fickit: save ssh keys between reboots

2020-01-30 19:02:19 +01:00 · 2020-01-30 19:02:19 +01:00 · 0c8bc261d9
parent bb9dd10f00
commit 0c8bc261d9
3 changed files with 25 additions and 1 deletions
--- a/configs/sshd-setup.sh
+++ b/configs/sshd-setup.sh
@ -0,0 +1,16 @@
+#!/bin/sh
+
+[ -f /var/lib/fic/ssh/sshd_config ] && exit 0
+
+mkdir -p /var/lib/fic/ssh/
+
+cp /containers/services/sshd/lower/etc/ssh/* /var/lib/fic/ssh/
+
+mount -o bind /dev /containers/services/sshd/lower/dev
+mount -o bind /proc /containers/services/sshd/lower/proc
+mount -o bind /sys /containers/services/sshd/lower/sys
+mount -o bind /var/lib/fic/ssh/ /containers/services/sshd/lower/etc/ssh
+
+chroot /containers/services/sshd/lower/ ssh-keygen -A
+
+umount /containers/services/sshd/lower/dev /containers/services/sshd/lower/proc /containers/services/sshd/lower/sys /containers/services/sshd/lower/etc/ssh
--- a/fickit-backend.yml
+++ b/fickit-backend.yml
@ -269,6 +269,10 @@ services:
    uts: new

 files:
+  - path: etc/init.d/015-setup-sshd
+    source: configs/sshd-setup.sh
+    mode: "0555"
+
  - path: etc/sysctl.d/01-fic.conf
    source: configs/sysctl-backend.conf
    mode: "0444"
--- a/fickit-frontend.yml
+++ b/fickit-frontend.yml
@ -209,13 +209,17 @@ services:
    ipc: new
    uts: new
  - name: dns-server
-    image: nemunaire/unbound:2c5d3b808517f1ad1cb829a474dec77db0a6513e
+    image: nemunaire/unbound:761b47b640c50d7eff2b6381ee9248957c4d1c3c
    binds:
      - /etc/unbound/unbound.d:/etc/unbound/unbound.d:ro
    net: /run/netns/nginx


 files:
+  - path: etc/init.d/015-setup-sshd
+    source: configs/sshd-setup.sh
+    mode: "0555"
+
  - path: etc/sysctl.d/01-fic.conf
    source: configs/sysctl-frontend.conf
    mode: "0444"