deblan-mirror/borgwarehouse
deblan-mirror/borgwarehouse
1
0
Fork 0
mirror of https://github.com/Ravinou/borgwarehouse synced 2024-05-05 07:13:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: provide default sshd_config file for Docker

Browse source
This commit is contained in:
Ravinou 2024-02-09 22:50:14 +01:00
parent dbbbc08d5a
commit 65f3590a5a
No known key found for this signature in database
GPG key ID: EEEE670C40F6A4D7
4 changed files with 40 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Dockerfile
View file

@ -36,7 +36,7 @@ RUN apt-get update && apt-get install -y \
RUN groupadd -g ${GID} borgwarehouse && useradd -m -u ${UID} -g ${GID} borgwarehouse
RUN cp /etc/ssh/sshd_config /etc/ssh/moduli /home/borgwarehouse/
RUN cp /etc/ssh/moduli /home/borgwarehouse/
WORKDIR /home/borgwarehouse/app
@ -47,6 +47,7 @@ COPY --from=builder --chown=borgwarehouse:borgwarehouse /app/public ./public
COPY --from=builder --chown=borgwarehouse:borgwarehouse /app/.next/static ./.next/static
COPY --from=builder --chown=borgwarehouse:borgwarehouse /app/docker/supervisord.conf ./
COPY --from=builder --chown=borgwarehouse:borgwarehouse /app/docker/rsyslog.conf /etc/rsyslog.conf
COPY --from=builder --chown=borgwarehouse:borgwarehouse /app/docker/sshd_config ./
USER borgwarehouse

6
docker/docker-bw-init.sh
View file

@ -17,7 +17,11 @@ init_ssh_server() {
if [ -z "$(ls -A /etc/ssh)" ]; then
print_green "/etc/ssh is empty, generating SSH host keys..."
ssh-keygen -A
cp /home/borgwarehouse/sshd_config /home/borgwarehouse/moduli /etc/ssh/
cp /home/borgwarehouse/moduli /etc/ssh/
fi
if [ ! -f "/etc/ssh/sshd_config" ]; then
print_green "sshd_config not found in your volume, copying the default one..."
cp /home/borgwarehouse/app/sshd_config /etc/ssh/
fi
}

32
docker/sshd_config Normal file
View file

@ -0,0 +1,32 @@
Port 22
PidFile /home/borgwarehouse/tmp/sshd.pid
AllowUsers borgwarehouse
LogLevel INFO
SyslogFacility AUTH
# Security
Protocol 2
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
AuthenticationMethods publickey
MaxAuthTries 2
MaxStartups 2:30:10
LoginGraceTime 30
UsePAM no
# Useless options for BorgWarehouse
PrintMotd no
UseDNS no
AllowTcpForwarding no
X11Forwarding no
PermitTTY no
# Ciphers
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
# With low bandwidth or huge backup, uncomment the following lines to avoid SSH timeout (Broken pipe).
#ClientAliveInterval 600
#ClientAliveCountMax 0

2
docker/supervisord.conf
View file

@ -7,7 +7,7 @@ logfile_maxbytes=10MB
logfile_backups=5
[program:sshd]
command=/usr/sbin/sshd -D -e -o PidFile=/home/borgwarehouse/tmp/sshd.pid -o SyslogFacility=AUTH -o LogLevel=INFO -o PasswordAuthentication=no -o ChallengeResponseAuthentication=no -o UsePAM=no -o PermitRootLogin=no
command=/usr/sbin/sshd -D -e -f /etc/ssh/sshd_config
stdout_logfile=/home/borgwarehouse/tmp/sshd.log
stdout_logfile_maxbytes=10MB
stdout_logfile_backups=5