besaid.zone / core
forked from tangled.org/core
Monorepo for Tangled
fork atom

Docker support

This container embeds everything in one container:
- knotserver
- repoguard
- keyfetch
- sshd server

To supervise knot and sshd servers I decided to use well known s6-overlay. After first launch it execline script will create host keys. knotserver runs under git, sshd under root.

authored by krasovs.ky and committed by Tangled 195587bd be877bba

options
unified split
Changed files
+108
docker
Dockerfile
docker-compose.yml
rootfs
etc
s6-overlay
s6-rc.d
create-sshd-host-keys
type
up
knotserver
dependencies.d
base
run
type
sshd
dependencies.d
base
create-sshd-host-keys
run
type
user
contents.d
knotserver
sshd
scripts
create-sshd-host-keys
ssh
sshd_config.d
tangled_sshd.conf
+52
docker/Dockerfile
··· 1 + FROM docker.io/golang:1.24-alpine3.21 AS build 2 + 3 + ENV CGO_ENABLED=1 4 + 5 + RUN apk add --no-cache gcc musl-dev 6 + 7 + WORKDIR /usr/src/app 8 + 9 + COPY go.mod go.sum ./ 10 + RUN go mod download 11 + 12 + COPY . . 13 + RUN go build -v \ 14 + -o /usr/local/bin/knotserver \ 15 + -ldflags='-s -w -extldflags "-static"' \ 16 + ./cmd/knotserver && \ 17 + go build -v \ 18 + -o /usr/local/bin/keyfetch \ 19 + ./cmd/keyfetch && \ 20 + go build -v \ 21 + -o /usr/local/bin/repoguard \ 22 + ./cmd/repoguard 23 + 24 + FROM docker.io/alpine:3.21 25 + 26 + LABEL org.opencontainers.image.title=Tangled 27 + LABEL org.opencontainers.image.description="Tangled is a decentralized and open code collaboration platform, built on atproto." 28 + LABEL org.opencontainers.image.vendor=Tangled.sh 29 + LABEL org.opencontainers.image.licenses=MIT 30 + LABEL org.opencontainers.image.url=https://tangled.sh 31 + LABEL org.opencontainers.image.source=https://tangled.sh/@tangled.sh/core 32 + 33 + RUN apk add --no-cache shadow s6-overlay execline openssh git && \ 34 + adduser --disabled-password git && \ 35 + # We need to set password anyway since otherwise ssh won't work 36 + head -c 32 /dev/random | base64 | tr -dc 'a-zA-Z0-9' | passwd git --stdin && \ 37 + mkdir /app && mkdir /home/git/repositories 38 + 39 + COPY --from=build /usr/local/bin/knotserver /usr/local/bin 40 + COPY --from=build /usr/local/bin/keyfetch /usr/local/libexec/tangled-keyfetch 41 + COPY --from=build /usr/local/bin/repoguard /home/git/repoguard 42 + COPY docker/rootfs/ . 43 + 44 + RUN chown root:root /usr/local/libexec/tangled-keyfetch && \ 45 + chmod 755 /usr/local/libexec/tangled-keyfetch && \ 46 + chown git:git /home/git/repoguard && \ 47 + chown git:git /app && chown git:git /home/git/repositories 48 + 49 + EXPOSE 22 50 + EXPOSE 5555 51 + 52 + ENTRYPOINT ["/init"]
+16
docker/docker-compose.yml
··· 1 + services: 2 + knot: 3 + build: 4 + context: .. 5 + dockerfile: docker/Dockerfile 6 + environment: 7 + KNOT_SERVER_HOSTNAME: "knot.example.org" 8 + KNOT_SERVER_SECRET: "secret" 9 + KNOT_SERVER_DB_PATH: "/app/knotserver.db" 10 + volumes: 11 + - "./keys:/etc/ssh/keys" 12 + - "./repositories:/home/git/repositories" 13 + - "./server:/app" 14 + ports: 15 + - "5555:5555" 16 + - "2222:22"
+1
docker/rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/type
··· 1 + oneshot
+1
docker/rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/up
··· 1 + /etc/s6-overlay/scripts/create-sshd-host-keys
docker/rootfs/etc/s6-overlay/s6-rc.d/knotserver/dependencies.d/base

This is a binary file and will not be displayed.

+3
docker/rootfs/etc/s6-overlay/s6-rc.d/knotserver/run
··· 1 + #!/command/with-contenv ash 2 + 3 + exec s6-setuidgid git /usr/local/bin/knotserver
+1
docker/rootfs/etc/s6-overlay/s6-rc.d/knotserver/type
··· 1 + longrun
docker/rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/base

This is a binary file and will not be displayed.

docker/rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/create-sshd-host-keys

This is a binary file and will not be displayed.

+3
docker/rootfs/etc/s6-overlay/s6-rc.d/sshd/run
··· 1 + #!/usr/bin/execlineb -P 2 + 3 + /usr/sbin/sshd -e -D
+1
docker/rootfs/etc/s6-overlay/s6-rc.d/sshd/type
··· 1 + longrun
docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/knotserver

This is a binary file and will not be displayed.

docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/sshd

This is a binary file and will not be displayed.

+21
docker/rootfs/etc/s6-overlay/scripts/create-sshd-host-keys
··· 1 + #!/usr/bin/execlineb -P 2 + 3 + foreground { 4 + if -n { test -d /etc/ssh/keys } 5 + mkdir /etc/ssh/keys 6 + } 7 + 8 + foreground { 9 + if -n { test -f /etc/ssh/keys/ssh_host_rsa_key } 10 + ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_rsa_key -q -N "" 11 + } 12 + 13 + foreground { 14 + if -n { test -f /etc/ssh/keys/ssh_host_ecdsa_key } 15 + ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ecdsa_key -q -N "" 16 + } 17 + 18 + foreground { 19 + if -n { test -f /etc/ssh/keys/ssh_host_ed25519_key } 20 + ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ed25519_key -q -N "" 21 + }
+9
docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
··· 1 + HostKey /etc/ssh/keys/ssh_host_rsa_key 2 + HostKey /etc/ssh/keys/ssh_host_ecdsa_key 3 + HostKey /etc/ssh/keys/ssh_host_ed25519_key 4 + 5 + PasswordAuthentication no 6 + 7 + Match User git 8 + AuthorizedKeysCommand /usr/local/libexec/tangled-keyfetch -git-dir /home/git/repositories 9 + AuthorizedKeysCommandUser nobody