rebase entrypoint to bash
This commit is contained in:
Dennis Hermsmeier
parent
92c3ff8539
commit
d9d7a63a91
@ -7,6 +7,7 @@ addons:
|
|||||||
packages:
|
packages:
|
||||||
- docker-ce
|
- docker-ce
|
||||||
- w3m
|
- w3m
|
||||||
|
- shellcheck
|
||||||
|
|
||||||
env:
|
env:
|
||||||
global:
|
global:
|
||||||
|
|||||||
@ -1,9 +1,9 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
# enable debug mode if desired
|
# enable debug mode if desired
|
||||||
if [ "${DEBUG}" = "true" ]; then
|
if [[ "${DEBUG}" == "true" ]]; then
|
||||||
set -x
|
set -x
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -16,13 +16,13 @@ log() {
|
|||||||
RED='\033[1;31m'
|
RED='\033[1;31m'
|
||||||
NO_COLOR='\033[0m'
|
NO_COLOR='\033[0m'
|
||||||
|
|
||||||
if [ "${LEVEL}" = "warning" ]; then
|
if [[ "${LEVEL}" == "warning" ]]; then
|
||||||
LOG_LEVEL="${YELLOW}WARN${NO_COLOR}"
|
LOG_LEVEL="${YELLOW}WARN${NO_COLOR}"
|
||||||
elif [ "${LEVEL}" = "error" ]; then
|
elif [[ "${LEVEL}" == "error" ]]; then
|
||||||
LOG_LEVEL="${RED}ERROR${NO_COLOR}"
|
LOG_LEVEL="${RED}ERROR${NO_COLOR}"
|
||||||
else
|
else
|
||||||
LOG_LEVEL="${WHITE}INFO${NO_COLOR}"
|
LOG_LEVEL="${WHITE}INFO${NO_COLOR}"
|
||||||
if [ -z "${TO_LOG}" ]; then
|
if [[ -z "${TO_LOG}" ]]; then
|
||||||
TO_LOG="${1}"
|
TO_LOG="${1}"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@ -45,15 +45,15 @@ generate_passwd() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# ensure backward comaptibility for earlier versions of this image
|
# ensure backward comaptibility for earlier versions of this image
|
||||||
if [ -n "${KEYPAIR_LOGIN}" ] && [ "${KEYPAIR_LOGIN}" = "true" ]; then
|
if [[ -n "${KEYPAIR_LOGIN}" ]] && [[ "${KEYPAIR_LOGIN}" == "true" ]]; then
|
||||||
ROOT_KEYPAIR_LOGIN_ENABLED="${KEYPAIR_LOGIN}"
|
ROOT_KEYPAIR_LOGIN_ENABLED="${KEYPAIR_LOGIN}"
|
||||||
fi
|
fi
|
||||||
if [ -n "${ROOT_PASSWORD}" ]; then
|
if [[ -n "${ROOT_PASSWORD}" ]]; then
|
||||||
ROOT_LOGIN_UNLOCKED="true"
|
ROOT_LOGIN_UNLOCKED="true"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# enable root login if keypair login is enabled
|
# enable root login if keypair login is enabled
|
||||||
if [ "${ROOT_KEYPAIR_LOGIN_ENABLED}" = "true" ]; then
|
if [[ "${ROOT_KEYPAIR_LOGIN_ENABLED}" == "true" ]]; then
|
||||||
ROOT_LOGIN_UNLOCKED="true"
|
ROOT_LOGIN_UNLOCKED="true"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -68,20 +68,20 @@ ssh-keygen -A 1>/dev/null
|
|||||||
|
|
||||||
log "Applying configuration for 'root' user ..."
|
log "Applying configuration for 'root' user ..."
|
||||||
|
|
||||||
if [ "${ROOT_LOGIN_UNLOCKED}" = "true" ] ; then
|
if [[ "${ROOT_LOGIN_UNLOCKED}" == "true" ]] ; then
|
||||||
|
|
||||||
# generate random root password
|
# generate random root password
|
||||||
if [ -z "${ROOT_PASSWORD}" ]; then
|
if [[ -z "${ROOT_PASSWORD}" ]]; then
|
||||||
log " generating random password for user 'root'"
|
log " generating random password for user 'root'"
|
||||||
ROOT_PASSWORD="$(generate_passwd)"
|
ROOT_PASSWORD="$(generate_passwd)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "root:${ROOT_PASSWORD}" | chpasswd >/dev/null 2>&1
|
echo "root:${ROOT_PASSWORD}" | chpasswd &>/dev/null
|
||||||
log " password for user 'root' set"
|
log " password for user 'root' set"
|
||||||
log "warning" " user 'root' is now UNLOCKED"
|
log "warning" " user 'root' is now UNLOCKED"
|
||||||
|
|
||||||
# set root login mode by password or keypair
|
# set root login mode by password or keypair
|
||||||
if [ "${ROOT_KEYPAIR_LOGIN_ENABLED}" = "true" ] && [ -f "${HOME}/.ssh/authorized_keys" ] ; then
|
if [[ "${ROOT_KEYPAIR_LOGIN_ENABLED}" == "true" ]] && [[ -f "${HOME}/.ssh/authorized_keys" ]]; then
|
||||||
sed -i "s/#PermitRootLogin.*/PermitRootLogin without-password/" /etc/ssh/sshd_config
|
sed -i "s/#PermitRootLogin.*/PermitRootLogin without-password/" /etc/ssh/sshd_config
|
||||||
sed -i "s/#PasswordAuthentication.*/PasswordAuthentication no/" /etc/ssh/sshd_config
|
sed -i "s/#PasswordAuthentication.*/PasswordAuthentication no/" /etc/ssh/sshd_config
|
||||||
ensure_mod "${HOME}/.ssh/authorized_keys" "0600" "root" "root"
|
ensure_mod "${HOME}/.ssh/authorized_keys" "0600" "root" "root"
|
||||||
@ -99,11 +99,11 @@ else
|
|||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
printf "\n" ""
|
printf "\n"
|
||||||
|
|
||||||
log "Applying configuration for additional users ..."
