[
  {
    "path": ".gitignore",
    "content": "# IntelliJ project files\n.idea\n*.iml\nout\ngen\n"
  },
  {
    "path": "Dockerfile",
    "content": "FROM alpine:3.4\n\nMAINTAINER Carlos Bernárdez \"carlos@z4studios.com\"\n\n# \"--no-cache\" is new in Alpine 3.3 and it avoid using\n# \"--update + rm -rf /var/cache/apk/*\" (to remove cache)\nRUN apk add --no-cache \\\n# openssh=7.2_p2-r1 \\\n  openssh \\\n# git=2.8.3-r0\n  git\n\n# Key generation on the server\nRUN ssh-keygen -A\n\n# SSH autorun\n# RUN rc-update add sshd\n\nWORKDIR /git-server/\n\n# -D flag avoids password generation\n# -s flag changes user's shell\nRUN mkdir /git-server/keys \\\n  && adduser -D -s /usr/bin/git-shell git \\\n  && echo git:12345 | chpasswd \\\n  && mkdir /home/git/.ssh\n\n# This is a login shell for SSH accounts to provide restricted Git access.\n# It permits execution only of server-side Git commands implementing the\n# pull/push functionality, plus custom commands present in a subdirectory\n# named git-shell-commands in the user’s home directory.\n# More info: https://git-scm.com/docs/git-shell\nCOPY git-shell-commands /home/git/git-shell-commands\n\n# sshd_config file is edited for enable access key and disable access password\nCOPY sshd_config /etc/ssh/sshd_config\nCOPY start.sh start.sh\n\nEXPOSE 22\n\nCMD [\"sh\", \"start.sh\"]\n"
  },
  {
    "path": "README.md",
    "content": "# git-server-docker\nA lightweight Git Server Docker image built with Alpine Linux. Available on [GitHub](https://github.com/jkarlosb/git-server-docker) and [Docker Hub](https://hub.docker.com/r/jkarlos/git-server-docker/)\n\n![\"image git server docker\" \"git server docker\"](https://raw.githubusercontent.com/jkarlosb/git-server-docker/master/git-server-docker.jpg)\n\n### Basic Usage\n\nHow to run the container in port 2222 with two volumes: keys volume for public keys and repos volume for git repositories:\n\n\t$ docker run -d -p 2222:22 -v ~/git-server/keys:/git-server/keys -v ~/git-server/repos:/git-server/repos jkarlos/git-server-docker\n\nHow to use a public key:\n\n    Copy them to keys folder: \n\t- From host: $ cp ~/.ssh/id_rsa.pub ~/git-server/keys\n\t- From remote: $ scp ~/.ssh/id_rsa.pub user@host:~/git-server/keys\n\tYou need restart the container when keys are updated:\n\t$ docker restart <container-id>\n\t\nHow to check that container works (you must to have a key):\n\n\t$ ssh git@<ip-docker-server> -p 2222\n\t...\n\tWelcome to git-server-docker!\n\tYou've successfully authenticated, but I do not\n\tprovide interactive shell access.\n\t...\n\nHow to create a new repo:\n\n\t$ cd myrepo\n\t$ git init --shared=true\n\t$ git add .\n\t$ git commit -m \"my first commit\"\n\t$ cd ..\n\t$ git clone --bare myrepo myrepo.git\n\nHow to upload a repo:\n\n\tFrom host:\n\t$ mv myrepo.git ~/git-server/repos\n\tFrom remote:\n\t$ scp -r myrepo.git user@host:~/git-server/repos\n\nHow clone a repository:\n\n\t$ git clone ssh://git@<ip-docker-server>:2222/git-server/repos/myrepo.git\n\n### Arguments\n\n* **Expose ports**: 22\n* **Volumes**:\n * */git-server/keys*: Volume to store the users public keys\n * */git-server/repos*: Volume to store the repositories\n\n### SSH Keys\n\nHow generate a pair keys in client machine:\n\n\t$ ssh-keygen -t rsa\n\nHow upload quickly a public key to host volume:\n\n\t$ scp ~/.ssh/id_rsa.pub user@host:~/git-server/keys\n\n### Build Image\n\nHow to make the image:\n\n\t$ docker build -t git-server-docker .\n\t\n### Docker-Compose\n\nYou can edit docker-compose.yml and run this container with docker-compose:\n\n\t$ docker-compose up -d\n"
  },
  {
    "path": "docker-compose.yml",
    "content": "version: '2'\n\nservices:\n\n  git-server:\n    image: jkarlos/git-server-docker\n    #build: .\n    restart: always\n    container_name: git-server\n    ports:\n      - \"2222:22\"\n    volumes:\n    - ~/git-server/keys:/git-server/keys\n    - ~/git-server/repos:/git-server/repos\n\n"
  },
  {
    "path": "git-shell-commands/no-interactive-login",
    "content": "#!/bin/sh\nprintf '%s\\n' \"Welcome to git-server-docker!\"\nprintf '%s\\n' \"You've successfully authenticated, but I do not\"\nprintf '%s\\n' \"provide interactive shell access.\"\nexit 128\n"
  },
  {
    "path": "sshd_config",
