chore: Docker chores

.github/workflows/dockerhub_promote_to_latest.yaml

@@ -8,6 +8,10 @@ permissions: # added using https://github.com/step-security/secure-workflows
 
 jobs:
   docker:
+    strategy:
+      matrix:
+        include:
+          - name: [sshnpd, activate_sshnpd]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -25,4 +29,4 @@ jobs:
       - name: Get version
         run: echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
       - name: Promote image to latest
-        run: docker buildx imagetools create -t atsigncompany/sshnpd:latest atsigncompany/sshnpd:release-${{ env.VERSION }}
+        run: docker buildx imagetools create -t atsigncompany/${{ matrix.name }}:latest atsigncompany/${{ matrix.name }}:release-${{ env.VERSION }}

.github/workflows/dockerhub_sshnpd.yml

@@ -4,42 +4,44 @@ on:
   workflow_dispatch:
   push:
     tags:
-      - 'v*.*.*'
+      - "v*.*.*"
 
-permissions:  # added using https://github.com/step-security/secure-workflows
+permissions: # added using https://github.com/step-security/secure-workflows
   contents: read
 
 jobs:
   docker:
+    strategy:
+      matrix:
+        include:
+          - name: sshnpd
+            dockerfile: ./packages/sshnoports/templates/docker/Dockerfile
+          - name: activate_sshnpd
+            dockerfile: ./packages/sshnoports/templates/docker/Dockerfile.activate
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Checkout
+      - name: Checkout
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      -
-        name: Set up QEMU
+      - name: Set up QEMU
         uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
-      -
-        name: Set up Docker Buildx
+      - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1
-      -
-        name: Login to Docker Hub
+      - name: Login to Docker Hub
         uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
- # Extract version for docker tag
-      -
-        name: Get version
+      # Extract version for docker tag
+      - name: Get version
         run: echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
-      -
-        name: Build and push
+      - name: Build and push
         uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1
         with:
           context: ./packages/sshnoports
+          file: ${{ matrix.dockerfile }}
           platforms: linux/amd64,linux/arm64,linux/arm/v7
           push: true
           provenance: false
           tags: |
-            atsigncompany/sshnpd:${{ env.VERSION }}
-            atsigncompany/sshnpd:release-${{ env.VERSION }}
+            atsigncompany/${{ matrix.name }}:${{ env.VERSION }}
+            atsigncompany/${{ matrix.name }}:release-${{ env.VERSION }}

.github/workflows/end2end_tests.yaml

@@ -264,16 +264,15 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
-      max-parallel: 1
       matrix:
         # Leave these empty to avoid unwanted intellisense warnings
-        np: ["local"]
-        npd: ["v3.2.0"]
         rvd: [""]
         rvd_atsign: [""]
-        wait: [""]
-
         include:
+          - np: local
+            npd: v3.2.0
+            wait: 300
+
           - np: v3.2.0
             npd: local
     steps:

.github/workflows/multibuild.yaml

@@ -62,7 +62,7 @@ jobs:
       - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
       - uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1
       - run: |
-          docker buildx build -t atsigncompany/sshnptarball -f Dockerfile.package \
+          docker buildx build -t atsigncompany/sshnptarball -f tools/Dockerfile.package \
           --platform ${{ matrix.platform }} -o type=tar,dest=bins.tar .
       - run: mkdir tarballs
       - run: tar -xvf bins.tar -C tarballs

packages/sshnoports/README.md

@@ -37,7 +37,7 @@ a device atSign and a manager atSign, but each device can also have a unique
 device name using the --device argument.
 
 Once in place you can start up the daemon first on the remote device.
-Remember to start the daemon on start up using rc.local script or similar, examples can be found in the scripts directory in this repo and in the release tar files.
+Remember to start the daemon on start up using rc.local script or similar, examples can be found in the templates directory in this package and in the release tar files.
 The daemon machine has to be running sshd even if only listening on localhost on an open port.
 
 `sshnpd.sh` : bash script
@@ -107,7 +107,7 @@ to see the logs (-v).
 The daemon can also be deployed as part of a pre-built docker container,
 that also has a number of networking tools installed. The container image
 is located on Dockerhub as `atsigncompany/sshnpd:latest` or you can build
-your own using the Dockerfile in the root of the project.
+your own using the [Dockerfile](templates/docker/Dockerfile) in the templates folder.
 
 The image expects to have the atKeys for the atSign being used in the
 `/atsign/.atsign/keys` directory, this can be mounted as a volume at startup

packages/sshnoports/templates/docker/.env.template

@@ -0,0 +1,15 @@
+# Name the docker compose project (if you want)
+# COMPOSE_PROJECT_NAME=
+
+# SSHNPD ATSIGN
+TO=
+
+# SSHNPD ATSIGN CRAM KEY FOR ACTIVATION
+# from my.atsign.com under the advanced settings for your atSign
+TO_CRAM=
+
+# SSHNPD DEVICE NAME
+DEVICE=
+
+# SSHNP ATSIGN
+FROM=

packages/sshnoports/templates/docker/.gitignore

@@ -0,0 +1 @@
+.env

packages/sshnoports/.startup.sh → packages/sshnoports/templates/docker/.startup.sh

