add new docker based sync example

whawty · Oct 22, 2023 · 61550f4 · 61550f4
1 parent b02ccfe
commit 61550f4
Show file tree

Hide file tree

Showing 11 changed files with 93 additions and 5 deletions.
diff --git a/contrib/sync/Dockerfile b/contrib/sync/Dockerfile
@@ -1,6 +1,8 @@
-FROM golang:1.21 as builder
-ARG GOKR_RSYNC_VERSION=0.1.0
-RUN CGO_ENABLED=0 go install github.com/gokrazy/rsync/cmd/gokr-rsync@v${GOKR_RSYNC_VERSION} github.com/gokrazy/rsync/cmd/gokr-rsyncd@v${GOKR_RSYNC_VERSION}
+FROM alpine
 
-FROM scratch
-COPY --from=builder /go/bin/ /
+RUN set -x\
+    && apk add --no-cache tini openssh-server openssh-client rsync nss_wrapper
+
+COPY entrypoint.sh /
+
+ENTRYPOINT ["/sbin/tini", "--", "/entrypoint.sh"]
diff --git a/contrib/sync/client/config/group b/contrib/sync/client/config/group
@@ -0,0 +1 @@
+sync:x:1000:
diff --git a/contrib/sync/client/config/passwd b/contrib/sync/client/config/passwd
@@ -0,0 +1 @@
+sync:x:1000:1000::/home:/bin/sh
diff --git a/contrib/sync/client/config/ssh_config b/contrib/sync/client/config/ssh_config
@@ -0,0 +1,10 @@
+Host whawty-auth-master
+    Hostname 192.0.2.1
+    Port 1234
+    User sync
+    IdentityFile /config/id_ed25519
+    IdentitiesOnly yes
+    UserKnownHostsFile /config/known_hosts
+    ControlMaster auto
+    ControlPath /run/ssh-master/whawty-auth-master
+    ControlPersist 300
diff --git a/contrib/sync/client/run.sh b/contrib/sync/client/run.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+BASE_D=$(realpath "${BASH_SOURCE%/*}")
+exec docker run -it --rm -u 1000:1000 -v "$BASE_D/store:/store" -v "$BASE_D/config:/config:ro" --mount type=tmpfs,destination=/run/ssh-master  whawty-auth/sync client 5
diff --git a/contrib/sync/entrypoint.sh b/contrib/sync/entrypoint.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+MODE=$1
+CLIENT_SLEEP=$2
+if [ -z "$MODE" ]; then
+  MODE="server"
+fi
+if [ -z "$CLIENT_SLEEP" ]; then
+  CLIENT_SLEEP=60
+fi
+
+export LD_PRELOAD=libnss_wrapper.so
+export NSS_WRAPPER_PASSWD=/config/passwd
+export NSS_WRAPPER_GROUP=/config/group
+
+case "$MODE" in
+  server)
+    exec /usr/sbin/sshd -D -e -f /config/sshd_config
+    ;;
+  client)
+    while
+     /usr/bin/rsync -rtpW --delete --delete-delay --delay-updates --partial-dir=.tmp -e 'ssh -F /config/ssh_config' 'rsync://whawty-auth-master/store' '/store' || /bin/true
+    do sleep "$CLIENT_SLEEP"; done
+    ;;
+  *)
+    echo "unknown mode $MODE, must be server or client"
+    ;;
+esac
+
+return 1
diff --git a/contrib/sync/server/config/group b/contrib/sync/server/config/group
@@ -0,0 +1 @@
+sync:x:1000:
diff --git a/contrib/sync/server/config/passwd b/contrib/sync/server/config/passwd
@@ -0,0 +1 @@
+sync:x:1000:1000::/home:/bin/sh
diff --git a/contrib/sync/server/config/rsyncd.conf b/contrib/sync/server/config/rsyncd.conf
@@ -0,0 +1,5 @@
+[store]
+  path = /store
+  comment = whawty auth store
+  read only = yes
+  use chroot = no
diff --git a/contrib/sync/server/config/sshd_config b/contrib/sync/server/config/sshd_config
@@ -0,0 +1,29 @@
+Port 1234
+ListenAddress 0.0.0.0
+ListenAddress ::
+
+HostKey /config/ssh_host_ed25519_key
+PidFile none
+
+PermitRootLogin no
+PubkeyAuthentication yes
+
+HostbasedAuthentication no
+PasswordAuthentication no
+PermitEmptyPasswords no
+KbdInteractiveAuthentication no
+
+AllowAgentForwarding no
+AllowTcpForwarding no
+GatewayPorts no
+X11Forwarding no
+PermitTTY no
+UseDNS no
+PermitTunnel no
+AllowStreamLocalForwarding no
+AllowTcpForwarding no
+
+ForceCommand /usr/bin/rsync --server --daemon --config /config/rsyncd.conf .
+
+AllowUsers sync
+AuthorizedKeysFile /config/authorized_keys
diff --git a/contrib/sync/server/run.sh b/contrib/sync/server/run.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+BASE_D=$(realpath "${BASH_SOURCE%/*}")
+exec docker run -it --rm -p 4022:4022 -u 1000:1000 -v "$BASE_D/store:/store:ro" -v "$BASE_D/config:/config:ro" whawty-auth/sync server