From 49011fe86c382f0a7b31fd9727db221af0be1c77 Mon Sep 17 00:00:00 2001
From: Mathias Merscher <Mathias.Merscher@dg-i.net>
Date: Fri, 17 Dec 2021 12:37:45 +0100
Subject: [PATCH] add support for custom openssh config snippets

This makes it possible to add custom config snippets to the OpenSSH
config file used by gitlab-shell.

Changelog: added
---
 charts/gitlab/charts/gitlab-shell/templates/configmap-sshd.yml | 3 +++
 charts/gitlab/charts/gitlab-shell/values.yaml                  | 2 ++
 doc/charts/gitlab/gitlab-shell/index.md                        | 1 +
 3 files changed, 6 insertions(+)

diff --git a/charts/gitlab/charts/gitlab-shell/templates/configmap-sshd.yml b/charts/gitlab/charts/gitlab-shell/templates/configmap-sshd.yml
index 99c85df1eb..046fb9d131 100644
--- a/charts/gitlab/charts/gitlab-shell/templates/configmap-sshd.yml
+++ b/charts/gitlab/charts/gitlab-shell/templates/configmap-sshd.yml
@@ -155,5 +155,8 @@ data:
 
     # Specifies amount of time athat the server will disconnect after if the user has not successfully logged in
     LoginGraceTime {{ .Values.config.loginGraceTime }}
+    {{ if .Values.config.sshAdditionalConfig }}
+      {{- .Values.config.sshAdditionalConfig | nindent 4 }}
+    {{ end }}
 # Leave this here - This line denotes end of block to the parser.
 {{- end }}
diff --git a/charts/gitlab/charts/gitlab-shell/values.yaml b/charts/gitlab/charts/gitlab-shell/values.yaml
index 2149926371..56af28c812 100644
--- a/charts/gitlab/charts/gitlab-shell/values.yaml
+++ b/charts/gitlab/charts/gitlab-shell/values.yaml
@@ -126,3 +126,5 @@ networkpolicy:
 ## Allow to select ssh daemon that would be executed inside container
 ## Possible values: openssh, gitlab-sshd
 sshDaemon: openssh
+# sshAdditionalConfig: |
+#   Ciphers ...
diff --git a/doc/charts/gitlab/gitlab-shell/index.md b/doc/charts/gitlab/gitlab-shell/index.md
index 7f11f158f4..4c2e939c6a 100644
--- a/doc/charts/gitlab/gitlab-shell/index.md
+++ b/doc/charts/gitlab/gitlab-shell/index.md
@@ -79,6 +79,7 @@ controlled by `global.shell.port`.
 | `securityContext.fsGroup` | `1000`      |Group ID under which the pod should be started |
 | `securityContext.runAsUser` | `1000`      |User ID under which the pod should be started  |
 | `sshDaemon` | `openssh` | Selects which SSH daemon would be run, possible values (`openssh`, `gitlab-sshd`) |
+| `sshAdditionalConfig` | | Only for `openssh`: Plain text config that will be added to the OpenSSH daemon config file |
 | `tolerations`            | `[]`           | Toleration labels for pod assignment     |
 | `workhorse.serviceName`    | `webservice`      | Workhorse service name (by default, Workhorse is a part of the webservice Pods / Service)                   |
 
-- 
GitLab