Merge pull request #10 from axiom-data-science/upsteam-merges

kwilcox · web-flow · commit 9214129b0543 · 2023-04-11T12:51:00.000-04:00
Updates and cleanup
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -0,0 +1,52 @@
+name: Docker
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+  release:
+    types:
+      - published
+
+jobs:
+  docker:
+
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            axiom/rsync-server
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Docker Hub
+        if: success() && github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/Dockerfile b/Dockerfile
@@ -1,24 +1,23 @@
-FROM debian:buster
-MAINTAINER Kyle Wilcox <kyle@axiomdatascience.com>
+FROM debian:bullseye-slim
+LABEL org.opencontainers.image.authors="Kyle Wilcox <kyle@axds.co>" \
+      org.opencontainers.image.url="https://github.com/axiom-data-science/rsync-server"
 ENV DEBIAN_FRONTEND noninteractive
 ENV LANG C.UTF-8
 ENV NOTVISIBLE "in users profile"
 
 RUN apt-get update && \
-	apt-get install -y openssh-server rsync && \
-	apt-get clean && \
-	rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
-RUN mkdir /var/run/sshd
-RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
-RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
-RUN echo "export VISIBLE=now" >> /etc/profile
+    apt-get install -y --no-install-recommends openssh-server rsync && \
+    apt-get clean && \
+    mkdir /var/run/sshd && \
+    sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && \
+    sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd && \
+    echo "export VISIBLE=now" >> /etc/profile && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 COPY entrypoint.sh /entrypoint.sh
-RUN chmod 744 /entrypoint.sh
 
 EXPOSE 22
 EXPOSE 873
 
-CMD ["rsync_server"]
 ENTRYPOINT ["/entrypoint.sh"]
+CMD ["rsync_server"]
diff --git a/README.md b/README.md
@@ -1,35 +1,35 @@
-## rsync-server
+# rsync-server
 
 A `rsyncd`/`sshd` server in Docker. You know, for moving files.
 
-
-### quickstart
+## Quickstart
 
 Start a server (both `sshd` and `rsyncd` are supported)
 
-```
-$ docker run \
-    --name rsync-server \ # Name it
-    -p 8000:873 \ # rsyncd port
-    -p 9000:22 \ # sshd port
-    -e USERNAME=user \ # rsync username
-    -e PASSWORD=pass \ # rsync/ssh password
-    -v /your/public.key:/root/.ssh/authorized_keys \ # your public key
-    axiom/rsync-server
+```shell
+docker run \
+    --name rsync-server \
+    -p 8000:873 \
+    -p 9000:22 \
+    -e USERNAME=user \
+    -e PASSWORD=pass \
+    -v /your/public.key:/root/.ssh/authorized_keys \
+    axiom/rsync-server:latest
 ```
 
 **Warning** If you are exposing services to the internet be sure to change the default password from `pass` by settings the environmental variable `PASSWORD`.
 
-#### `rsyncd`
+### `rsyncd`
 
 Please note that `/volume` is the `rsync` volume pointing to `/data`. The data
 will be at `/data` in the container. Use the `VOLUME` parameter to change the
 destination path in the container. Even when changing `VOLUME`, you will still
 `rsync` to `/volume`. **It is recommended that you always change the default password of `pass` by setting the `PASSWORD` environmental variable, even if you are using key authentication.**
 
-```
-$ rsync -av /your/folder/ rsync://user@localhost:8000/volume
+```shell
+rsync -av /your/folder/ rsync://user@localhost:8000/volume
 Password: pass
+
 sending incremental file list
 ./
 foo/
@@ -40,15 +40,15 @@ sent 166 bytes  received 39 bytes  136.67 bytes/sec
 total size is 0  speedup is 0.00
 ```
 
-
-#### `sshd`
+### `sshd`
 
 Please note that you are connecting as the `root` and not the user specified in
 the `USERNAME` variable. If you don't supply a key file you will be prompted
 for the `PASSWORD`. **It is recommended that you always change the default password of `pass` by setting the `PASSWORD` environmental variable, even if you are using key authentication.**
 
-```
-$ rsync -av -e "ssh -i /your/private.key -p 9000 -l root" /your/folder/ localhost:/data
+```shell
+rsync -av -e "ssh -i /your/private.key -p 9000 -l root" /your/folder/ localhost:/data
+
 sending incremental file list
 ./
 foo/
@@ -59,90 +59,87 @@ sent 166 bytes  received 31 bytes  131.33 bytes/sec
 total size is 0  speedup is 0.00
 ```
 
-
-### Usage
+## Usage
 
 Variable options (on run)
 
 * `USERNAME` - the `rsync` username. defaults to `user`
 * `PASSWORD` - the `rsync` password. defaults to `pass`
 * `VOLUME`   - the path for `rsync`. defaults to `/data`
-* `ALLOW`    - space separated list of allowed sources. defaults to `192.168.0.0/16 172.16.0.0/12`.
+* `ALLOW`    - space separated list of allowed sources. defaults to `10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 127.0.0.1/32`.
 
+### Simple server on port 873
 
-##### Simple server on port 873
-
-```
-$ docker run -p 873:873 axiom/rsync-server
+```shell
+docker run -p 873:873 axiom/rsync-server:latest
 ```
 
