vst
/
env
2
1
Fork 0
Code Issues 19 Pull Requests Packages Projects Releases Wiki Activity

gitea: proxy ssh via local git user (#11)

Browse Source
single-dockerfile
Trammell Hudson 3 years ago
parent 25b78d4a0f
commit 1976e0f55f
4 changed files with 47 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 40
      gitea/add-ssh-user
  2. 7
      gitea/docker-compose.yaml
  3. 1
      gitea/env.production
  4. 2
      gitea/setup

40
gitea/add-ssh-user
Unescape View File

@ -0,0 +1,40 @@
#!/bin/bash
die() { echo >&2 "gitea: ERROR $*" ; exit 1 ; }
info() { echo >&2 "gitea: $*" ; }
if grep -q "^git:" /etc/passwd ; then
info "git user already exists"
exit 0
fi
SSHDIR="/home/git/.ssh"
addgroup --gid 2222 git \
|| die "unable to create git group"
adduser \
--uid 2222 \
--gid 2222 \
--disabled-password \
--gecos "Gitea Proxy User" \
git \
|| die "unable to add git user"
rm -f "$SSHDIR/id_rsa" "$SSHDIR/id_rsa.pub" "$SSHDIR/authorized_keys"
sudo -u git ssh-keygen \
-t rsa \
-b 4096 \
-C "Gitea Proxy User Key" \
-N "" \
-f "$SSHDIR/id_rsa" \
|| die "unable to create host key"
sudo -u git tee -a "$SSHDIR/authorized_keys" < "$SSHDIR/id_rsa.pub" \
|| die "unable to setup authorized key"
chmod 600 "$SSHDIR/authorized_keys"
cat <<"EOF" > "/usr/local/bin/gitea"
#!/bin/sh
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
EOF
chmod +x "/usr/local/bin/gitea"

7
gitea/docker-compose.yaml
Unescape View File

@ -12,8 +12,8 @@ services:
- env.production - env.production
- ../data/gitea/env.secrets - ../data/gitea/env.secrets
environment: environment:
- USER_UID=1000 - USER_UID=2222 # must match git user on host system
- USER_GID=1000 - USER_GID=2222
- GITEA__database__DB_TYPE=postgres - GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=db:5432 - GITEA__database__HOST=db:5432
- GITEA__database__NAME=gitea - GITEA__database__NAME=gitea
@ -25,9 +25,10 @@ services:
- ../data/gitea:/data - ../data/gitea:/data
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- /home/git/.ssh/:/data/git/.ssh
ports: ports:
- "3030:3000" - "3030:3000"
- "222:22" - "2222:22"
restart: always restart: always
depends_on: depends_on:
- db - db

1
gitea/env.production
Unescape View File

@ -4,3 +4,4 @@ GITEA__openid__ENABLE_OPENID_SIGNIN=true
GITEA__openid__ENABLE_OPENID_SIGNUP=false GITEA__openid__ENABLE_OPENID_SIGNUP=false
#GITEA__service__DISABLE_REGISTRATION=true #GITEA__service__DISABLE_REGISTRATION=true
GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=true GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=true
GITEA__repository__DEFAULT_BRANCH=main

2
gitea/setup
Unescape View File

@ -17,6 +17,7 @@ if [ -r "$SECRETS" ]; then
exit 0 exit 0
fi fi
./add-ssh-user || die "unable to add ssh user"
GITEA_CLIENT_SECRET="$(openssl rand -hex 32)" GITEA_CLIENT_SECRET="$(openssl rand -hex 32)"
GITEA_ADMIN_PASSWORD="$(openssl rand -hex 8)" GITEA_ADMIN_PASSWORD="$(openssl rand -hex 8)"
@ -29,6 +30,7 @@ cat <<EOF > "$SECRETS"
GITEA_CLIENT_SECRET=$GITEA_CLIENT_SECRET GITEA_CLIENT_SECRET=$GITEA_CLIENT_SECRET
GITEA_ADMIN_PASSWORD=$GITEA_ADMIN_PASSWORD GITEA_ADMIN_PASSWORD=$GITEA_ADMIN_PASSWORD
GITEA__server__ROOT_URL=https://$GITEA_HOSTNAME/ GITEA__server__ROOT_URL=https://$GITEA_HOSTNAME/
GITEA__server__SSH_DOMAIN=$GITEA_HOSTNAME
GITEA__security__INSTALL_LOCK=true GITEA__security__INSTALL_LOCK=true
GITEA__security__SECRET_KEY=$(openssl rand -hex 32) GITEA__security__SECRET_KEY=$(openssl rand -hex 32)
EOF EOF

Write Preview
Loading…
Cancel
Save