diff --git a/README.md b/README.md index fa544bc..2325530 100644 --- a/README.md +++ b/README.md @@ -149,6 +149,7 @@ Application root is `/app`. Application runs as user `application` (uid=1000). | `IMPORT_GITLAB_SERVER` | ssh | git.cron.eu | Gitlab instance to import SSH key from | | `IMPORT_GITLAB_PUB_KEYS` | ssh | | Gitlab user to import SSH keys from | | `IMPORT_GITHUB_PUB_KEYS` | ssh | | GitHub user to import SSH keys from | +| `IMPORT_PUB_KEYS` | ssh | | Additional SSH public keys to load, comma separated | | `SSH_CONFIG` | ssh | | The whole content of the `.ssh/config` file | | `SSH_KNOWN_HOSTS` | ssh | | The whole content of the `.ssh/known_hosts` file | | `SSH_PRIVATE_KEY` | ssh | | A SSH private key to load in an `ssh-agent`, useful if you run a SSH container with commands | | diff --git a/example-app/.env.example b/example-app/.env.example index 9f42d0e..351f9ff 100644 --- a/example-app/.env.example +++ b/example-app/.env.example @@ -8,6 +8,8 @@ #IMPORT_GITLAB_SERVER= #IMPORT_GITLAB_PUB_KEYS= #IMPORT_GITHUB_PUB_KEYS= +# Comma separated list of SSH public keys +#IMPORT_PUB_KEYS=ssh-ed25519 ... # ----------------------------------------- # For your application itself diff --git a/files/ssh/entrypoint.sh b/files/ssh/entrypoint.sh index a0ea5fb..4e7b3ef 100755 --- a/files/ssh/entrypoint.sh +++ b/files/ssh/entrypoint.sh @@ -24,8 +24,8 @@ fi # Make sure 'application' home directory exists... mkdir -p $APP_USER_HOME && chown $APP_USER $APP_USER_HOME -if [[ "$IS_RUN" == "false" ]] && [[ -z "${IMPORT_GITLAB_PUB_KEYS}" ]] && [[ -z "${IMPORT_GITHUB_PUB_KEYS}" ]]; then - echo "WARNING: env variable \$IMPORT_GITHUB_PUB_KEYS or IMPORT_GITLAB_PUB_KEYS is not set. Please set it to have access to this container via SSH." +if [[ "$IS_RUN" == "false" ]] && [[ -z "${IMPORT_GITLAB_PUB_KEYS}" ]] && [[ -z "${IMPORT_GITHUB_PUB_KEYS}" ]] && [[ -z "${IMPORT_PUB_KEYS}" ]] ; then + echo "WARNING: env variable \$IMPORT_GITHUB_PUB_KEYS, \$IMPORT_GITLAB_PUB_KEYS and \$IMPORT_PUB_KEYS are not set. Please set it one of it have access to this container via SSH." fi # ------------------------------------------------------------------------- @@ -62,6 +62,23 @@ if [[ ! -z "${IMPORT_GITHUB_PUB_KEYS}" && "$IS_RUN" == "false" ]]; then done fi +# ------------------------------------------------------------------------- +# Import SSH keys from IMPORT_PUB_KEYS + +if [[ ! -z "${IMPORT_PUB_KEYS}" && "$IS_RUN" == "false" ]]; then + echo "* importing SSH keys from \$IMPORT_PUB_KEYS:" + mkdir -p $APP_USER_HOME/.ssh + echo "# Keys from \$IMPORT_PUB_KEYS:" >> $APP_USER_HOME/.ssh/authorized_keys + IFS=',' read -ra keys <<< "$IMPORT_PUB_KEYS" + for key in "${keys[@]}"; do + trimmed=$(echo "$key" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//') + echo " - $trimmed" + echo "$trimmed" >> $APP_USER_HOME/.ssh/authorized_keys + done + chmod 600 $APP_USER_HOME/.ssh/authorized_keys + chown ${APP_USER}: $APP_USER_HOME/.ssh/authorized_keys +fi + # ------------------------------------------------------------------------- # Import SSH user settings from env