Delete ssh connection from docker installation

- https://github.com/chatmail/relay/pull/614#discussion_r2269986372 - https://github.com/chatmail/relay/pull/614#discussion_r2269991175 - https://github.com/chatmail/relay/pull/614#discussion_r2269995037 - https://github.com/chatmail/relay/pull/614#discussion_r2270004922
2026-05-20 21:08:03 +00:00 · 2025-08-23 22:47:32 +03:00
parent 87615b62d6
commit 1b3f419384
3 changed files with 8 additions and 20 deletions
--- a/cmdeploy/src/cmdeploy/cmdeploy.py
+++ b/cmdeploy/src/cmdeploy/cmdeploy.py
@@ -99,7 +99,11 @@ def run_cmd(args, out):
    deploy_path = importlib.resources.files(__package__).joinpath("deploy.py").resolve()
    pyinf = "pyinfra --dry" if args.dry_run else "pyinfra"
    ssh_host = args.config.mail_domain if not args.ssh_host else args.ssh_host
    cmd = f"{pyinf} --ssh-user root {ssh_host} {deploy_path} -y"
    if sshexec == "localhost":
        cmd = f"{pyinf} @local {deploy_path} -y"
    if version.parse(pyinfra.__version__) < version.parse("3"):
        out.red("Please re-run scripts/initenv.sh to update pyinfra to version 3.")
        return 1
@@ -362,6 +366,9 @@ def main(args=None):
    def get_sshexec():
        host = args.ssh_host if hasattr(args, "ssh_host") and args.ssh_host else args.config.mail_domain
        if host in [ "@local", "localhost" ]:
            return "localhost"
        print(f"[ssh] login to {host}")
        return SSHExec(host, verbose=args.verbose)
--- a/docker/chatmail_relay.dockerfile
+++ b/docker/chatmail_relay.dockerfile
@@ -18,8 +18,6 @@ RUN echo 'APT::Install-Recommends "0";' > /etc/apt/apt.conf.d/01norecommend && \
 RUN apt-get update && \
    apt-get install -y \
        openssh-client \
        openssh-server \
        git \
        python3 \
        python3-venv \
@@ -54,23 +52,6 @@ RUN apt-get update && \
    done \
    && rm -rf /var/lib/apt/lists/*
 RUN systemctl enable \
        ssh \
        fcgiwrap
 RUN sed -i 's/^#PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config && \
    sed -i 's/^#PermitRootLogin .*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config && \
    ssh-keygen -P "" -t rsa -b 2048 -f /root/.ssh/id_rsa && \
    mkdir -p /root/.ssh && \
    cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys && \
    SSH_USER_CONFIG="/root/.ssh/config" && \
    echo "Host localhost" >  "$SSH_USER_CONFIG" && \
    echo "    HostName localhost" >>  "$SSH_USER_CONFIG" && \
    echo "    User root" >>  "$SSH_USER_CONFIG" && \
    echo "    StrictHostKeyChecking no" >>  "$SSH_USER_CONFIG" && \
    echo "    UserKnownHostsFile /dev/null" >>  "$SSH_USER_CONFIG"
    ## TODO: deny access for all insteed root form 127.0.0.1 https://unix.stackexchange.com/a/406264
 WORKDIR /opt/chatmail
 ARG SETUP_CHATMAIL_SERVICE_PATH=/lib/systemd/system/setup_chatmail.service
--- a/docker/files/setup_chatmail_docker.sh
+++ b/docker/files/setup_chatmail_docker.sh
@@ -70,7 +70,7 @@ fi
 ./scripts/cmdeploy init --config "${INI_FILE}" $INI_CMD_ARGS $MAIL_DOMAIN
 bash /update_ini.sh
-./scripts/cmdeploy run --ssh-host localhost --skip-dns-check
+./scripts/cmdeploy run --ssh-host @local --skip-dns-check
 echo "ForwardToConsole=yes" >> /etc/systemd/journald.conf
 systemctl restart systemd-journald