switch to docker.io/docker base image

Dockerfile

@@ -1,10 +1,13 @@
-FROM registry.lubiland.de/swarm-nat
+FROM docker.io/docker
 
 ENV REPOSITORY=gitea@gitea.lubiland.de:/lubiland/lubidock.git \
     SSH_PRIVATE_KEY=/run/secrets/ssh \
     SSH_HOST_KEY="gitea.lubiland.de ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC73EQQyf0rL8qRJulhHrF2+pm1FJl4Y4Qr9qjb+sd2/mwdt03uV6sZR+M7SPxHKnbhjEe+g5AV7IImLdXJZVsdVAP3yzrq4OvUGVorN+GZlkc550jrGUXvOu7mARwKCl5kpAuXYqPYU9CoOFVF3CsRYxsuWfSk6y3TGoBg5rg8RtKHDP2vHX26oZ5HWeAbXs0s23UsmeGg7pI/tiliEngCfesCx8WtlApuLg0WIhIJAOctdbg7F2/jC6AebgvItdhd/d3xQxNm53P4G3pgYMt1zj2OEE5cOko6W0BlyMnFFeniDsHOfpxWf7OL1FCAvLmArG4UZeF6x1mxSrsuXh7t"
 
+
+RUN apk add --no-cache git
+
 COPY entrypoint.sh /entrypoint.sh
 
 WORKDIR /lubidock
-ENTRYPOINT /bin/bash /entrypoint.sh
+ENTRYPOINT /bin/sh /entrypoint.sh

entrypoint.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 # import trusted fingerprints
 mkdir "$HOME/.ssh"
@@ -7,6 +7,11 @@ echo "$SSH_HOST_KEY" > "$HOME/.ssh/known_hosts"
 # use a custom ssh key for git
 export GIT_SSH_COMMAND="ssh -i ""$SSH_PRIVATE_KEY"""
 
+
+# update swarm-nat
+# use docker.io/lubiland/swarm-nat until registry.lubiland.de allows public access
+docker pull docker.io/lubiland/swarm-nat
+
 while :; do
     # check if the git repository already got cloned
     if [ -d .git ]; then
@@ -17,8 +22,10 @@ while :; do
         git clone "$REPOSITORY" .
     fi
 
-    # run the actual iptables script
-    pwsh -File /expose_forwards.ps1 -Stacks ./stacks
+    # run the actual swarm-nat docker container
+    # use docker instead of running it directly to use --cap-add
+    # use docker.io/lubiland/swarm-nat until registry.lubiland.de allows public access
+    docker run --rm --net=host --cap-add=NET_ADMIN --volume /var/run/docker.sock:/var/run/docker.sock --volume /cephfs/lubiland-lubinat/lubidock/stacks:/stacks docker.io/lubiland/swarm-nat
 
     sleep 60
 done