From b6d1b81ca40ded7db7f64b13bf1ee57bcfa70f3a Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Sat, 10 Jan 2026 10:42:59 +0200 Subject: Fix git-server non-root deployment - Generate SSH host keys in initContainer with correct ownership - Remove deprecated UsePrivilegeSeparation from sshd_config - Fix NFS repository permissions (UID 1001, GID 33) - Configure git shared repository mode --- f3s/git-server/docker-image/sshd_config | 3 --- f3s/git-server/helm-chart/templates/deployment.yaml | 10 ++++++++-- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'f3s/git-server') diff --git a/f3s/git-server/docker-image/sshd_config b/f3s/git-server/docker-image/sshd_config index 783f31b..1af7b59 100644 --- a/f3s/git-server/docker-image/sshd_config +++ b/f3s/git-server/docker-image/sshd_config @@ -7,9 +7,6 @@ Port 22 AddressFamily any ListenAddress 0.0.0.0 -# Run without privilege separation (required for non-root) -UsePrivilegeSeparation no - # Host Keys HostKey /etc/ssh/ssh_host_ed25519_key HostKey /etc/ssh/ssh_host_rsa_key diff --git a/f3s/git-server/helm-chart/templates/deployment.yaml b/f3s/git-server/helm-chart/templates/deployment.yaml index 759794b..e11d9a9 100644 --- a/f3s/git-server/helm-chart/templates/deployment.yaml +++ b/f3s/git-server/helm-chart/templates/deployment.yaml @@ -24,9 +24,15 @@ spec: - /bin/sh - -c - | - # Setup SSH host keys directory + # Install openssh for key generation + apk add --no-cache openssh + # Setup SSH host keys directory and generate keys mkdir -p /ssh-init - chown -R 0:0 /ssh-init + ssh-keygen -A -f /ssh-init/.. + mv /ssh-init/../etc/ssh/ssh_host_* /ssh-init/ + chown -R 1001:33 /ssh-init + chmod 600 /ssh-init/ssh_host_*_key + chmod 644 /ssh-init/ssh_host_*_key.pub # Setup authorized_keys with correct ownership # The /ssh-git mount point IS the .ssh directory # UID 1001 and GID 33 match the NFS file ownership -- cgit v1.2.3