path: root/entrypoint.sh

#!/bin/sh
printf "\033[1;31m"
set -e
set -x

SSHD_PORT="${SSHD_PORT:-8022}"
NGINX_LISTEN="${NGINX_LISTEN:-8080}"
# This is shown on the cgit user interface by default, you may
# wish to change it
FULL_NAME="${FULL_NAME:-Default Cgit User}"
# Bash is installed by default, feel free to change this
CGIT_SHELL="${CGIT_SHELL:-/bin/ash}"
# UID and GID used by the `git` user inside of the container
CGIT_UID="${CGIT_UID:-3500}"
CGIT_GID="${CGIT_GID:-3500}"
# Threads for fcgiwrap
CGIT_THREADS="${CGIT_THREADS:-1}"
# Where the SSH host keys will be stored, 
SSH_HOST_KEY_DIR="${SSH_HOST_KEY_DIR:-/var/hostkeys/}"
NGINX_WORKER_PROCESSES="${NGINX_WORKER_PROCESSES:-1}"
NGINX_WORKER_CONNECTIONS="${NGINX_WORKER_CONNECTIONS:-1024}"

printf "\033[0m"

# This is only run once in the container's lifetime unless /setup is removed
setup() {
if [ -e /setup ] ; then return ; fi
if [ "$(find /var/git -type f | wc -l)" -eq 0 ] ; then
	cp -r /var/default/git/* /var/git/
fi

addgroup -g "${CGIT_GID}" git
adduser -h /var/git --gecos "$FULL_NAME" -D -s "${CGIT_SHELL}" -u "${CGIT_UID}" -G git git
passwd -u git
addgroup nginx git

if [ -n "$AUTHORIZED_KEYS" ] ; then
		mkdir -p /etc/ssh/keys
		echo "$AUTHORIZED_KEYS" | tee /etc/ssh/keys/git
fi

touch /setup
}

run_nginx() {
cat > /etc/nginx/nginx.conf <<NGINX
worker_processes $NGINX_WORKER_PROCESSES;
error_log /dev/fd/2;
events {
	worker_connections  $NGINX_WORKER_CONNECTIONS;
}
http {
	access_log /dev/fd/1;
	include	   mime.types;
	default_type  application/octet-stream;
	sendfile		on;
	keepalive_timeout  65;
	gzip  on;
	server_tokens off;
	server {
		listen $NGINX_LISTEN; listen [::]:$NGINX_LISTEN;
		root /var/git;
	
		location /local {
			alias /var/git/local;
			add_header Cache-Control "public, max-age=604800";
		}
	
		location / {
			try_files \$uri @cgit;
		}

		# Serve static files with nginx and allow local files to override
		location ~* ^.+(cgit.(css|png)|favicon.ico|robots.txt) {
			try_files @webappstatic @overrides;
		}
		location @webappstatic {
			root /usr/share/webapps/cgit;
			expires 30d;
		}
		location @overrides {
			root /var/git;
			expires 30d;
		}

		location @cgit {
			gzip off;
			fastcgi_param PATH_INFO \$uri;
			fastcgi_param QUERY_STRING \$args;
			fastcgi_param HTTP_HOST \$server_name;
			fastcgi_param CGIT_CONFIG /var/git/cgit;
			fastcgi_param  SCRIPT_FILENAME	/usr/share/webapps/cgit/cgit.cgi;
			fastcgi_pass unix:/tmp/cgit/cgit.sock;
		}
	
		# Make go-get work
		# Make the assumption that we're always running under default
		# https. This may cause issues for strange setups. Don't do that.
		if (\$arg_go-get = 1) {
			return 200 '<meta name="go-import"
			content="\$host\$uri git https://\$host\$uri">\\n';
		}
	}
}
NGINX

mkdir -p /run/nginx
nginx -g 'daemon off;' &
}

run_cgit() {
#!/bin/sh
sockdir=/tmp/cgit
if ! [ -d "$sockdir" ] ; then
        mkdir "$sockdir"
fi
chown -R git:git /tmp/cgit
socket="/tmp/cgit/cgit.sock"
if [ -e "$socket" ] ; then
        rm "$socket"
fi
umask 007
# su git -c "fcgiwrap -c$CGIT_THREADS -s \"unix:$socket\" &"
su git -c "fcgiwrap -f -c$CGIT_THREADS -s \"unix:$socket\" &"
}

run_sshd() {
	if [ -d "$SSH_HOST_KEY_DIR" ] ; then
		cp -v "$SSH_HOST_KEY_DIR"/* /etc/ssh/ || echo ""
	fi
	ssh-keygen -A
	if [ -d "$SSH_HOST_KEY_DIR" ] ; then
		cp -v /etc/ssh/ssh_host* "$SSH_HOST_KEY_DIR"/
	fi

	cat > /etc/ssh/sshd_config <<SSH_CONFIG
ListenAddress 0.0.0.0:$SSHD_PORT
ListenAddress [::]:$SSHD_PORT
ChallengeResponseAuthentication no
PasswordAuthentication no
AuthorizedKeysFile /etc/ssh/keys/%u .ssh/authorized_keys
GatewayPorts no
X11Forwarding no
SSH_CONFIG

	/usr/sbin/sshd -e -D &
}

watchServices() {
interval="$1"; shift
while true ; do
	for service in nginx fcgiwrap sshd ; do
		if ! pgrep "$service" >/dev/null ; then
			echo "Service $service has stopped... quitting!"
			exit 1
		fi
	done
	sleep "$interval"
done
}

setup
chown -R git:git /var/git
run_nginx
run_cgit
run_sshd

set +x
# Bail out if a service stops, poll it every 30 seconds
watchServices 30
# or if you comment out the above, drop into a shell
# exec /bin/ash "$@"