tangled.org / knot-docker
Community maintained Docker config for the knot server
fork atom

Add authorized_keys_command.conf to Dockerfile #4

closed opened by ionchy.ca targeting main from ionchy.ca/knot-docker: main

I couldn't push or pull from any repositories until I set -git-dir following the instructions in knot-hosting, so maybe this file should just created when creating the Dockerfile?

Labels

None yet.

Participants 1
AT URI
at://did:plc:ypsrm6ue6o5xk5kvbdhwtppm/sh.tangled.repo.pull/3ly3ytvmoja22
+20 -1
Diff #1
unified split
+3
rootfs/etc/ssh/sshd_config.d/authorized_keys_command.conf
··· 1 + Match User git 2 + AuthorizedKeysCommand /usr/bin/knot keys -o authorized-keys -git-dir /home/git/repositories 3 + AuthorizedKeysCommandUser nobody
+6 -1
Dockerfile
··· 20 20 label org.opencontainers.image.vendor='tangled.sh' 21 21 label org.opencontainers.image.licenses='MIT' 22 22 23 + arg UID=1000 24 + arg GID=1000 25 + 23 26 copy rootfs . 24 27 run chmod 755 /etc 25 28 run chmod -R 755 /etc/s6-overlay 26 29 run apk add shadow s6-overlay execline openssl openssh git curl bash 27 - run useradd -d /home/git git && openssl rand -hex 16 | passwd --stdin git 30 + run groupadd -g $GID -f git 31 + run useradd -u $UID -g $GID -d /home/git git 32 + run openssl rand -hex 16 | passwd --stdin git 28 33 run mkdir -p /home/git/repositories && chown -R git:git /home/git 29 34 copy --from=builder /usr/bin/knot /usr/bin 30 35 run mkdir /app && chown -R git:git /app
+11
readme.md
··· 29 29 The command above for example will build the latest commit on the `master` 30 30 branch. 31 31 32 + By default it will also create a `git` user with user and group ID 1000:1000, 33 + but you can change it with the `UID` and `GID` build arguments. 34 + 35 + ```sh 36 + docker build -t knot:latest --build-arg UID=(id -u) GID=(id -u) 37 + ``` 38 + 39 + The command above for example will create a user with the host user's UID and GID. 40 + This is useful if you are bind mounting the repositories and app folder on the host, 41 + as in the provided `docker-compose.yml` file. 42 + 32 43 <hr style="margin-bottom: 20px; margin-top: 10px" /> 33 44 34 45 When using compose, it can be specified as a build argument which will be

Submissions
sign up or login to add to the discussion
ionchy.ca submitted #3
diff interdiff
4 commits
expand
350aad4a
Add authorized_keys_command.conf with correct git directory
ebb28c22
Add UID and GID arguments to Dockerfile
e58c057c
typo
beb70707
another typo
closed without merging
ionchy.ca submitted #2
diff interdiff
3 commits
expand
350aad4a
Add authorized_keys_command.conf with correct git directory
ebb28c22
Add UID and GID arguments to Dockerfile
e58c057c
typo
ionchy.ca

I also added UID and GID args that can be set during build, so following the example command should fix #2 by providing a UID and GID that exist on the host so that the directories owned by git in the container can be bind mounted on the host. (I'm not sure how to change the title of the PR to reflect this...)

ionchy.ca submitted #1
interdiff
2 commits
expand
350aad4a
Add authorized_keys_command.conf with correct git directory
ebb28c22
Add UID and GID arguments to Dockerfile
ionchy.ca submitted #0
diff
1 commit
expand
350aad4a
Add authorized_keys_command.conf with correct git directory