+### Use a volume for the default `/data`
 
-##### Use a volume for the default `/data`
-
-```
-$ docker run -p 873:873 -v /your/folder:/data axiom/rsync-server
+```shell
+docker run -p 873:873 -v /your/folder:/data axiom/rsync-server:latest
 ```
 
-##### Set a username and password
+### Set a username and password
 
-```
-$ docker run \
+```shell
+docker run \
     -p 873:873 \
     -v /your/folder:/data \
     -e USERNAME=admin \
     -e PASSWORD=mysecret \
-    axiom/rsync-server
+    axiom/rsync-server:latest
 ```
 
-##### Run on a custom port
+### Run on a custom port
 
-```
-$ docker run \
+```shell
+docker run \
     -p 9999:873 \
     -v /your/folder:/data \
     -e USERNAME=admin \
     -e PASSWORD=mysecret \
-    axiom/rsync-server
+    axiom/rsync-server:latest
 ```
 
-```
-$ rsync rsync://admin@localhost:9999
+```shell
+rsync rsync://admin@localhost:9999
+
 volume            /data directory
 ```
 
+### Modify the default volume location
 
-##### Modify the default volume location
-
-```
-$ docker run \
+```shell
+docker run \
     -p 9999:873 \
     -v /your/folder:/myvolume \
     -e USERNAME=admin \
     -e PASSWORD=mysecret \
     -e VOLUME=/myvolume \
-    axiom/rsync-server
+    axiom/rsync-server:latest
 ```
 
-```
-$ rsync rsync://admin@localhost:9999
+```shell
+rsync rsync://admin@localhost:9999
+
 volume            /myvolume directory
 ```
 
-##### Allow additional client IPs
+### Allow specific client IPs
 
-```
-$ docker run \
+```shell
+docker run \
     -p 9999:873 \
     -v /your/folder:/myvolume \
     -e USERNAME=admin \
     -e PASSWORD=mysecret \
     -e VOLUME=/myvolume \
-    -e ALLOW=192.168.8.0/24 192.168.24.0/24 172.16.0.0/12 127.0.0.1/32 \
-    axiom/rsync-server
+    -e ALLOW=192.168.24.0/24 \
+    axiom/rsync-server:latest
 ```
 
-
-##### Over SSH
+### Over SSH
 
 If you would like to connect over ssh, you may mount your public key or
 `authorized_keys` file to `/root/.ssh/authorized_keys`.
@@ -155,18 +152,18 @@ destination as you would when using SSH.** On the contrary, when using the
 `rsyncd` daemon, you will always be using `/volume`, which maps to `VOLUME`
 inside of the container.
 
-```
+```shell
 docker run \
     -v /your/folder:/myvolume \
     -e USERNAME=admin \
     -e PASSWORD=mysecret \
     -e VOLUME=/myvolume \
-    -e ALLOW=192.168.8.0/24 192.168.24.0/24 172.16.0.0/12 127.0.0.1/32 \
+    -e ALLOW=10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 127.0.0.1/32 \
     -v /my/authorized_keys:/root/.ssh/authorized_keys \
     -p 9000:22 \
-    axiom/rsync-server
+    axiom/rsync-server:latest
 ```
 
-```
-$ rsync -av -e "ssh -i /your/private.key -p 9000 -l root" /your/folder/ localhost:/data
+```shell
+rsync -av -e "ssh -i /your/private.key -p 9000 -l root" /your/folder/ localhost:/data
 ```
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -3,7 +3,7 @@ set -e
 
 USERNAME=${USERNAME:-user}
 PASSWORD=${PASSWORD:-pass}
-ALLOW=${ALLOW:-192.168.8.0/24 192.168.24.0/24 172.16.0.0/12 127.0.0.1/32}
+ALLOW=${ALLOW:-10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 127.0.0.1/32}
 VOLUME=${VOLUME:-/data}
 
 
@@ -23,7 +23,6 @@ setup_rsyncd(){
 	echo "$USERNAME:$PASSWORD" > /etc/rsyncd.secrets
     chmod 0400 /etc/rsyncd.secrets
 	[ -f /etc/rsyncd.conf ] || cat > /etc/rsyncd.conf <<EOF
-pid file = /var/run/rsyncd.pid
 log file = /dev/stdout
 timeout = 300
 max connections = 10
