diff --git a/.gitea/workflows/container.yaml b/.gitea/workflows/container.yaml new file mode 100644 index 0000000..e48b3fd --- /dev/null +++ b/.gitea/workflows/container.yaml @@ -0,0 +1,12 @@ +name: Build Multiarch Container Image +on: [push] +jobs: + call-reusable-workflow: + uses: container/multiarch-build-workflow/.gitea/workflows/build.yaml@main + with: + repository: ${{ gitea.repository }} + ref_name: ${{ gitea.ref_name }} + sha: ${{ gitea.sha }} + registry_url: ${{ secrets.REGISTRY_URL }} + registry_user: ${{ secrets.REGISTRY_USER }} + registry_pw: ${{ secrets.REGISTRY_PW }} diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 6c9cb03..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,12 +0,0 @@ -stages: - - build - -variables: - IMAGE_NAME: thallian/user-access - CI_BUILD_ARCHS: "linux/amd64,linux/arm64" - -build: - stage: build - script: - - docker login -u $DOCKER_USER -p $DOCKER_PASSWORD $DOCKER_REGISTRY - - docker buildx build --platform "$CI_BUILD_ARCHS" --progress plain --pull --tag "$IMAGE_NAME:$CI_COMMIT_SHA" --tag "$IMAGE_NAME:$CI_COMMIT_REF_NAME" --tag "$IMAGE_NAME:latest" --push . diff --git a/Dockerfile b/Containerfile similarity index 64% rename from Dockerfile rename to Containerfile index 70ef3ac..17ff3cc 100644 --- a/Dockerfile +++ b/Containerfile @@ -1,12 +1,10 @@ -FROM thallian/confd-env:latest +FROM docker.io/thallian/confd-env:3.19-3.1.6.2 RUN apk add --no-cache \ openssl \ openssh-client \ zlib \ - perl - -RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \ + perl \ proftpd \ proftpd-mod_sftp \ proftpd-utils @@ -22,6 +20,6 @@ ADD /rootfs / WORKDIR / -VOLUME /etc/proftpd/keys /var/lib/ftp/data +VOLUME /var/lib/ftp/data -EXPOSE 22 +EXPOSE 2222 diff --git a/README.md b/README.md index 7d6f401..4179f23 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,19 @@ File access with [ProFTPD](http://www.proftpd.org/) over sftp and a static user/ # Volumes - `/var/lib/ftp/data`: root directory for files -- `/etc/proftpd/keys`: ssh key files + +# Files +## /etc/proftpd/keys/dhparams.pem +``` +openssl dhparam -outform PEM -5 + +``` + +## /etc/proftpd/keys/ssh_key +``` +ssh-keygen -b 2048 -t ed25519 -q -N "" -f ./ssh +cat ./ssh +``` # Environment Variables ## SERVER_NAME @@ -25,5 +37,6 @@ Uid for the static user. ## STATIC_GID Gid for the static user. + # Ports -- 22 +- 2222 diff --git a/rootfs/etc/cont-init.d/04-static-user b/rootfs/bin/static-user old mode 100644 new mode 100755 similarity index 75% rename from rootfs/etc/cont-init.d/04-static-user rename to rootfs/bin/static-user index f5cdf5c..c3d62c4 --- a/rootfs/etc/cont-init.d/04-static-user +++ b/rootfs/bin/static-user @@ -1,12 +1,12 @@ -#!/usr/bin/with-contenv sh +#!/bin/sh if [ ! -z ${STATIC_USER+x} ]; then echo ${STATIC_PASSWORD} | ftpasswd \ --sha512 \ --passwd \ --home /var/lib/ftp/data \ - --uid "$STATIC_UID" \ - --gid "$STATIC_GID" \ + --uid "2222" \ + --gid "2222" \ --name "$STATIC_USER" \ --shell /bin/sh \ --file /etc/proftpd/passwd \ diff --git a/rootfs/etc/confd/templates/proftpd.conf.tmpl b/rootfs/etc/confd/templates/proftpd.conf.tmpl index f59eafb..4b2a955 100644 --- a/rootfs/etc/confd/templates/proftpd.conf.tmpl +++ b/rootfs/etc/confd/templates/proftpd.conf.tmpl @@ -3,7 +3,7 @@ Include /etc/proftpd/modules.d/*.conf ServerName "{{getenv "SERVER_NAME"}}" ServerType