infra/codestorage/hg-ssh

Paddy 2015-08-17 Child:2f4a2a20ad6d

0:eeaf3e97ed44 Browse Files

Initial commit. This hardcodes more than it should and syncs with Google Cloud Storage more than is really necessary, but it A) works and B) is currently on code.secondbit.org, so that should probably be recorded for posterity.

.hgignore Dockerfile create_user.sh 

     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/.hgignore	Mon Aug 17 19:07:28 2015 -0400
     1.3 @@ -0,0 +1,1 @@
     1.4 +.DS_Store

     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/Dockerfile	Mon Aug 17 19:07:28 2015 -0400
     2.3 @@ -0,0 +1,28 @@
     2.4 +FROM ubuntu:14.04
     2.5 +MAINTAINER Paddy Foran "<paddy@secondbit.org>"
     2.6 +
     2.7 +RUN groupadd -g 2000 committers
     2.8 +RUN mkdir -p /mounted/repos
     2.9 +RUN chown -R root:committers /mounted/repos
    2.10 +RUN chmod 0770 /mounted/repos
    2.11 +VOLUME /mounted
    2.12 +
    2.13 +ADD create_user.sh /usr/local/bin/helpers/create_user.sh
    2.14 +RUN chmod +x /usr/local/bin/helpers/create_user.sh
    2.15 +VOLUME /home
    2.16 +
    2.17 +RUN mkdir /var/run/sshd
    2.18 +
    2.19 +# install required packages
    2.20 +RUN apt-get -y update
    2.21 +RUN apt-get -y install openssh-server python-pip python-dev
    2.22 +RUN pip install Mercurial
    2.23 +
    2.24 +#ADD sshd_config /etc/ssh/sshd_config
    2.25 +RUN sed -ri 's/session    required     pam_loginuid.so/session    optional     pam_loginuid.so/g' /etc/pam.d/sshd
    2.26 +RUN sed -ri 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
    2.27 +RUN sed -ri 's/PermitRootLogin without-password/PermitRootLogin no/g' /etc/ssh/sshd_config
    2.28 +
    2.29 +EXPOSE 22
    2.30 +
    2.31 +CMD ["/usr/sbin/sshd", "-D"]

     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/create_user.sh	Mon Aug 17 19:07:28 2015 -0400
     3.3 @@ -0,0 +1,12 @@
     3.4 +#/bin/bash
     3.5 +
     3.6 +USERNAME=$1
     3.7 +IDS=$2
     3.8 +
     3.9 +adduser --disabled-password --gecos "" -u $IDS $USERNAME
    3.10 +mkdir -p /home/$USERNAME/.ssh && touch /home/$USERNAME/.ssh/authorized_keys
    3.11 +chmod 0700 /home/$USERNAME/.ssh && chmod 0600 /home/$USERNAME/.ssh/authorized_keys
    3.12 +chown -R $USERNAME:$USERNAME /home/$USERNAME/.ssh
    3.13 +usermod -g 2000 $USERNAME
    3.14 +
    3.15 +ln -s /mounted/repos /home/$USERNAME/repos