diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..6a204e0 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,47 @@ +FROM python:3-slim + +MAINTAINER n1trux +RUN apt-get update &&\ + apt-get -y upgrade &&\ + DEBIAN_FRONTEND=noninteractive apt-get -y install \ + nano rsync openssh-server acl + +# Clean up APT when done. +RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + + +# private/{scripts, administrate.py}, public/{scripts, userapplications.py}, config/userapplicatonsconfig.ini +#configs, logs, db +COPY config/applicationsconfig.ini /app/data/applicationsconfig.ini + +# admin scripts +COPY private/ /app/admin/ + +# user accessible scripts +# Make TILDE_ENV +COPY config/environment /app/user/.ssh/environment +COPY public/ /app/user/ +#SSH config into /etc :) +COPY config/etc /etc + +# create user for applications +RUN useradd -Md /app/user/ -s /app/user/userapplication.py tilde + +# make tilde's password empty +RUN passwd -d tilde +RUN usermod -U tilde + +# add admin user +RUN useradd -Md /app/admin -s /app/admin/administrate.py admin +# privilege separation directory +RUN mkdir -p /var/run/sshd + +# expose SSH port +EXPOSE 22 +ENV TILDE_CONF="/app/data/applicationsconfig.ini" +RUN touch /app/data/applications.sqlite +RUN touch /app/data/applications.log +# Doesnt work, @TODO why +#RUN setfacl -R -m u:tilde:rwx /app/data/ +RUN chown -R tilde /app/data +CMD ["/usr/sbin/sshd", "-D"] diff --git a/config/applicationsconfig.ini b/config/applicationsconfig.ini index 6b0f826..a930f9b 100755 --- a/config/applicationsconfig.ini +++ b/config/applicationsconfig.ini @@ -1,9 +1,9 @@ [DEFAULT] -base_path=/application/ +base_path=/app/data/ applications_db=%(base_path)sapplications.sqlite -log_dir=/application/ +log_dir=/app/data/ log_file=%(log_dir)sapplications.log -user_creationscript=%(base_path)smake-tilde-user.sh +user_creationscript=%(base_path)s/scripts/make-tilde-user.sh [USERS] UserGroup=tilde diff --git a/config/environment b/config/environment new file mode 100644 index 0000000..88ed684 --- /dev/null +++ b/config/environment @@ -0,0 +1 @@ +TILDE_CONF=/app/data/applicationsconfig.ini diff --git a/config/etc/ssh/sshd_config b/config/etc/ssh/sshd_config index 385ab46..5f5aeb1 100644 --- a/config/etc/ssh/sshd_config +++ b/config/etc/ssh/sshd_config @@ -2,6 +2,7 @@ UseDNS no Protocol 2 SyslogFacility AUTHPRIV PermitRootLogin no +PermitUserEnvironment yes PubkeyAuthentication yes ChallengeResponseAuthentication no Subsystem sftp /usr/lib/openssh/sftp-server diff --git a/public/useerapplication.py b/public/userapplication.py similarity index 100% rename from public/useerapplication.py rename to public/userapplication.py