zzstoatzz.io
this repo has no description
1#!/bin/bash
2set -e
3
4# ensure ssh host keys exist
5if [ ! -f /etc/ssh/keys/ssh_host_ed25519_key ]; then
6 mkdir -p /etc/ssh/keys
7 ssh-keygen -t ed25519 -f /etc/ssh/keys/ssh_host_ed25519_key -N ''
8 ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_rsa_key -N ''
9 ssh-keygen -t ecdsa -f /etc/ssh/keys/ssh_host_ecdsa_key -N ''
10fi
11
12# ensure directories exist
13mkdir -p /home/git/repositories
14
15# ensure git user owns home directory
16chown -R git:git /home/git
17
18# configure sshd to listen on 0.0.0.0:22 for Fly.io proxy
19cat > /etc/ssh/sshd_config << 'EOF'
20Port 22
21ListenAddress 0.0.0.0
22HostKey /etc/ssh/keys/ssh_host_ed25519_key
23HostKey /etc/ssh/keys/ssh_host_rsa_key
24HostKey /etc/ssh/keys/ssh_host_ecdsa_key
25PasswordAuthentication no
26PubkeyAuthentication yes
27AuthorizedKeysFile none
28
29Match User git
30 AuthorizedKeysCommand /usr/bin/knot keys -o authorized-keys -internal-api http://localhost:5444 -git-dir /home/git/repositories
31 AuthorizedKeysCommandUser nobody
32EOF
33
34# start sshd on 0.0.0.0:22 (Fly proxy requires this)
35/usr/sbin/sshd -D -e &
36
37# run knotserver as git user (foreground)
38exec su -s /bin/bash git -c '/usr/bin/knot server'