|
log "Applying configuration for additional users ..."
|
||||||
|
|
||||||
if [ ! -x "${USER_LOGIN_SHELL}" ]; then
|
if [[ ! -x "${USER_LOGIN_SHELL}" ]]; then
|
||||||
log "error" " can not allocate desired shell '${USER_LOGIN_SHELL}', falling back to '${USER_LOGIN_SHELL_FALLBACK}' ..."
|
log "error" " can not allocate desired shell '${USER_LOGIN_SHELL}', falling back to '${USER_LOGIN_SHELL_FALLBACK}' ..."
|
||||||
USER_LOGIN_SHELL="${USER_LOGIN_SHELL_FALLBACK}"
|
USER_LOGIN_SHELL="${USER_LOGIN_SHELL_FALLBACK}"
|
||||||
fi
|
fi
|
||||||
@ -111,7 +111,7 @@ fi
|
|||||||
log " desired shell is ${USER_LOGIN_SHELL}"
|
log " desired shell is ${USER_LOGIN_SHELL}"
|
||||||
|
|
||||||
|
|
||||||
if [ -n "${SSH_USERS}" ]; then
|
if [[ -n "${SSH_USERS}" ]]; then
|
||||||
|
|
||||||
IFS=","
|
IFS=","
|
||||||
for USER in ${SSH_USERS}; do
|
for USER in ${SSH_USERS}; do
|
||||||
@ -122,14 +122,14 @@ if [ -n "${SSH_USERS}" ]; then
|
|||||||
USER_UID="$(echo "${USER}" | cut -d ':' -f 2)"
|
USER_UID="$(echo "${USER}" | cut -d ':' -f 2)"
|
||||||
USER_GID="$(echo "${USER}" | cut -d ':' -f 3)"
|
USER_GID="$(echo "${USER}" | cut -d ':' -f 3)"
|
||||||
|
|
||||||
if [ -z "${USER_NAME}" ] || [ -z "${USER_UID}" ] || [ -z "${USER_GID}" ]; then
|
if [[ -z "${USER_NAME}" ]] || [[ -z "${USER_UID}" ]] || [[ -z "${USER_GID}" ]]; then
|
||||||
log "error" " skipping invalid data '${USER_NAME}' - UID: '${USER_UID}' GID: '${USER_GID}'"
|
log "error" " skipping invalid data '${USER_NAME}' - UID: '${USER_UID}' GID: '${USER_GID}'"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
getent group "${USER_GID}" >/dev/null 2>&1 || addgroup -g "${USER_GID}" "${USER_NAME}"
|
getent group "${USER_GID}" &>/dev/null || addgroup -g "${USER_GID}" "${USER_NAME}"
|
||||||
getent passwd "${USER_NAME}" >/dev/null 2>&1 || adduser -s "${USER_LOGIN_SHELL}" -D -u "${USER_UID}" -G "${USER_NAME}" "${USER_NAME}"
|
getent passwd "${USER_NAME}" &>/dev/null || adduser -s "${USER_LOGIN_SHELL}" -D -u "${USER_UID}" -G "${USER_NAME}" "${USER_NAME}"
|
||||||
passwd -u "${USER_NAME}" >/dev/null 2>&1
|
passwd -u "${USER_NAME}" &>/dev/null
|
||||||
mkdir -p "/home/${USER_NAME}/.ssh"
|
mkdir -p "/home/${USER_NAME}/.ssh"
|
||||||
|
|
||||||
log " user '${USER_NAME}' created - UID: '${USER_UID}' GID: '${USER_GID}'"
|
log " user '${USER_NAME}' created - UID: '${USER_UID}' GID: '${USER_GID}'"
|
||||||
@ -137,7 +137,7 @@ if [ -n "${SSH_USERS}" ]; then
|
|||||||
MOUNTED_AUTHORIZED_KEYS="${AUTHORIZED_KEYS_VOLUME}/${USER_NAME}"
|
MOUNTED_AUTHORIZED_KEYS="${AUTHORIZED_KEYS_VOLUME}/${USER_NAME}"
|
||||||
LOCAL_AUTHORIZED_KEYS="/home/${USER_NAME}/.ssh/authorized_keys"
|
LOCAL_AUTHORIZED_KEYS="/home/${USER_NAME}/.ssh/authorized_keys"
|
||||||
|
|
||||||
if [ ! -e "${MOUNTED_AUTHORIZED_KEYS}" ]; then
|
if [[ ! -e "${MOUNTED_AUTHORIZED_KEYS}" ]]; then
|
||||||
log "warning" " no SSH authorized_keys found for user '${USER_NAME}'"
|
log "warning" " no SSH authorized_keys found for user '${USER_NAME}'"
|
||||||
else
|
else
|
||||||
cp "${MOUNTED_AUTHORIZED_KEYS}" "${LOCAL_AUTHORIZED_KEYS}"
|
cp "${MOUNTED_AUTHORIZED_KEYS}" "${LOCAL_AUTHORIZED_KEYS}"
|
||||||
@ -146,7 +146,7 @@ if [ -n "${SSH_USERS}" ]; then
|
|||||||
log " set mod 0600 on ${LOCAL_AUTHORIZED_KEYS}"
|
log " set mod 0600 on ${LOCAL_AUTHORIZED_KEYS}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
printf "\n" ""
|
printf "\n"
|
||||||
|
|
||||||
done
|
done
|
||||||
unset IFS
|
unset IFS
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user