From 856af9ac9e42a088ca65e70026ad7390f00fe8d4 Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Fri, 9 Jan 2026 11:16:18 +0200
Subject: Run containers as root and use emptyDir for writeable dirs

- Mount emptyDir for /etc/ssh to allow SSH host key generation
- Mount emptyDir for /var/cache/cgit to allow cache initialization
- Run both containers as root with proper capabilities
- Copy sshd_config at runtime from /tmp to /etc/ssh
- Add imagePullPolicy: Always to force image refresh
---
 f3s/git-server/docker-image/Dockerfile | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'f3s/git-server/docker-image')

diff --git a/f3s/git-server/docker-image/Dockerfile b/f3s/git-server/docker-image/Dockerfile
index 574a94b..f721fab 100644
--- a/f3s/git-server/docker-image/Dockerfile
+++ b/f3s/git-server/docker-image/Dockerfile
@@ -9,11 +9,16 @@ RUN adduser -D -u 1000 -s /usr/bin/git-shell git && \
     mkdir -p /home/git/.ssh /repos && \
     chown -R git:git /home/git /repos
 
-# Copy sshd configuration
-COPY sshd_config /etc/ssh/sshd_config
+# Copy sshd configuration to /tmp (will be copied to /etc/ssh by entrypoint)
+COPY sshd_config /tmp/sshd_config
 
-# Create entrypoint script to generate host keys at runtime
+# Create entrypoint script to setup SSH and run sshd
 RUN echo '#!/bin/sh' > /entrypoint.sh && \
+    echo '# Copy sshd_config if not exists' >> /entrypoint.sh && \
+    echo 'if [ ! -f /etc/ssh/sshd_config ]; then' >> /entrypoint.sh && \
+    echo '  cp /tmp/sshd_config /etc/ssh/sshd_config' >> /entrypoint.sh && \
+    echo 'fi' >> /entrypoint.sh && \
+    echo '# Generate host keys if not exists' >> /entrypoint.sh && \
     echo 'if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then' >> /entrypoint.sh && \
     echo '  ssh-keygen -A' >> /entrypoint.sh && \
     echo 'fi' >> /entrypoint.sh && \
-- 
cgit v1.2.3