From 0c8bc261d9c2c3d9cd44607ac28983396e64c54d Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Thu, 30 Jan 2020 19:02:19 +0100 Subject: [PATCH] fickit: save ssh keys between reboots --- configs/sshd-setup.sh | 16 ++++++++++++++++ fickit-backend.yml | 4 ++++ fickit-frontend.yml | 6 +++++- 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 configs/sshd-setup.sh diff --git a/configs/sshd-setup.sh b/configs/sshd-setup.sh new file mode 100644 index 00000000..0d4ee394 --- /dev/null +++ b/configs/sshd-setup.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +[ -f /var/lib/fic/ssh/sshd_config ] && exit 0 + +mkdir -p /var/lib/fic/ssh/ + +cp /containers/services/sshd/lower/etc/ssh/* /var/lib/fic/ssh/ + +mount -o bind /dev /containers/services/sshd/lower/dev +mount -o bind /proc /containers/services/sshd/lower/proc +mount -o bind /sys /containers/services/sshd/lower/sys +mount -o bind /var/lib/fic/ssh/ /containers/services/sshd/lower/etc/ssh + +chroot /containers/services/sshd/lower/ ssh-keygen -A + +umount /containers/services/sshd/lower/dev /containers/services/sshd/lower/proc /containers/services/sshd/lower/sys /containers/services/sshd/lower/etc/ssh diff --git a/fickit-backend.yml b/fickit-backend.yml index 9a6e77f4..60e0a2be 100644 --- a/fickit-backend.yml +++ b/fickit-backend.yml @@ -269,6 +269,10 @@ services: uts: new files: + - path: etc/init.d/015-setup-sshd + source: configs/sshd-setup.sh + mode: "0555" + - path: etc/sysctl.d/01-fic.conf source: configs/sysctl-backend.conf mode: "0444" diff --git a/fickit-frontend.yml b/fickit-frontend.yml index f60a5ce7..71f0ac64 100644 --- a/fickit-frontend.yml +++ b/fickit-frontend.yml @@ -209,13 +209,17 @@ services: ipc: new uts: new - name: dns-server - image: nemunaire/unbound:2c5d3b808517f1ad1cb829a474dec77db0a6513e + image: nemunaire/unbound:761b47b640c50d7eff2b6381ee9248957c4d1c3c binds: - /etc/unbound/unbound.d:/etc/unbound/unbound.d:ro net: /run/netns/nginx files: + - path: etc/init.d/015-setup-sshd + source: configs/sshd-setup.sh + mode: "0555" + - path: etc/sysctl.d/01-fic.conf source: configs/sysctl-frontend.conf mode: "0444"