Initial version

Dockerfile

@@ -0,0 +1,22 @@
+FROM debian:stretch
+
+RUN \
+  apt-get update && \
+  apt-get -y install \
+    taskd \
+  && rm -rf /var/lib/apt/lists/*
+
+COPY run.sh /run.sh
+
+RUN \
+  useradd tasks && \
+  mkdir /var/taskd && \
+  chown tasks:tasks /var/taskd
+
+USER tasks
+
+VOLUME /var/taskd
+ENV TASKDDATA /var/taskd
+
+EXPOSE 53589
+ENTRYPOINT ["/run.sh"]

run.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+if [ ! -e "${TASKDDATA}/config" ]; then
+
+    # Initialise
+    taskd init
+
+    # Create PKI directory and copy scripts
+    mkdir "${TASKDDATA}/pki"
+    cp /usr/share/taskd/pki/generate* "${TASKDDATA}/pki"
+
+    # Write variables for PKI
+    cat >"${TASKDDATA}/pki/vars" <<- EOF
+        BITS=4096
+        EXPIRATION_DAYS=365
+        ORGANIZATION="${PKI_OU:-Unknown}"
+        CN="${PKI_CN:-Unknown}"
+        COUNTRY="${PKI_COUNTRY:-Unknown}"
+        STATE="${PKI_STATE:-Unknown}"
+        LOCALITY="${PKI_LOCALITY:-Unknown}"
+EOF
+
+    # Generate certs
+    cd "${TASKDDATA}/pki"
+    ./generate
+
+    # Configure the server to use the new certs
+    taskd config --force client.cert "${TASKDDATA}/pki/client.cert.pem"
+    taskd config --force client.key "${TASKDDATA}/pki/client.key.pem"
+    taskd config --force server.cert "${TASKDDATA}/pki/server.cert.pem"
+    taskd config --force server.key "${TASKDDATA}/pki/server.key.pem"
+    taskd config --force server.crl "${TASKDDATA}/pki/server.crl.pem"
+    taskd config --force ca.cert "${TASKDDATA}/pki/ca.cert.pem"
+
+    # Listen on the default port
+    taskd config --force server 0.0.0.0:53589
+fi
+
+taskd server --data "${TASKDDATA}"
+