use new gitea docker image as base image and customize a few files

Author: willemvd

.dockerignore

@@ -1,4 +1,4 @@
 .git
 .github/
 .dockerignore
-.DS_Store/s
+**/**/.DS_Store

Dockerfile

@@ -1,18 +1,15 @@
-FROM willemvd/ubuntu-unprivileged-git-ssh:1.0.0
+FROM gitea/gitea:latest
 MAINTAINER willemvd <willemvd@github>
 
-USER root
+ENV HOME /data/git
 
-COPY ./docker /app/gitea/docker
+COPY docker /
 
-RUN /app/gitea/docker/init/10-setup-gitea.sh && rm -rf docker
+RUN rm -rf /etc/s6/syslogd && \
+  chmod g+w /etc/passwd /var/run && \
+  chmod -R g+w /etc/s6 && \
+  chown -R git:root /app
 
 USER git
 
-# persistent volume for the host ssh key and gitea data
-VOLUME ["/etc/ssh/keys", "/data"]
-
 EXPOSE 2222 3000
-
-# Use baseimage-docker's init system.
-ENTRYPOINT ["/sbin/my_init", "--"]

README.md

@@ -2,4 +2,8 @@
 
 To support Gitea on an environment where no root user is allowed to run, like OpenShift Dedicated/Online, this Docker image can be used.
 
-The base image for this Gitea container is the Ubuntu unprivileged SSH Git container.
+The base image for this Gitea container is the Gitea official image
+
+To be able to do so, we run 
+- the OpenSSH server on port 2222 instead of 22
+- don't use syslogd, but let sshd print to stdout/stderr instead of file

docker/etc/ssh/sshd_config

@@ -0,0 +1,34 @@
+Port 2222
+Protocol 2
+
+PidFile /var/run/sshd.pid
+
+AddressFamily any
+ListenAddress 0.0.0.0
+ListenAddress ::
+
+LogLevel INFO
+
+HostKey /data/ssh/ssh_host_ed25519_key
+HostKey /data/ssh/ssh_host_rsa_key
+HostKey /data/ssh/ssh_host_dsa_key
+HostKey /data/ssh/ssh_host_ecdsa_key
+
+AuthorizedKeysFile .ssh/authorized_keys
+
+UseDNS no
+AllowAgentForwarding no
+AllowTcpForwarding no
+PrintMotd no
+
+PermitUserEnvironment yes
+PermitRootLogin no
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+PermitEmptyPasswords no
+
+AllowUsers git
+
+Banner none
+Subsystem sftp /usr/lib/ssh/sftp-server
+UsePrivilegeSeparation no

docker/gitea.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+sed -e "s/git:x:1000:/git:x:`id -u`:/g" /etc/passwd > /tmp/passwd && cat /tmp/passwd > /etc/passwd
+
+for FOLDER in /data/gitea/conf /data/gitea/log /data/git /data/ssh; do
+    mkdir -p ${FOLDER}
+done
+
+if [ $# -gt 0 ]; then
+    exec "$@"
+else
+    exec /bin/s6-svscan /etc/s6
+fi

docker/init/00-init-git-user-and-folders.sh

@@ -67,8 +67,6 @@ objects:
           resources: {}
           terminationMessagePath: /dev/termination-log
           volumeMounts:
-          - mountPath: /etc/ssh/keys
-            name: gitea-ssh-keys
           - mountPath: /data
             name: gitea-data
           livenessProbe:
@@ -96,9 +94,6 @@ objects:
         securityContext: {}
         terminationGracePeriodSeconds: 30
         volumes:
-        - name: gitea-ssh-keys
-          persistentVolumeClaim:
-            claimName: gitea-ssh-keys
         - name: gitea-data
           persistentVolumeClaim:
             claimName: gitea-data
@@ -163,16 +158,6 @@ objects:
     resources:
       requests:
         storage: ${GITEA_DATA_VOLUME_CAPACITY}
-- kind: PersistentVolumeClaim
-  apiVersion: v1
-  metadata:
-    name: gitea-ssh-keys
-  spec:
-    accessModes:
-      - ReadWriteMany
-    resources:
-      requests:
-        storage: ${GITEA_SSH_KEYS_VOLUME_CAPACITY}
 parameters:
 - description: The name for the application.
   name: APPLICATION_NAME
@@ -189,10 +174,6 @@ parameters:
 - description: 'Custom hostname for http service route.  Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>'
   name: HOSTNAME
   value: ""
-- description: Volume space available for data, e.g. 512Mi, 2Gi
-  name: GITEA_SSH_KEYS_VOLUME_CAPACITY
-  required: true
-  value: 1Mi
 - description: Volume space available for Gitea repository data, e.g. 512Mi, 2Gi
   name: GITEA_DATA_VOLUME_CAPACITY
   required: true