+
+mkdir -p /run/nginx
+nginx -g 'daemon off;' &
+}
+
+run_cgit() {
+#!/bin/sh
+sockdir=/tmp/cgit
+if ! [ -d "$sockdir" ] ; then
+        mkdir "$sockdir"
+fi
+chown -R git:git /tmp/cgit
+socket="/tmp/cgit/cgit.sock"
+if [ -e "$socket" ] ; then
+        rm "$socket"
+fi
+umask 007
+# su git -c "fcgiwrap -c$CGIT_THREADS -s \"unix:$socket\" &"
+su git -c "fcgiwrap -f -c$CGIT_THREADS -s \"unix:$socket\" &"
+}
+
+
+run_sshd() {
+	if [ -d "$SSH_HOST_KEY_DIR" ] ; then
+		cp -v "$SSH_HOST_KEY_DIR"/* /etc/ssh/ || echo ""
+	fi
+	ssh-keygen -A
+	if [ -d "$SSH_HOST_KEY_DIR" ] ; then
+		cp -v /etc/ssh/ssh_host* "$SSH_HOST_KEY_DIR"/
+	fi
+
+	cat > /etc/ssh/sshd_config <<SSH_CONFIG
+Port $SSHD_PORT
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+AuthorizedKeysFile /etc/ssh/keys/%u .ssh/authorized_keys
+GatewayPorts no
+X11Forwarding no
+SSH_CONFIG
+
+	/usr/sbin/sshd -e -D &
+}
+
+watchServices() {
+interval="$1"; shift
+while true ; do
+	for service in nginx fcgiwrap sshd ; do
+		if ! pgrep "$service" >/dev/null ; then
+			echo "Service $service has stopped... quitting!"
+			exit 1
+		fi
+	done
+	sleep "$interval"
+done
+}
+
+
+setup
+run_nginx
+run_cgit
+run_sshd
+
+
+set +x
+# Bail out if a service stops, poll it every 30 seconds
+watchServices 30
+# or if you comment out the above, drop into a shell
+# exec /bin/ash "$@"
-- 
cgit v1.2.3