From ec80048e199f242010f502a47dd02f58972b9348 Mon Sep 17 00:00:00 2001 From: Deon George Date: Thu, 14 Jan 2021 00:45:02 +1100 Subject: [PATCH] Add doorparty and sshd --- Dockerfile | 40 ++++++++++- init | 2 + sshd_config | 133 +++++++++++++++++++++++++++++++++++ supervisord.d/doorparty.conf | 3 + supervisord.d/openssh.conf | 3 + 5 files changed, 180 insertions(+), 1 deletion(-) create mode 100644 sshd_config create mode 100644 supervisord.d/doorparty.conf create mode 100644 supervisord.d/openssh.conf diff --git a/Dockerfile b/Dockerfile index 48162b6..c996dc7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -51,6 +51,43 @@ RUN apt-get update \ && rm -rf /opt/sbbs/repo \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +# Add SSH +RUN apt-get update \ + && apt-get install -yqq openssh-server \ + && apt-get -y autoremove \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Add Doorparty +RUN apt-get update \ + && apt-get install -yqq golang git \ + && cd /tmp && git clone https://github.com/echicken/dpc2 \ + && cd dpc2 && echo -n 'ZGlmZiAtLWdpdCBhL2Rvb3JwYXJ0eS1jb25uZWN0b3IuZ28gYi9kb29ycGFydHktY29ubmVjdG9y\ +LmdvCmluZGV4IDE4NzNhZTUuLjc3NmFhOGUgMTAwNjQ0Ci0tLSBhL2Rvb3JwYXJ0eS1jb25uZWN0\ +b3IuZ28KKysrIGIvZG9vcnBhcnR5LWNvbm5lY3Rvci5nbwpAQCAtMTMyLDcgKzEzMiw3IEBAIGZ1\ +bmMgaW5pdCgpIHsKIAogZnVuYyBtYWluKCkgewogCi0JY2ZnLCBlcnIgOj0gaW5pLkxvYWQoImRv\ +b3JwYXJ0eS1jb25uZWN0b3IuaW5pIikKKwljZmcsIGVyciA6PSBpbmkuTG9hZCgiL29wdC9zYmJz\ +L2N0cmwvZG9vcnBhcnR5LWNvbm5lY3Rvci5pbmkiKQogCWlmIGVyciAhPSBuaWwgewogCQlsb2cu\ +RmF0YWxmKCJFcnJvciByZWFkaW5nIGRvb3JwYXJ0eS1jb25uZWN0b3IuaW5pOiAldiIsIGVycikK\ +IAl9Cg=='|base64 -d |git apply \ + && go get gopkg.in/ini.v1 \ + && go get golang.org/x/crypto/ssh \ + && go build -i doorparty-connector.go \ + && echo -n 'LS0tIC9zcnYvZG9ja2VyL3NiYnMvbW9kcy9kb29ycGFydHkuanMJMjAyMS0wMS0xMyAyMjozNTox\ +Ni4wNzQyNzk2MDggKzExMDAKKysrIC4vc3luY2hyb25ldC9kb29ycGFydHkuanMJMjAyMS0wMS0x\ +MyAyMzoyMjoyMi44MzgwNjU4MzIgKzExMDAKQEAgLTMzLDcgKzMzLDcgQEAKICAgICAoY2ZnLnR1\ +bm5lbF9ob3N0IHx8ICdsb2NhbGhvc3QnKSArICc6JyArIChjZmcudHVubmVsX3BvcnQgfHwgOTk5\ +OSksCiAgICAgZ2V0X3Bhc3N3b3JkKCksIC8vIHBhc3N3b3JkCiAgICAgdXNlci5hbGlhcywKLSAg\ +ICBhcmd2Lmxlbmd0aCA/IGFyZ3ZbMF0gOiB1bmRlZmluZWQKKyAgICBhcmd2Lmxlbmd0aCA/ICd4\ +dHJuPScrYXJndlswXSA6IHVuZGVmaW5lZAogKTsKIAogY29uc29sZS5hdHRyaWJ1dGVzID0gYXR0\ +cjsK'|base64 -d |git apply \ + && mv doorparty-connector synchronet/doorparty.js /opt/sbbs/exec \ + && mv doorparty-connector.ini /opt/sbbs/ctrl.orig \ + && apt-get -y purge golang git \ + && apt-get -y autoremove \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + # Add PHP RUN apt-get update \ && apt-get install -yqq composer php-cgi php-fpm php-gd php-sqlite3 php-xml \ @@ -65,9 +102,10 @@ ENV PATH=$PATH:${SBBSEXEC} COPY start.sh ${SBBSEXEC}/ COPY main.cnf /opt/sbbs/ctrl.orig/ +COPY sshd_config /opt/sbbs/ctrl.orig/ VOLUME [ "/var/lib/zerotier-one" ] -VOLUME [ "/opt/sbbs/data","/opt/sbbs/ctrl","/opt/sbbs/fido","/opt/sbbs/text" ] +VOLUME [ "/opt/sbbs/data","/opt/sbbs/ctrl","/opt/sbbs/fido","/opt/sbbs/mods","/opt/sbbs/text" ] COPY logrotate.d /etc/logrotate.d/ RUN chmod 644 /etc/logrotate.d/* diff --git a/init b/init index ba5b1f1..85a3647 100755 --- a/init +++ b/init @@ -11,6 +11,7 @@ if [ ! -e "${SBBSCTRL}/sbbs.ini" ]; then fi if [ ! -d "${SBBSCTRL}/../nodes/node1" ]; then + [ ! -d "${SBBSCTRL}/../nodes" ] && mkdir ${SBBSCTRL}/../nodes echo "* Installing SBBS nodes files into ${SBBSCTRL}/../nodes" cp -Ra ${SBBSCTRL}/../nodes.orig/* ${SBBSCTRL}/../nodes/ fi @@ -32,5 +33,6 @@ if [ -n "$1" ]; then else # Start Supervisord echo "* Starting supervisord" + mkdir /run/sshd exec /usr/bin/supervisord -nc /etc/supervisor/supervisord.conf fi diff --git a/sshd_config b/sshd_config new file mode 100644 index 0000000..6ab97b6 --- /dev/null +++ b/sshd_config @@ -0,0 +1,133 @@ +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Port 2022 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +PermitRootLogin no +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes +PubkeyAuthentication no + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 + +#AuthorizedPrincipalsFile none +AuthorizedKeysCommand /opt/sbbs/mods/ssh.sh +AuthorizedKeysCommandUser nobody +AuthorizedPrincipalsCommand /opt/sbbs/mods/ssh.sh +AuthorizedPrincipalsCommandUser nobody + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM no + +#AllowAgentForwarding yes +AllowAgentForwarding no +#AllowTcpForwarding yes +AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PermitTTY no +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#ChrootDirectory /tmp +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +#Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server +#DisableForwarding yes +PermitOpen 127.0.0.1:513 diff --git a/supervisord.d/doorparty.conf b/supervisord.d/doorparty.conf new file mode 100644 index 0000000..cdb6fa0 --- /dev/null +++ b/supervisord.d/doorparty.conf @@ -0,0 +1,3 @@ +[program:doorparty] +command=/opt/sbbs/exec/doorparty-connector +stopwaitsecs=60 diff --git a/supervisord.d/openssh.conf b/supervisord.d/openssh.conf new file mode 100644 index 0000000..3ab7d72 --- /dev/null +++ b/supervisord.d/openssh.conf @@ -0,0 +1,3 @@ +[program:openssh] +command=/usr/sbin/sshd -f /opt/sbbs/ctrl/sshd_config -D +stopwaitsecs=60