Merge pull request 'initial working ssh entry' (#4) from ssh_in into master

Reviewed-on: finn/site#4
2024-08-10 02:18:05 +00:00
parent 619ce9b0bd 60280917c6
commit 78384a31fb
6 changed files with 75 additions and 9 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,8 @@
-gitea/
+gitea
 .env
-pmb-pf/
+pmb-pf
 venv
 zapp.db
 db/bu
-tor/hidden_service/
+tor/hidden_service
+sshtun/oilykey
--- a/compose.yaml
+++ b/compose.yaml
@@ -100,8 +100,8 @@ services:
      - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro
      - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro
    ports:
-      - 80:80
-      - 443:443
+      - "80:80"
+      - "443:443"
    depends_on: 
      - backend
    networks:
@@ -135,6 +135,19 @@ services:
    networks:
      - backnet

+  sshtun:
+    build:
+      context: sshtun
+      dockerfile: Dockerfile
+    restart: always
+    ports:
+      - "22222:22"
+    expose:
+      - "11111"
+      - "11112"
+    networks:
+      - frontnet
+
 volumes:
  db-data:
  pmb-root:
--- a/compose.yaml.local
+++ b/compose.yaml.local
@@ -100,8 +100,8 @@ services:
    #  - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro
    #  - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro
    ports:
-      - 80:80
-      - 443:443
+      - "80:80"
+      - "443:443"
    depends_on: 
      - backend
    networks:
@@ -135,6 +135,19 @@ services:
    networks:
      - backnet

+  sshtun:
+    build:
+      context: sshtun
+      dockerfile: Dockerfile
+    restart: always
+    ports:
+      - "22222:22"
+    expose:
+      - "11111"
+      - "11112"
+    networks:
+      - frontnet
+
 volumes:
  db-data:
  pmb-root:
--- a/compose.yaml.prod
+++ b/compose.yaml.prod
@@ -100,8 +100,8 @@ services:
      - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro
      - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro
    ports:
-      - 80:80
-      - 443:443
+      - "80:80"
+      - "443:443"
    depends_on: 
      - backend
    networks:
@@ -135,6 +135,19 @@ services:
    networks:
      - backnet

+  sshtun:
+    build:
+      context: sshtun
+      dockerfile: Dockerfile
+    restart: always
+    ports:
+      - "22222:22"
+    expose:
+      - "11111"
+      - "11112"
+    networks:
+      - frontnet
+
 volumes:
  db-data:
  pmb-root:
--- a/sshtun/Dockerfile
+++ b/sshtun/Dockerfile
@@ -0,0 +1,18 @@
+FROM debian:12-slim
+
+RUN apt update && apt install -y openssh-server socat
+
+RUN adduser --disabled-password --gecos "" finn
+
+RUN mkdir /home/finn/.ssh
+
+# only one pubkey -- wildcard to conceal filename
+COPY ./oilykey/*.pub /home/finn/.ssh/authorized_keys
+
+RUN mkdir /var/run/sshd
+RUN echo "PermitRootLogin no" >> /etc/ssh/sshd_config
+RUN echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
+
+COPY ./entrypoint.sh /
+
+ENTRYPOINT ["/entrypoint.sh"]
--- a/sshtun/entrypoint.sh
+++ b/sshtun/entrypoint.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+# Container goal:
+# autossh -N -R 11111:localhost:11434 -i sshtun/oilykey/<SOMEKEY> -p 22222 <SOMEURL>
+# forwards    rem_c_port:(operator_pc:op_pc_port) ...some args...  rem_host_p rem_host_url 
+
+nohup socat TCP-LISTEN:11112,fork TCP:localhost:11111 &
+/usr/sbin/sshd -D
+