infra/codestorage/hg-ssh: Dockerfile annotate

Pull hostkeys when pulling SSH keys. Rather than relying on Kubernetes secrets and baking public keys right in, which was bound to get fraught, we now have some graceful degradation. It defaults to automatically-generated random keys, but will try to download some keys from Google Cloud Storage for the host. If it can find some, it'll try to use those, instead.

paddy@1	1 FROM secondbit/hg-repo-sync
paddy@1	2 MAINTAINER Paddy "<paddy@secondbit.org>"
paddy@0	3
paddy@0	4 ADD create_user.sh /usr/local/bin/helpers/create_user.sh
paddy@0	5 RUN chmod +x /usr/local/bin/helpers/create_user.sh
paddy@1	6 ADD run.sh /usr/local/bin/helpers/run-ssh.sh
paddy@1	7 RUN chmod +x /usr/local/bin/helpers/run-ssh.sh
paddy@1	8 ADD pullkeys.sh /usr/local/bin/helpers/pullkeys.sh
paddy@1	9 RUN chmod +x /usr/local/bin/helpers/pullkeys.sh
paddy@2	10 ADD post-commit-broadcast.sh /usr/local/bin/helpers/broadcast-to-frontends.sh
paddy@2	11 RUN chmod +x /usr/local/bin/helpers/broadcast-to-frontends.sh
paddy@2	12
paddy@2	13 ADD hgrc /etc/mercurial/hgrc
paddy@0	14
paddy@0	15 RUN mkdir /var/run/sshd
paddy@0	16
paddy@0	17 # install required packages
paddy@0	18 RUN apt-get -y update
paddy@2	19 RUN apt-get -y install openssh-server dnsutils
paddy@0	20
paddy@0	21 #ADD sshd_config /etc/ssh/sshd_config
paddy@0	22 RUN sed -ri 's/session required pam_loginuid.so/session optional pam_loginuid.so/g' /etc/pam.d/sshd
paddy@0	23 RUN sed -ri 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
paddy@0	24 RUN sed -ri 's/PermitRootLogin without-password/PermitRootLogin no/g' /etc/ssh/sshd_config
paddy@0	25
paddy@0	26 EXPOSE 22
paddy@0	27
paddy@1	28 CMD ["/usr/local/bin/helpers/run-ssh.sh"]

infra/codestorage/hg-ssh

infra/codestorage/hg-ssh/Dockerfile