blob: a8de13d8f65d02086f75cea3f1ee2f52bf1480fe (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
#!/bin/sh
printf "\033[1;31m"
set -e
set -x
SSHD_PORT="${SSHD_PORT:-8022}"
NGINX_LISTEN="${NGINX_LISTEN:-8080}"
# This is shown on the cgit user interface by default, you may
# wish to change it
FULL_NAME="${FULL_NAME:-Default Cgit User}"
# Bash is installed by default, feel free to change this
CGIT_SHELL="${CGIT_SHELL:-/bin/ash}"
# UID and GID used by the `git` user inside of the container
CGIT_UID="${CGIT_UID:-3500}"
CGIT_GID="${CGIT_GID:-3500}"
# Threads for fcgiwrap
CGIT_THREADS="${CGIT_THREADS:-1}"
# Where the SSH host keys will be stored,
SSH_HOST_KEY_DIR="${SSH_HOST_KEY_DIR:-/var/hostkeys/}"
NGINX_WORKER_PROCESSES="${NGINX_WORKER_PROCESSES:-1}"
NGINX_WORKER_CONNECTIONS="${NGINX_WORKER_CONNECTIONS:-1024}"
printf "\033[0m"
# This is only run once in the container's lifetime unless /setup is removed
setup() {
if [ -e /setup ] ; then return ; fi
if [ "$(find /var/git -type f | wc -l)" -eq 0 ] ; then
cp -r /var/default/git/* /var/git/
fi
addgroup -g "${CGIT_GID}" git
adduser -h /var/git --gecos "$FULL_NAME" -D -s "${CGIT_SHELL}" -u "${CGIT_UID}" -G git git
passwd -u git
addgroup nginx git
if [ -n "$AUTHORIZED_KEYS" ] ; then
mkdir -p /etc/ssh/keys
echo "$AUTHORIZED_KEYS" | tee /etc/ssh/keys/git
fi
touch /setup
}
run_nginx() {
cat > /etc/nginx/nginx.conf <<NGINX
worker_processes $NGINX_WORKER_PROCESSES;
error_log /dev/fd/2;
events {
worker_connections $NGINX_WORKER_CONNECTIONS;
}
http {
access_log /dev/fd/1;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
server_tokens off;
server {
listen $NGINX_LISTEN; listen [::]:$NGINX_LISTEN;
root /var/git/.webroot;
location / {
try_files \$uri @cgit;
}
location @cgit {
gzip off;
fastcgi_param PATH_INFO \$uri;
fastcgi_param QUERY_STRING \$args;
fastcgi_param HTTP_HOST \$server_name;
fastcgi_param CGIT_CONFIG /var/git/cgit;
fastcgi_param SCRIPT_FILENAME /usr/share/webapps/cgit/cgit.cgi;
fastcgi_pass unix:/tmp/cgit/cgit.sock;
}
# Make go-get work
# Make the assumption that we're always running under default
# https. This may cause issues for strange setups. Don't do that.
if (\$arg_go-get = 1) {
return 200 '<meta name="go-import"
content="\$host\$uri git https://\$host\$uri">\\n';
}
}
}
NGINX
mkdir -p /run/nginx
nginx -g 'daemon off;' &
}
run_cgit() {
#!/bin/sh
sockdir=/tmp/cgit
if ! [ -d "$sockdir" ] ; then
mkdir "$sockdir"
fi
chown -R git:git /tmp/cgit
socket="/tmp/cgit/cgit.sock"
if [ -e "$socket" ] ; then
rm "$socket"
fi
umask 007
# su git -c "fcgiwrap -c$CGIT_THREADS -s \"unix:$socket\" &"
su git -c "fcgiwrap -f -c$CGIT_THREADS -s \"unix:$socket\" &"
}
run_sshd() {
if [ -d "$SSH_HOST_KEY_DIR" ] ; then
cp -v "$SSH_HOST_KEY_DIR"/* /etc/ssh/ || echo ""
fi
ssh-keygen -A
if [ -d "$SSH_HOST_KEY_DIR" ] ; then
cp -v /etc/ssh/ssh_host* "$SSH_HOST_KEY_DIR"/
fi
cat > /etc/ssh/sshd_config <<SSH_CONFIG
ListenAddress 0.0.0.0:$SSHD_PORT
ListenAddress [::]:$SSHD_PORT
ChallengeResponseAuthentication no
PasswordAuthentication no
AuthorizedKeysFile /etc/ssh/keys/%u .ssh/authorized_keys
GatewayPorts no
X11Forwarding no
SSH_CONFIG
/usr/sbin/sshd -e -D &
}
watchServices() {
interval="$1"; shift
while true ; do
for service in nginx fcgiwrap sshd ; do
if ! pgrep "$service" >/dev/null ; then
echo "Service $service has stopped... quitting!"
exit 1
fi
done
sleep "$interval"
done
}
setup
chown -R git:git /var/git
run_nginx
run_cgit
run_sshd
set +x
# Bail out if a service stops, poll it every 30 seconds
watchServices 30
# or if you comment out the above, drop into a shell
# exec /bin/ash "$@"
|
