besaid.zone / core
forked from tangled.org/core
Monorepo for Tangled
fork atom

docker: move to @tangled.sh/knot-docker

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.sh>

anirudh.fi de3ab1d5 7d8fff21

verified
options
unified split
Changed files
+5 -127
docker
Dockerfile
docker-compose.yml
rootfs
etc
s6-overlay
s6-rc.d
create-sshd-host-keys
type
up
knotserver
dependencies.d
base
run
type
sshd
dependencies.d
base
create-sshd-host-keys
run
type
user
contents.d
knotserver
sshd
scripts
create-sshd-host-keys
ssh
sshd_config.d
tangled_sshd.conf
docs
knot-hosting.md
-37
docker/Dockerfile
··· 1 - FROM docker.io/golang:1.24-alpine3.21 AS build 2 - 3 - ENV CGO_ENABLED=1 4 - WORKDIR /usr/src/app 5 - COPY go.mod go.sum ./ 6 - 7 - RUN apk add --no-cache gcc musl-dev 8 - RUN go mod download 9 - 10 - COPY . . 11 - RUN go build -v \ 12 - -o /usr/local/bin/knot \ 13 - -ldflags='-s -w -extldflags "-static"' \ 14 - ./cmd/knot 15 - 16 - FROM docker.io/alpine:3.21 17 - 18 - LABEL org.opencontainers.image.title=Tangled 19 - LABEL org.opencontainers.image.description="Tangled is a decentralized and open code collaboration platform, built on atproto." 20 - LABEL org.opencontainers.image.vendor=Tangled.sh 21 - LABEL org.opencontainers.image.licenses=MIT 22 - LABEL org.opencontainers.image.url=https://tangled.sh 23 - LABEL org.opencontainers.image.source=https://tangled.sh/@tangled.sh/core 24 - 25 - RUN apk add --no-cache shadow s6-overlay execline openssh git && \ 26 - adduser --disabled-password git && \ 27 - # We need to set password anyway since otherwise ssh won't work 28 - head -c 32 /dev/random | base64 | tr -dc 'a-zA-Z0-9' | passwd git --stdin && \ 29 - mkdir /app && mkdir /home/git/repositories 30 - 31 - COPY --from=build /usr/local/bin/knot /usr/local/bin 32 - COPY docker/rootfs/ . 33 - 34 - EXPOSE 22 35 - EXPOSE 5555 36 - 37 - ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown git:git /home/git/repositories && /init"]
-33
docker/docker-compose.yml
··· 1 - services: 2 - knot: 3 - build: 4 - context: .. 5 - dockerfile: docker/Dockerfile 6 - environment: 7 - KNOT_SERVER_HOSTNAME: ${KNOT_SERVER_HOSTNAME} 8 - KNOT_SERVER_SECRET: ${KNOT_SERVER_SECRET} 9 - KNOT_SERVER_DB_PATH: "/app/knotserver.db" 10 - KNOT_REPO_SCAN_PATH: "/home/git/repositories" 11 - volumes: 12 - - "./keys:/etc/ssh/keys" 13 - - "./repositories:/home/git/repositories" 14 - - "./server:/app" 15 - ports: 16 - - "2222:22" 17 - frontend: 18 - image: caddy:2-alpine 19 - command: > 20 - caddy 21 - reverse-proxy 22 - --from ${KNOT_SERVER_HOSTNAME} 23 - --to knot:5555 24 - depends_on: 25 - - knot 26 - ports: 27 - - "443:443" 28 - - "443:443/udp" 29 - volumes: 30 - - caddy_data:/data 31 - restart: always 32 - volumes: 33 - caddy_data:
-1
docker/rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/type
··· 1 - oneshot
-1
docker/rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/up
··· 1 - /etc/s6-overlay/scripts/create-sshd-host-keys
docker/rootfs/etc/s6-overlay/s6-rc.d/knotserver/dependencies.d/base

This is a binary file and will not be displayed.

-3
docker/rootfs/etc/s6-overlay/s6-rc.d/knotserver/run
··· 1 - #!/command/with-contenv ash 2 - 3 - exec s6-setuidgid git /usr/local/bin/knot server
-1
docker/rootfs/etc/s6-overlay/s6-rc.d/knotserver/type
··· 1 - longrun
docker/rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/base

This is a binary file and will not be displayed.

docker/rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/create-sshd-host-keys

This is a binary file and will not be displayed.

-3
docker/rootfs/etc/s6-overlay/s6-rc.d/sshd/run
··· 1 - #!/usr/bin/execlineb -P 2 - 3 - /usr/sbin/sshd -e -D
-1
docker/rootfs/etc/s6-overlay/s6-rc.d/sshd/type
··· 1 - longrun
docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/knotserver

This is a binary file and will not be displayed.

docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/sshd

This is a binary file and will not be displayed.

-21
docker/rootfs/etc/s6-overlay/scripts/create-sshd-host-keys
··· 1 - #!/usr/bin/execlineb -P 2 - 3 - foreground { 4 - if -n { test -d /etc/ssh/keys } 5 - mkdir /etc/ssh/keys 6 - } 7 - 8 - foreground { 9 - if -n { test -f /etc/ssh/keys/ssh_host_rsa_key } 10 - ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_rsa_key -q -N "" 11 - } 12 - 13 - foreground { 14 - if -n { test -f /etc/ssh/keys/ssh_host_ecdsa_key } 15 - ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ecdsa_key -q -N "" 16 - } 17 - 18 - foreground { 19 - if -n { test -f /etc/ssh/keys/ssh_host_ed25519_key } 20 - ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ed25519_key -q -N "" 21 - }
-9
docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
··· 1 - HostKey /etc/ssh/keys/ssh_host_rsa_key 2 - HostKey /etc/ssh/keys/ssh_host_ecdsa_key 3 - HostKey /etc/ssh/keys/ssh_host_ed25519_key 4 - 5 - PasswordAuthentication no 6 - 7 - Match User git 8 - AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized-keys 9 - AuthorizedKeysCommandUser nobody
+5 -17
docs/knot-hosting.md
··· 7 7 3. A valid SSL certificate for your domain. 8 8 9 9 There's a couple of ways to get started: 10 - * NixOS: refer to [flake.nix](https://tangled.sh/@tangled.sh/core/blob/master/flake.nix) 11 - * Docker: Documented below. 10 + * NixOS: refer to 11 + [flake.nix](https://tangled.sh/@tangled.sh/core/blob/master/flake.nix) 12 + * Docker: Documented at 13 + [@tangled.sh/knot-docker](https://tangled.sh/@tangled.sh/knot-docker) 14 + (community maintained: support is not guaranteed!) 12 15 * Manual: Documented below. 13 - 14 - ## docker setup 15 - 16 - Clone this repository: 17 - 18 - ``` 19 - git clone https://tangled.sh/@tangled.sh/core 20 - ``` 21 - 22 - Modify the `docker/docker-compose.yml`, specifically the 23 - `KNOT_SERVER_SECRET` and `KNOT_SERVER_HOSTNAME` env vars. Then run: 24 - 25 - ``` 26 - docker compose -f docker/docker-compose.yml up 27 - ``` 28 16 29 17 ## manual setup 30 18