initial version

Dockerfile

@@ -0,0 +1,10 @@
+FROM registry.lubiland.de/swarm-nat
+
+ENV REPOSITORY=gitea@gitea.lubiland.de:/lubiland/lubidock.git \
+    SSH_PRIVATE_KEY=/run/secrets/ssh \
+    SSH_HOST_KEY="gitea.lubiland.de ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC73EQQyf0rL8qRJulhHrF2+pm1FJl4Y4Qr9qjb+sd2/mwdt03uV6sZR+M7SPxHKnbhjEe+g5AV7IImLdXJZVsdVAP3yzrq4OvUGVorN+GZlkc550jrGUXvOu7mARwKCl5kpAuXYqPYU9CoOFVF3CsRYxsuWfSk6y3TGoBg5rg8RtKHDP2vHX26oZ5HWeAbXs0s23UsmeGg7pI/tiliEngCfesCx8WtlApuLg0WIhIJAOctdbg7F2/jC6AebgvItdhd/d3xQxNm53P4G3pgYMt1zj2OEE5cOko6W0BlyMnFFeniDsHOfpxWf7OL1FCAvLmArG4UZeF6x1mxSrsuXh7t"
+
+COPY entrypoint.sh /entrypoint.sh
+
+WORKDIR /lubidock
+ENTRYPOINT /bin/bash /entrypoint.sh

README.md

@@ -0,0 +1 @@
+This small image combines https://gitea.lubiland.de/lubiland/swarm-nat and https://gitea.lubiland.de/lubiland/lubidock to automatically deploy firewall rules based on new compose files.

entrypoint.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# import trusted fingerprints
+mkdir "$HOME/.ssh"
+echo "$SSH_HOST_KEY" > "$HOME/.ssh/known_hosts"
+
+# use a custom ssh key for git
+export GIT_SSH_COMMAND="ssh -i ""$SSH_PRIVATE_KEY"""
+
+while :; do
+    # check if the git repository already got cloned
+    if [ -d .git ]; then
+        # update the git repository
+        git pull
+    else
+        # no repository found; do an initial clone
+        git clone "$REPOSITORY" .
+    fi
+
+    # run the actual iptables script
+    pwsh -File /expose_forwards.ps1 -Stacks ./stacks
+
+    sleep 60
+done