From d2a3fc6937797a476da86469ffe5a5ad30b82176 Mon Sep 17 00:00:00 2001
From: 3wc <3wc@doesthisthing.work>
Date: Fri, 26 Nov 2021 22:28:50 +0200
Subject: [PATCH] WIP: optional SSH connection

---
 .env.sample     | 11 +++++++++--
 compose.ssh.yml | 27 +++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 2 deletions(-)
 create mode 100644 compose.ssh.yml

diff --git a/.env.sample b/.env.sample
index 94ce6c2..0139a16 100644
--- a/.env.sample
+++ b/.env.sample
@@ -5,12 +5,19 @@ DOMAIN=wordpress.example.com
 #EXTRA_DOMAINS=', `www.wordpress.example.com`'
 LETS_ENCRYPT_ENV=production
 
+# Necessary for optional features, leave this alone:
+COMPOSE_FILE="compose.yml"
+
 ## Additional extensions
 #PHP_EXTENSIONS="calendar"
 
 SECRET_DB_ROOT_PASSWORD_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
 
+# SSH access
+#COMPOSE_FILE="$COMPOSE_FILE:compose.ssh.yml"
+#SSH_PUBLIC_KEY=<your pubkey here>
+
 # Multisite
 #WORDPRESS_CONFIG_EXTRA="\
 #	define('WP_CACHE', false);\
@@ -30,12 +37,12 @@ SECRET_DB_PASSWORD_VERSION=v1
 #	define('COOKIE_DOMAIN', \$_SERVER['HTTP_HOST']);"
 
 # Local SMTP relay
-#COMPOSE_FILE="compose.yml:compose.mailrelay.yml"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.mailrelay.yml"
 #SMTP_HOST="postfix_relay_app"
 #MAIL_FROM="wordpress@example.com"
 
 # Remote SMTP relay
-#COMPOSE_FILE="compose.yml:compose.mailrelay.yml:compose.smtp.yml"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 #SMTP_HOST="mail.example.com"
 #MAIL_FROM="wordpress@example.com"
 #SMTP_PORT=587
diff --git a/compose.ssh.yml b/compose.ssh.yml
new file mode 100644
index 0000000..b2e1c57
--- /dev/null
+++ b/compose.ssh.yml
@@ -0,0 +1,27 @@
+---
+version: "3.8"
+
+services:
+  ssh:
+    image: lscr.io/linuxserver/openssh-server
+    environment:
+      - PUID=33
+      - PGID=33
+      - PUBLIC_KEY=${SSH_PUBLIC_KEY}
+      - USER_NAME=wordpress
+      - PASSWORD_ACCESS=false
+    networks:
+      - proxy
+    deploy:
+      update_config:
+        failure_action: rollback
+        order: start-first
+      labels:
+        - "traefik.enable=true"
+        - "traefik.tcp.routers.${STACK_NAME}-ssh.rule=HostSNI(`*`)"
+        - "traefik.tcp.routers.${STACK_NAME}-ssh.entrypoints=gitea-ssh"
+        - "traefik.tcp.services.${STACK_NAME}-ssh.loadbalancer.server.port=2222"
+
+networks:
+  proxy:
+    external: true
-- 
2.40.1