init
This commit is contained in:
commit
7f8cedad6f
22
Dockerfile
Normal file
22
Dockerfile
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
FROM debian:10
|
||||||
|
|
||||||
|
WORKDIR /app
|
||||||
|
|
||||||
|
RUN addgroup eleve
|
||||||
|
|
||||||
|
RUN apt-get update && apt-get install -y \
|
||||||
|
ssh \
|
||||||
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
|
||||||
|
ENV TZ=Europe/Paris
|
||||||
|
|
||||||
|
#CMD ["sh", "-c", "echo lol"]
|
||||||
|
|
||||||
|
# SSH server
|
||||||
|
RUN mkdir /run/sshd
|
||||||
|
CMD ["/usr/sbin/sshd", "-E", "/dev/stderr", "-D"]
|
||||||
|
|
||||||
|
# Entrypoint
|
||||||
|
COPY ./entrypoint.sh ./entrypoint.sh
|
||||||
|
ENTRYPOINT ["./entrypoint.sh"]
|
9
docker-compose.yml
Normal file
9
docker-compose.yml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
build: .
|
||||||
|
volumes:
|
||||||
|
- ./config:/app/config
|
||||||
|
- ./home_eleves:/home
|
||||||
|
network_mode: "host"
|
||||||
|
restart: "unless-stopped"
|
70
entrypoint.sh
Executable file
70
entrypoint.sh
Executable file
@ -0,0 +1,70 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
HOME_BASE="/home"
|
||||||
|
USERS_LIST="/app/config/users.txt"
|
||||||
|
PASSWD_LIST="/app/config/passwords.txt"
|
||||||
|
CUSTOM_SCRIPT="/app/config/init.sh"
|
||||||
|
|
||||||
|
separator="=" # Must be ascii for cut
|
||||||
|
forbidden_chars=". / : # = \ "
|
||||||
|
|
||||||
|
# Check we got user list
|
||||||
|
if [ ! -f "$USERS_LIST" ] && [ ! -f "$PASSWD_LIST" ] ; then
|
||||||
|
echo "Les fichiers des utilisateurs ou des passwords n’ont pas étés trouvées."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
for c in $forbidden_chars ; do
|
||||||
|
if [ -n "$(cat "$USERS_LIST" | grep -F $c)" ] ; then
|
||||||
|
echo "Le fichier « $USERS_LIST » ne doit pas contenir le caractère « $c » !"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "-------------------------------------------------------------"
|
||||||
|
echo " Create users (and passwords if needed) as in $USERS_LIST"
|
||||||
|
# Generate passwords if not done yet
|
||||||
|
genPassowrd () {
|
||||||
|
tr -dc A-Za-z0-9 </dev/urandom | head -c $1
|
||||||
|
}
|
||||||
|
if [ ! -e "$PASSWD_LIST" ] ; then
|
||||||
|
touch "$PASSWD_LIST"
|
||||||
|
fi
|
||||||
|
for user in $(cat "$USERS_LIST") ; do
|
||||||
|
if [ -z "$user" ] || [ -n "$(cat $PASSWD_LIST | grep "$user$separator")" ] ; then continue ; fi
|
||||||
|
echo "$user$separator$(genPassowrd 6)" >> $PASSWD_LIST
|
||||||
|
done
|
||||||
|
|
||||||
|
for line in $(cat $PASSWD_LIST) ; do
|
||||||
|
name="$(echo "$line" | cut -d "$separator" -f 1)"
|
||||||
|
pass="$(echo "$line" | cut -d "$separator" -f 2)"
|
||||||
|
echo $name $pass
|
||||||
|
if [ -z "$name" ] || [ -z "$pass" ] ; then echo "Malformed line skipped: '$line'" ; continue ; fi
|
||||||
|
home="$HOME_BASE/$name"
|
||||||
|
mkdir -p "$home"
|
||||||
|
chmod 700 "$home"
|
||||||
|
useradd --home-dir "$home" --no-user-group -G eleve --shell /bin/bash "$name"
|
||||||
|
ret="$?"
|
||||||
|
if [ "$ret" -ne 0 ] && [ "$ret" -ne 9 ] ; then
|
||||||
|
echo "Can’t create user '$name'. Error '$ret'."
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
echo "$pass\n$pass" | passwd "$name" >/dev/null 2>/dev/null
|
||||||
|
chown "$name":eleve "$home"
|
||||||
|
done
|
||||||
|
|
||||||
|
|
||||||
|
echo "-------------------------------------------------------------"
|
||||||
|
echo " Allow SSH as root"
|
||||||
|
if [ -z "$(grep '^PermitRootLogin yes' /etc/ssh/sshd_config)" ] ; then
|
||||||
|
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "-------------------------------------------------------------"
|
||||||
|
echo " Setting root password"
|
||||||
|
echo "root\nroot" | passwd 2>/dev/null >/dev/null
|
||||||
|
|
||||||
|
|
||||||
|
echo "-------------------------------------------------------------"
|
||||||
|
echo " Running main process"
|
||||||
|
exec "$@"
|
Loading…
Reference in New Issue
Block a user