FROM alpine:3.9

MAINTAINER Valentin Lab <valentin.lab@kalysto.org>

## coreutils is for ``date`` support of ``--rfc-3339=seconds`` argument.
## findutils is for ``find`` support of ``--newermt`` argument.
RUN apk add rsync sudo bash openssh-server coreutils findutils
RUN ssh-keygen -A

## New user/group rsync/rsync with home dir in /var/lib/rsync
RUN mkdir -p /var/lib/rsync /var/log/rsync && \
    addgroup -S rsync && \
    adduser -S rsync -h /var/lib/rsync -G rsync && \
    chown rsync:rsync /var/lib/rsync /var/log/rsync

## Without this, account is considered locked by SSH
RUN sed -ri 's/^rsync:!:/rsync:*NP*:/g' /etc/shadow

## Withouth this, force-command will not run
RUN sed -ri 's%^(rsync.*:)[^:]+$%\1/bin/bash%g' /etc/passwd

## Allow rsync to access /var/mirror
COPY /src /

RUN chmod 440 /etc/sudoers.d/*

RUN mkdir /var/run/sshd

COPY ./entrypoint.sh /entrypoint.sh

EXPOSE 22

ENTRYPOINT [ "/entrypoint.sh" ]