From 57b20df159d943d2f4821d81d01050d1096e1698 Mon Sep 17 00:00:00 2001 From: "Bastian (BaM)" Date: Sun, 14 Sep 2025 13:13:43 +0200 Subject: [PATCH] Add OpenSSH client installation and SSH key handling in Dockerfile --- Dockerfile | 16 ++++++- scripts/auto-boot-ollama-host.lua | 74 +++++++++++++++---------------- 2 files changed, 52 insertions(+), 38 deletions(-) diff --git a/Dockerfile b/Dockerfile index 576b299..ff65b7f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,21 @@ FROM alpine:3.20 # Install minimal tooling RUN apk add --no-cache \ --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing wol \ - && apk add --no-cache bash curl ca-certificates docker-cli lua5.4 lua5.4-socket + && apk add --no-cache bash curl ca-certificates docker-cli lua5.4 lua5.4-socket openssh-client + +# Create the ssh directory +RUN mkdir -p /root/.ssh && chmod 700 /root/.ssh + +# ssh-add ssh key from env var but do not keep env var around +ARG SSH_PRIVATE_KEY +ARG SSH_PUBLIC_KEY +RUN echo "$SSH_PRIVATE_KEY" > /root/.ssh/id_rsa && \ + echo "$SSH_PUBLIC_KEY" > /root/.ssh/id_rsa.pub && \ + chmod 600 /root/.ssh/id_rsa && \ + chmod 644 /root/.ssh/id_rsa.pub && \ + unset SSH_PRIVATE_KEY && unset SSH_PUBLIC_KEY +RUN ssh-keyscan -H $OLLAMA_HOST >> /root/.ssh/known_hosts +RUN chmod 600 /root/.ssh/known_hosts # Copy script WORKDIR /app diff --git a/scripts/auto-boot-ollama-host.lua b/scripts/auto-boot-ollama-host.lua index 686b97c..dd1545c 100644 --- a/scripts/auto-boot-ollama-host.lua +++ b/scripts/auto-boot-ollama-host.lua @@ -76,45 +76,45 @@ end -- return false -- end -local function createSSHKeyFilesFromEnv() - if SSH_PRIVATE_KEY == "" or SSH_PUBLIC_KEY == "" then - log("SSH_PRIVATE_KEY or SSH_PUBLIC_KEY env var is empty, skipping SSH key file creation.") - return - end - - -- Ensure .ssh directory exists - local ssh_dir = SSH_IDENTITY_FILE:match("^(.*)/[^/]+$") - if ssh_dir then - os.execute(("mkdir -p %q && chmod 700 %q"):format(ssh_dir, ssh_dir)) - end - - local priv_fh = io.open(SSH_IDENTITY_FILE, "w") - if not priv_fh then - log("Failed to open SSH identity file for writing: " .. SSH_IDENTITY_FILE) - return - end - priv_fh:write(SSH_PRIVATE_KEY) - priv_fh:close() - os.execute(("chmod 600 %q"):format(SSH_IDENTITY_FILE)) - log("Wrote SSH private key to " .. SSH_IDENTITY_FILE) - - local pub_fh = io.open(SSH_IDENTITY_FILE .. ".pub", "w") - if not pub_fh then - log("Failed to open SSH public key file for writing: " .. SSH_IDENTITY_FILE .. ".pub") - return - end - pub_fh:write(SSH_PUBLIC_KEY) - pub_fh:close() - os.execute(("chmod 644 %q"):format(SSH_IDENTITY_FILE .. ".pub")) - log("Wrote SSH public key to " .. SSH_IDENTITY_FILE .. ".pub") - - -- Unset the env vars for security - os.setenv("SSH_PRIVATE_KEY", "") - os.setenv("SSH_PUBLIC_KEY", "") -end +--local function createSSHKeyFilesFromEnv() +-- if SSH_PRIVATE_KEY == "" or SSH_PUBLIC_KEY == "" then +-- log("SSH_PRIVATE_KEY or SSH_PUBLIC_KEY env var is empty, skipping SSH key file creation.") +-- return +-- end +-- +-- -- Ensure .ssh directory exists +-- local ssh_dir = SSH_IDENTITY_FILE:match("^(.*)/[^/]+$") +-- if ssh_dir then +-- os.execute(("mkdir -p %q && chmod 700 %q"):format(ssh_dir, ssh_dir)) +-- end +-- +-- local priv_fh = io.open(SSH_IDENTITY_FILE, "w") +-- if not priv_fh then +-- log("Failed to open SSH identity file for writing: " .. SSH_IDENTITY_FILE) +-- return +-- end +-- priv_fh:write(SSH_PRIVATE_KEY) +-- priv_fh:close() +-- os.execute(("chmod 600 %q"):format(SSH_IDENTITY_FILE)) +-- log("Wrote SSH private key to " .. SSH_IDENTITY_FILE) +-- +-- local pub_fh = io.open(SSH_IDENTITY_FILE .. ".pub", "w") +-- if not pub_fh then +-- log("Failed to open SSH public key file for writing: " .. SSH_IDENTITY_FILE .. ".pub") +-- return +-- end +-- pub_fh:write(SSH_PUBLIC_KEY) +-- pub_fh:close() +-- os.execute(("chmod 644 %q"):format(SSH_IDENTITY_FILE .. ".pub")) +-- log("Wrote SSH public key to " .. SSH_IDENTITY_FILE .. ".pub") +-- +-- -- Unset the env vars for security +-- os.setenv("SSH_PRIVATE_KEY", "") +-- os.setenv("SSH_PUBLIC_KEY", "") +--end local function main() - createSSHKeyFilesFromEnv() + -- createSSHKeyFilesFromEnv() log(("Watching container='%s' since='%s'"):format(CONTAINER_NAME, SINCE)) log(("Looking for pattern: %q"):format(ERROR_PATTERN))