From 1d472b3c80ee9e970089ada38c5c6da2741fd5a0 Mon Sep 17 00:00:00 2001 From: Bernhard Radermacher Date: Mon, 23 Feb 2026 14:14:06 +0100 Subject: [PATCH] wip --- Dockerfile | 22 +++++++++++++++++++++- authorized_keys | 1 + entrypoint.sh | 11 +++++++++++ id_ed25519 | 7 +++++++ 4 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 authorized_keys create mode 100644 entrypoint.sh create mode 100644 id_ed25519 diff --git a/Dockerfile b/Dockerfile index fc5f615..5e8ecbe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,5 +8,25 @@ RUN apt-get update && \ && \ rm -rf /var/lib/apt/lists/* -ENTRYPOINT ["/bin/bash"] +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + openssh-server \ + sudo \ + && \ + rm -rf /var/lib/apt/lists/* && \ + echo "postgres ALL = (ALL) NOPASSWD:ALL" >> /etc/sudoers && \ + echo "X11Forwarding no" >> /etc/ssh/sshd_config && \ + echo "PasswordAuthentication no" >> /etc/ssh/sshd_config && \ + echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config && \ + mkdir -p /var/lib/postgresql/.ssh && \ + chmod 700 /var/lib/postgresql/.ssh && \ + chown postgres: /var/lib/postgresql/.ssh && \ + chmod g-w,o-w /var/lib/postgresql + +COPY --chmod=600 --chown=postgres authorized_keys id_ed25519 /var/lib/postgresql/.ssh/ + +COPY --chmod=755 entrypoint.sh /usr/local/bin/ + +ENTRYPOINT ["entrypoint.sh"] + diff --git a/authorized_keys b/authorized_keys new file mode 100644 index 0000000..8f1fa7f --- /dev/null +++ b/authorized_keys @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILfsb4w8ZYhu/A1HFR/e59WpbKxejE8DkbdCpj6y/mbO postgres docker swarm \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..9a3faf6 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +set -Eeo pipefail + +sudo service ssh start + +while true +do + echo "$(date)" + sleep 3600 +done diff --git a/id_ed25519 b/id_ed25519 new file mode 100644 index 0000000..2f40cc8 --- /dev/null +++ b/id_ed25519 @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACC37G+MPGWIbvwNRxUf3ufVqWysXoxPA5G3QqY+sv5mzgAAAJgP2LF4D9ix +eAAAAAtzc2gtZWQyNTUxOQAAACC37G+MPGWIbvwNRxUf3ufVqWysXoxPA5G3QqY+sv5mzg +AAAEBhVUtZmAbot+VXJpY/IueHrCQeTDgClUTCepMJa1mqZbfsb4w8ZYhu/A1HFR/e59Wp +bKxejE8DkbdCpj6y/mbOAAAAFXBvc3RncmVzIGRvY2tlciBzd2FybQ== +-----END OPENSSH PRIVATE KEY-----