@@ -1,8 +1,5 @@
 #!/bin/bash
 ssh-keygen -A
+ls /atsign/.atsign/keys
 /usr/sbin/sshd -D -o "ListenAddress 127.0.0.1" -o "PasswordAuthentication no"  &
-while true
-do
 sudo -u atsign /usr/local/at/sshnpd "$@"
-sleep 3
-done

packages/sshnoports/templates/docker/Dockerfile

@@ -0,0 +1,41 @@
+FROM dart:3.0.7@sha256:3e69d201d73960f8a7e6fb0ee7467ade1495659676a7c09353a39fdb77852b97 AS buildimage
+ENV BINARYDIR=/usr/local/at
+SHELL ["/bin/bash", "-c"]
+WORKDIR /app
+COPY . .
+RUN \
+  set -eux ; \
+  mkdir -p ${BINARYDIR} ; \
+  dart pub get ; \
+  dart pub update ; \
+  dart compile exe bin/sshnpd.dart -o ${BINARYDIR}/sshnpd ; \
+  dart compile exe bin/sshrv.dart -o ${BINARYDIR}/sshrv
+
+# Second stage of build FROM debian-slim
+FROM debian:stable-20230814-slim@sha256:6fe30b9cb71d604a872557be086c74f95451fecd939d72afe3cffca3d9e60607
+ENV USER=atsign
+ENV HOMEDIR=/${USER}
+ENV BINARYDIR=/usr/local/at
+ENV USER_ID=1024
+ENV GROUP_ID=1024
+
+COPY --from=buildimage /app/templates/docker/.startup.sh ${HOMEDIR}/
+RUN \
+  set -eux ; \
+  apt-get update ; \
+  apt-get install -y openssh-server sudo iputils-ping iproute2 ncat telnet net-tools nmap iperf3 tmux traceroute vim ; \
+  addgroup --gid ${GROUP_ID} ${USER} ; \
+  useradd --system --uid ${USER_ID} --gid ${GROUP_ID} --shell /bin/bash --home ${HOMEDIR} ${USER} ; \
+  mkdir -p ${HOMEDIR}/.atsign/keys ; \
+  mkdir -p ${HOMEDIR}/.ssh ; \
+  touch ${HOMEDIR}/.ssh/authorized_keys ; \
+  chown -R ${USER}:${USER} ${HOMEDIR} ; \
+  chmod 600 ${HOMEDIR}/.ssh/authorized_keys ; \
+  usermod -aG sudo ${USER} ; \
+  mkdir /run/sshd ; \
+  chmod 755 /${USER}/.startup.sh
+
+COPY --from=buildimage --chown=${USER}:${USER} /usr/local/at/sshnpd /usr/local/at/
+COPY --from=buildimage --chown=${USER}:${USER} /usr/local/at/sshrv /usr/local/at/
+WORKDIR ${HOMEDIR}
+ENTRYPOINT ["/atsign/.startup.sh"]

packages/sshnoports/templates/docker/Dockerfile.activate

@@ -0,0 +1,35 @@
+FROM dart:3.0.7@sha256:3e69d201d73960f8a7e6fb0ee7467ade1495659676a7c09353a39fdb77852b97 AS buildimage
+ENV BINARYDIR=/usr/local/at
+SHELL ["/bin/bash", "-c"]
+WORKDIR /app
+COPY . .
+RUN \
+  set -eux ; \
+  mkdir -p ${BINARYDIR} ; \
+  dart pub get ; \
+  dart pub update ; \
+  dart compile exe bin/activate_cli.dart -o ${BINARYDIR}/at_activate
+
+# Second stage of build FROM debian-slim
+FROM debian:stable-20230814-slim@sha256:6fe30b9cb71d604a872557be086c74f95451fecd939d72afe3cffca3d9e60607
+ENV USER=atsign
+ENV HOMEDIR=/${USER}
+ENV BINARYDIR=/usr/local/at
+ENV USER_ID=1024
+ENV GROUP_ID=1024
+
+COPY --from=buildimage --chown=${USER}:${USER} /usr/local/at/at_activate /usr/local/at/
+WORKDIR ${HOMEDIR}
+
+RUN \
+  set -eux ; \
+  apt-get update ; \
+  apt-get install -y sudo ; \
+  addgroup --gid ${GROUP_ID} ${USER} ; \
+  useradd --system --uid ${USER_ID} --gid ${GROUP_ID} --shell /bin/bash --home ${HOMEDIR} ${USER} ; \
+  mkdir -p ${HOMEDIR}/.atsign/keys ; \
+  chown -R ${USER}:${USER} ${HOMEDIR} ; \
+  usermod -aG sudo ${USER} ;
+
+USER ${USER}
+ENTRYPOINT [ "/usr/local/at/at_activate" ]

packages/sshnoports/templates/docker/docker-compose.local.yaml

@@ -0,0 +1,22 @@
+version: "3.0"
+volumes:
+  keys:
+    driver: local
+services:
+  activate:
+    build:
+      context: ../../
+      dockerfile: ./templates/docker/Dockerfile.activate
+    volumes:
+      - keys:/atsign/.atsign/keys
+    command: -a "${TO}" -c "${TO_CRAM}"
+  sshnpd:
+    build:
+      context: ../../
+      dockerfile: ./templates/docker/Dockerfile
+    volumes:
+      - keys:/atsign/.atsign/keys
+    command: -a "${TO}" -m "${FROM}" -d "${DEVICE}" -s -u -v
+    depends_on:
+      activate:
+        condition: service_completed_successfully

packages/sshnoports/templates/docker/docker-compose.yaml

@@ -0,0 +1,19 @@
+version: "3.0"
+
+volumes:
+  keys:
+    driver: local
+services:
+  activate:
+    image: atsigncompany/activate_sshnpd:latest
+    volumes:
+      - keys:/atsign/.atsign/keys
+    command: -a "${TO}" -c "${TO_CRAM}"
+  sshnpd:
+    image: atsigncompany/sshnpd:latest
+    volumes:
+      - keys:/atsign/.atsign/keys
+    command: -a "${TO}" -m "${FROM}" -d "${DEVICE}" -s -u -v
+    depends_on:
+      activate:
+        condition: service_completed_successfully