    "content": "#\t$OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $\n\n# This is the sshd server system-wide configuration file.  See\n# sshd_config(5) for more information.\n\n# This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin\n\n# The strategy used for options in the default sshd_config shipped with\n# OpenSSH is to specify options with their default value where\n# possible, but leave them commented.  Uncommented options override the\n# default value.\n\n#Port 22\n#AddressFamily any\n#ListenAddress 0.0.0.0\n#ListenAddress ::\n\n# The default requires explicit activation of protocol 1\n#Protocol 2\n\n# HostKey for protocol version 1\n#HostKey /etc/ssh/ssh_host_key\n# HostKeys for protocol version 2\n#HostKey /etc/ssh/ssh_host_rsa_key\n#HostKey /etc/ssh/ssh_host_dsa_key\n#HostKey /etc/ssh/ssh_host_ecdsa_key\n#HostKey /etc/ssh/ssh_host_ed25519_key\n\n# Lifetime and size of ephemeral version 1 server key\n#KeyRegenerationInterval 1h\n#ServerKeyBits 1024\n\n# Ciphers and keying\n#RekeyLimit default none\n\n# Logging\n# obsoletes QuietMode and FascistLogging\n#SyslogFacility AUTH\n#LogLevel INFO\n\n# Authentication:\n\n#LoginGraceTime 2m\n#PermitRootLogin prohibit-password\n#StrictModes yes\n#MaxAuthTries 6\n#MaxSessions 10\n\nRSAAuthentication yes\nPubkeyAuthentication yes\n\n# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2\n# but this is overridden so installations will only check .ssh/authorized_keys\nAuthorizedKeysFile\t.ssh/authorized_keys\n#AuthorizedKeysFile\t/home/git/.ssh/authorized_keys\n\n#AuthorizedPrincipalsFile none\n\n#AuthorizedKeysCommand none\n#AuthorizedKeysCommandUser nobody\n\n# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts\n#RhostsRSAAuthentication no\n# similar for protocol version 2\n#HostbasedAuthentication no\n# Change to yes if you don't trust ~/.ssh/known_hosts for\n# RhostsRSAAuthentication and HostbasedAuthentication\n#IgnoreUserKnownHosts no\n# Don't read the user's ~/.rhosts and ~/.shosts files\n#IgnoreRhosts yes\n\n# To disable tunneled clear text passwords, change to no here!\nPasswordAuthentication no\n#PermitEmptyPasswords no\n\n# Change to no to disable s/key passwords\n#ChallengeResponseAuthentication yes\n\n# Kerberos options (deprecated)\n#KerberosAuthentication no\n#KerberosOrLocalPasswd yes\n#KerberosTicketCleanup yes\n#KerberosGetAFSToken no\n\n# GSSAPI options (deprecated)\n#GSSAPIAuthentication no\n#GSSAPICleanupCredentials yes\n\n# Set this to 'yes' to enable PAM authentication, account processing,\n# and session processing. If this is enabled, PAM authentication will\n# be allowed through the ChallengeResponseAuthentication and\n# PasswordAuthentication.  Depending on your PAM configuration,\n# PAM authentication via ChallengeResponseAuthentication may bypass\n# the setting of \"PermitRootLogin without-password\".\n# If you just want the PAM account and session checks to run without\n# PAM authentication, then enable this but set PasswordAuthentication\n# and ChallengeResponseAuthentication to 'no'.\n#UsePAM no\n\n#AllowAgentForwarding yes\n#AllowTcpForwarding yes\n#GatewayPorts no\n#X11Forwarding no\n#X11DisplayOffset 10\n#X11UseLocalhost yes\n#PermitTTY yes\n#PrintMotd yes\n#PrintLastLog yes\n#TCPKeepAlive yes\n#UseLogin no\n#UsePrivilegeSeparation sandbox\n#PermitUserEnvironment no\n#Compression delayed\n#ClientAliveInterval 0\n#ClientAliveCountMax 3\n#UseDNS no\n#PidFile /run/sshd.pid\n#MaxStartups 10:30:100\n#PermitTunnel no\n#ChrootDirectory none\n#VersionAddendum none\n\n# no default banner path\n#Banner none\n\n# override default of no subsystems\nSubsystem\tsftp\t/usr/lib/ssh/sftp-server\n\n# the following are HPN related configuration options\n# tcp receive buffer polling. disable in non autotuning kernels\n#TcpRcvBufPoll yes\n\n# disable hpn performance boosts\n#HPNDisabled no\n\n# buffer size for hpn to non-hpn connections\n#HPNBufferSize 2048\n\n\n# Example of overriding settings on a per-user basis\n#Match User anoncvs\n#\tX11Forwarding no\n#\tAllowTcpForwarding no\n#\tPermitTTY no\n#\tForceCommand cvs server\n"
  },
  {
    "path": "start.sh",
    "content": "#!/bin/sh\n\n# If there is some public key in keys folder\n# then it copies its contain in authorized_keys file\nif [ \"$(ls -A /git-server/keys/)\" ]; then\n  cd /home/git\n  cat /git-server/keys/*.pub > .ssh/authorized_keys\n  chown -R git:git .ssh\n  chmod 700 .ssh\n  chmod -R 600 .ssh/*\nfi\n\n# Checking permissions and fixing SGID bit in repos folder\n# More info: https://github.com/jkarlosb/git-server-docker/issues/1\nif [ \"$(ls -A /git-server/repos/)\" ]; then\n  cd /git-server/repos\n  chown -R git:git .\n  chmod -R ug+rwX .\n  find . -type d -exec chmod g+s '{}' +\nfi\n\n# -D flag avoids executing sshd as a daemon\n/usr/sbin/sshd -D\n"
  }
]