From 3cb0dac47e6a315ca9d3bc04a0ee387c429979eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christer=20War=C3=A9n?= Date: Sat, 21 Jun 2025 02:56:13 +0300 Subject: [PATCH] Update --- files/minecraft/.dockerignore | 1 + files/minecraft/Dockerfile | 4 +++ files/ssh/.dockerignore | 1 + files/ssh/Dockerfile | 15 ++++++++++ files/ssh/entrypoint.sh | 18 +++++++++++ files/ssh/keys/authorized_keys | 2 ++ files/ssh/sshd_config | 24 +++++++++++++++ tasks/deployer.yml | 55 ++++++++++++++++++++++++++++++++++ 8 files changed, 120 insertions(+) create mode 100644 files/minecraft/.dockerignore create mode 100644 files/minecraft/Dockerfile create mode 100644 files/ssh/.dockerignore create mode 100644 files/ssh/Dockerfile create mode 100644 files/ssh/entrypoint.sh create mode 100644 files/ssh/keys/authorized_keys create mode 100644 files/ssh/sshd_config diff --git a/files/minecraft/.dockerignore b/files/minecraft/.dockerignore new file mode 100644 index 0000000..72e8ffc --- /dev/null +++ b/files/minecraft/.dockerignore @@ -0,0 +1 @@ +* diff --git a/files/minecraft/Dockerfile b/files/minecraft/Dockerfile new file mode 100644 index 0000000..5ec8322 --- /dev/null +++ b/files/minecraft/Dockerfile @@ -0,0 +1,4 @@ +FROM docker.io/library/openjdk:21 +WORKDIR /usr/src/app + +RUN microdnf install git diff --git a/files/ssh/.dockerignore b/files/ssh/.dockerignore new file mode 100644 index 0000000..0bdfd49 --- /dev/null +++ b/files/ssh/.dockerignore @@ -0,0 +1 @@ +keys diff --git a/files/ssh/Dockerfile b/files/ssh/Dockerfile new file mode 100644 index 0000000..72a0cfa --- /dev/null +++ b/files/ssh/Dockerfile @@ -0,0 +1,15 @@ +FROM docker.io/library/debian + +RUN apt update && \ + apt install -y openssh-server rsync git + +RUN rm -rf /etc/ssh/ssh_host* && \ + mkdir -p /run/sshd + +COPY entrypoint.sh / + +RUN chmod +x entrypoint.sh + +COPY sshd_config /etc/ssh/sshd_config + +CMD ./entrypoint.sh diff --git a/files/ssh/entrypoint.sh b/files/ssh/entrypoint.sh new file mode 100644 index 0000000..312ea52 --- /dev/null +++ b/files/ssh/entrypoint.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +if [[ ! -f /etc/ssh/keys/ssh_host_rsa_key ]] +then + ssh-keygen -b 4096 -f /etc/ssh/keys/ssh_host_rsa_key -t rsa -N "" +fi +if [[ ! -f /etc/ssh/keys/ssh_host_ed25519_key ]] +then + ssh-keygen -b 4096 -f /etc/ssh/keys/ssh_host_ed25519_key -t ed25519 -N "" +fi +if [[ ! -f /etc/ssh/keys/authorized_keys ]] +then + touch /etc/ssh/keys/authorized_keys +fi + +cat /etc/ssh/keys/authorized_keys > ~/.ssh/authorized_keys + +/usr/sbin/sshd -D diff --git a/files/ssh/keys/authorized_keys b/files/ssh/keys/authorized_keys new file mode 100644 index 0000000..dc0727d --- /dev/null +++ b/files/ssh/keys/authorized_keys @@ -0,0 +1,2 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW5phGhwAG8dmT+sR0uF1gRc0X9xXZiiFxvKUEsPk1N cwchristerw +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC38o1SJu8FRWwGHU9AejwgRRDDV/VEDAyBXvYlEXxyqqNsFWQ42ZYjCRBEprSbvD3sJT65NNdqH+Uv6iV2PBS8+TDQ2oQif+0Ta7hP6V0oOqpOO9/ZAGYFnVs3Mu42/Ya1Lqim1C82ylW63Cmw4GyctkY2+lIaSpP1CpLvFuVR9U0f+AXjpzuy4VXZVKRXs75YGbYkyOoIQ/NZa9ZRcMa19j7Mm2QWDyjlk2i9/GVC/8riJ4MwI1kwiUe+4LFKssghgTsRHjBm5bpgUgEPF+nnNGX0p6RArbaYxd/vLoGWHoO8k4UoElLQERlm8dnXF6yrJkltGBlFjS4o9XANYNEuP23JVROm2ucPmFfH4xVQCRPE/32fQjHRSZUK5W/qO3bNsxCjYhsB6GZWohtktGxnySZBq3I2ziNKr7CwMECUbeew3QxwOC1jmF88k8uR7yCLBEej8hJ2bCwzMYWSdjO/uvqPkQ0GsEj5LkLHc9cfJXHEXTa1Rh8bv2SVCPp5K98= matte diff --git a/files/ssh/sshd_config b/files/ssh/sshd_config new file mode 100644 index 0000000..8560061 --- /dev/null +++ b/files/ssh/sshd_config @@ -0,0 +1,24 @@ +Port 25590 +HostKey /etc/ssh/keys/ssh_host_rsa_key +HostKey /etc/ssh/keys/ssh_host_ed25519_key +SyslogFacility AUTHPRIV +LogLevel VERBOSE +PermitRootLogin prohibit-password +MaxAuthTries 2 +PubkeyAuthentication yes +AuthorizedKeysFile .ssh/authorized_keys +PermitEmptyPasswords no +PasswordAuthentication no +ChallengeResponseAuthentication no +UsePAM yes +AllowAgentForwarding no +AllowTcpForwarding yes +X11Forwarding no +TCPKeepAlive yes +Compression no +ClientAliveCountMax 2 +UseDNS no +PermitTunnel yes +PermitOpen localhost:27017 +PrintMotd no +Subsystem sftp /usr/lib/openssh/sftp-server diff --git a/tasks/deployer.yml b/tasks/deployer.yml index 13e83cb..7acbde0 100644 --- a/tasks/deployer.yml +++ b/tasks/deployer.yml @@ -32,3 +32,58 @@ tags: - certbot - tls + +# - name: "Deployer - Minecraft - Build Image" +# containers.podman.podman_image: +# name: arcadiamc/openjdk +# tag: latest +# path: "{{ ansible_facts.user_dir }}/data/minecraft" +# build: +# file: Dockerfile +# format: docker +# cache: off +# force: on +# tags: +# - minecraft + +# - name: "Deployer - Minecraft - Create Container" +# containers.podman.podman_container: +# name: minecraft +# image: "arcadiamc/openjdk:latest" +# state: started +# recreate: on +# network: host +# volumes: +# - "{{ ansible_facts.user_dir }}/data/minecraft:/usr/src/app" +# workdir: /usr/src/app +# command: "java -Xms1G -Xmx8G -jar paper-1.21.4-232.jar" +# restart_policy: unless-stopped +# tags: +# - minecraft + +# - name: "Deployer - SSH - Build Image" +# containers.podman.podman_image: +# name: matte/ssh +# tag: latest +# path: "{{ ansible_facts.user_dir }}/data/ssh" +# build: +# file: Dockerfile +# format: docker +# cache: off +# force: on +# tags: +# - ssh + +# - name: "Deployer - SSH - Create Container" +# containers.podman.podman_container: +# name: ssh +# image: "matte/ssh:latest" +# state: started +# recreate: on +# network: host +# volumes: +# - "{{ ansible_facts.user_dir }}/data:/root/data" +# - "{{ ansible_facts.user_dir }}/data/ssh/keys:/etc/ssh/keys" +# restart_policy: unless-stopped +# tags: +# - ssh