From a7562774070e271adb1af3dfd62f1a8eb7116db2 Mon Sep 17 00:00:00 2001
From: Thor Harald Johansen <thj@thj.no>
Date: Thu, 21 May 2020 18:12:32 +0200
Subject: [PATCH] Initial commit

---
 README.md         | 28 ++++++++++++++++++++++++++++
 passthru          |  7 +++++++
 watchkeys         | 16 ++++++++++++++++
 watchkeys.service | 11 +++++++++++
 4 files changed, 62 insertions(+)
 create mode 100644 README.md
 create mode 100755 passthru
 create mode 100755 watchkeys
 create mode 100644 watchkeys.service

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e9f6887
--- /dev/null
+++ b/README.md
@@ -0,0 +1,28 @@
+# Gitea passthru scripts for Docker
+
+The Docker image for Gitea instructs you to place a passthru script
+at `/app/app/gitea` on the host. If you don't like having files in
+odd locations on your host system, this isn't a great solution.
+
+## passthru
+
+This is a slightly modified version of the passthru script from the
+Docker image documentation. Since `passthru` lives in your project
+directory now, and the original script passes `$0` as the executable
+to run in the Docker image, it has been modified to always pass
+`/app/gitea/gitea` instead.
+
+## watchkeys
+
+This Bash scripts runs as a daemon on your host and watches the
+Gitea `git/.ssh` folder for changes to `authorized_keys`, which it
+reads and modifies to point all the `command` directives at
+the passthrough script instead of `/app/gitea/gitea` and then
+writes to `.ssh/authorized_keys` in the Docker project folder,
+which you will have configured as the home directory for your
+`git` account.
+
+## watchkeys.service
+
+This is the `systemd` configuration file that launches the daemon.
+Modify to taste and create a symlink to it in `/lib/systemd/system`.
diff --git a/passthru b/passthru
new file mode 100755
index 0000000..fa9b624
--- /dev/null
+++ b/passthru
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Gitea SSH server as exposed to host
+CONTAINER_SSH_HOST=127.0.0.1
+CONTAINER_SSH_PORT=3001
+
+ssh -p $CONTAINER_SSH_PORT -o StrictHostKeyChecking=no git@$CONTAINER_SSH_HOST "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" /app/gitea/gitea $@"
diff --git a/watchkeys b/watchkeys
new file mode 100755
index 0000000..b9817ec
--- /dev/null
+++ b/watchkeys
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Path to home directory of 'git' user on host
+GIT_HOME=$HOME
+
+# Path to Gitea '.ssh' directory mounted on host
+GITEA_HOME=$GIT_HOME/data/git
+
+# Path to 'passthru' script on host
+PASSTHRU_SCRIPT=$GIT_HOME/passthru
+
+while read file; do
+    if [ "$file" == "authorized_keys" ]; then
+        sed "s#/app/gitea/gitea#$PASSTHRU_SCRIPT#g" $GITEA_HOME/.ssh/authorized_keys >$GIT_HOME/.ssh/authorized_keys
+    fi
+done < <(exec inotifywait -mq -e close_write --format %f $GITEA_HOME/.ssh)
diff --git a/watchkeys.service b/watchkeys.service
new file mode 100644
index 0000000..48a9857
--- /dev/null
+++ b/watchkeys.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Gitea Authorized Keys Watcher
+
+[Service]
+Type=simple
+User=git
+Group=git
+ExecStart=/var/local/docker/gitea/watchkeys
+
+[Install]
+WantedBy=multi-user.target