Add support for SSH git URLs

Dockerfile

@@ -1,7 +1,8 @@
 FROM nginx:mainline-alpine
 
 # Install hugo
-RUN apk add hugo git
+RUN apk add hugo git openssh bash
 
 # Copy over auxiliary scripts
-COPY aux/* /docker-entrypoint.d/
+COPY aux /aux
+COPY init/* /docker-entrypoint.d/

README.md

@@ -12,6 +12,12 @@ If you store your blog data in a git repository, run the container with env `REP
 
 The repository will be pulled and built every 10 minutes.
 
+#### SSH URLs
+
+If you specify a SSH URL (`ssh:// ...`) for your repository, the host key will be automatically pulled and added as trusted host. Make sure to double-check those host keys with your git server - although a [MITM](https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/) scenario is unlikely and won't pose a big risk in the case of blogker. [YMMV](https://www.urbandictionary.com/define.php?term=ymmv), but still, this may be a security risk in some cases.
+
+If you want to pull private repositories, you may need to generate a SSH key for this purpose, and hand in the private key file, e.g. via `-v ./id_rsa:/root/.ssh/id_rsa`.
+
 ### Passthrough via Bind
 
 To just use a specific directory as the hugo blog contents, run the container with the repository passed through as bind directory:

init/check-ssh.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+SSH_GIT_URL_REGEX="^ssh:\/\/([^@]+@)?([a-z0-9\-\.]+)[:/].*$"
+
+if [[ "$REPO_URL" =~ $SSH_GIT_URL_REGEX ]]; then
+	echo "Detected SSH repo URL, importing host key"
+	ssh-keyscan ${BASH_REMATCH[2]} >> /root/.ssh/known_hosts || exit 1
+fi
+
+/aux/pull-n-build.sh || exit 1

init/cron.sh

@@ -9,7 +9,7 @@ if [ "$BUILDFREQ" == "" ]; then
 fi
 
 # Run the pull script regularly
-echo "$BUILDFREQ * * * * /docker-entrypoint.d/pull-n-build.sh" >> /var/spool/cron/crontabs/root
+echo "$BUILDFREQ * * * * /aux/pull-n-build.sh" >> /var/spool/cron/crontabs/root
 
 # start cron daemon (goes into background)
 crond