standalone DefaultServer on -Port 22 +Port 2222 UseIPv6 off Umask {{ getenv "UMASK" "006 007" }} MaxInstances 30 @@ -27,6 +27,6 @@ AuthUserFile /etc/proftpd/passwd SFTPEngine on SFTPAuthMethods password SFTPDHParamFile /etc/proftpd/keys/dhparams.pem - SFTPHostKey /etc/proftpd/keys/ssh_rsa_key + SFTPHostKey /etc/proftpd/keys/ssh_key SFTPOptions IgnoreSCPUploadPerms IgnoreSFTPUploadPerms diff --git a/rootfs/etc/cont-init.d/02-dhparam b/rootfs/etc/cont-init.d/02-dhparam deleted file mode 100644 index 9d4e7b5..0000000 --- a/rootfs/etc/cont-init.d/02-dhparam +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/with-contenv sh - -if [ ! -f /etc/proftpd/keys/dhparams.pem ]; then - openssl dhparam -outform PEM -5 nbits >> /etc/proftpd/keys/dhparams.pem -fi diff --git a/rootfs/etc/cont-init.d/03-ssh-keys b/rootfs/etc/cont-init.d/03-ssh-keys deleted file mode 100644 index 20abf54..0000000 --- a/rootfs/etc/cont-init.d/03-ssh-keys +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/with-contenv sh - -if [ ! -f /etc/proftpd/keys/ssh_rsa_key ]; then - ssh-keygen -b 2048 -t rsa -f /etc/proftpd/keys/ssh_rsa_key -q -N "" -fi diff --git a/rootfs/etc/fix-attrs.d/01-data b/rootfs/etc/fix-attrs.d/01-data deleted file mode 100644 index 9ff8fd0..0000000 --- a/rootfs/etc/fix-attrs.d/01-data +++ /dev/null @@ -1 +0,0 @@ -/var/lib/ftp/data/ true proftpd:access 0666 0777 diff --git a/rootfs/etc/s6-overlay/s6-rc.d/proftpd/dependencies b/rootfs/etc/s6-overlay/s6-rc.d/proftpd/dependencies new file mode 100644 index 0000000..64f28ce --- /dev/null +++ b/rootfs/etc/s6-overlay/s6-rc.d/proftpd/dependencies @@ -0,0 +1,2 @@ +confd +static-user diff --git a/rootfs/etc/s6-overlay/s6-rc.d/proftpd/run b/rootfs/etc/s6-overlay/s6-rc.d/proftpd/run new file mode 100644 index 0000000..e493d09 --- /dev/null +++ b/rootfs/etc/s6-overlay/s6-rc.d/proftpd/run @@ -0,0 +1,3 @@ +#!/bin/sh + +exec proftpd --nodaemon diff --git a/rootfs/etc/s6-overlay/s6-rc.d/proftpd/type b/rootfs/etc/s6-overlay/s6-rc.d/proftpd/type new file mode 100644 index 0000000..5883cff --- /dev/null +++ b/rootfs/etc/s6-overlay/s6-rc.d/proftpd/type @@ -0,0 +1 @@ +longrun diff --git a/rootfs/etc/s6-overlay/s6-rc.d/static-user/dependencies b/rootfs/etc/s6-overlay/s6-rc.d/static-user/dependencies new file mode 100644 index 0000000..7ba7514 --- /dev/null +++ b/rootfs/etc/s6-overlay/s6-rc.d/static-user/dependencies @@ -0,0 +1 @@ +confd diff --git a/rootfs/etc/s6-overlay/s6-rc.d/static-user/type b/rootfs/etc/s6-overlay/s6-rc.d/static-user/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/rootfs/etc/s6-overlay/s6-rc.d/static-user/type @@ -0,0 +1 @@ +oneshot diff --git a/rootfs/etc/s6-overlay/s6-rc.d/static-user/up b/rootfs/etc/s6-overlay/s6-rc.d/static-user/up new file mode 100644 index 0000000..d13e8c0 --- /dev/null +++ b/rootfs/etc/s6-overlay/s6-rc.d/static-user/up @@ -0,0 +1 @@ +static-user diff --git a/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/proftpd b/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/proftpd new file mode 100644 index 0000000..e69de29 diff --git a/rootfs/etc/services.d/proftpd/run b/rootfs/etc/services.d/proftpd/run deleted file mode 100644 index baf408e..0000000 --- a/rootfs/etc/services.d/proftpd/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/with-contenv sh - -exec proftpd --nodaemon