-
Notifications
You must be signed in to change notification settings - Fork 13
/
entrypoint.sh
executable file
·35 lines (30 loc) · 1.07 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/bin/bash
set -euo pipefail
SECRETS_FILE=/run/secrets/authorized_keys
DATA_USER=data
DATA_DIR=/home/data
HOST_KEYS_DIR_PREFIX=/var/local
HOST_KEYS_DIR="$HOST_KEYS_DIR_PREFIX/etc/ssh"
# This won't be executed if keys already exist (i.e. from a volume)
mkdir -p "$HOST_KEYS_DIR"
ssh-keygen -A -f "$HOST_KEYS_DIR_PREFIX"
if [[ -n "${AUTHORIZED_KEYS:-}" ]]; then
# Copy authorized keys from ENV variable
echo "$AUTHORIZED_KEYS" | base64 -d >>"$AUTHORIZED_KEYS_FILE"
elif [[ -f "$SECRETS_FILE" ]]; then
cp "$SECRETS_FILE" "$AUTHORIZED_KEYS_FILE"
else
>&2 echo "Error! Missing AUTHORIZED_KEYS variable or file in /run/secrets/authorized_keys."
exit 1
fi
writeable="1"
grep "$DATA_DIR" /proc/mounts | grep " rw" || writeable=""
if [[ -n "$writeable" ]]; then
# Chown data folder (if mounted as a volume for the first time)
if [[ "$(stat -c %U:%G "$DATA_DIR")" != "$DATA_USER:$DATA_USER" ]]; then
>&2 echo Changing owner of "$DATA_DIR" to "$DATA_USER:$DATA_USER"
chown "$DATA_USER":"$DATA_USER" "$DATA_DIR"
fi
fi
# Run sshd on container start
exec /usr/sbin/sshd -D -e