dvjn.dev
this repo has no description
add code
+140
+4
.env.example
+4
.env.example
+1
.gitignore
+1
.gitignore
···
1
+
.env
+38
Dockerfile
+38
Dockerfile
···
1
+
FROM golang:1.23-alpine AS build
2
+
3
+
RUN apk add git go gcc musl-dev
4
+
5
+
RUN git clone https://tangled.sh/@tangled.sh/core /src
6
+
WORKDIR /src
7
+
8
+
ENV CGO_ENABLED=1
9
+
RUN go mod download
10
+
RUN go build -o ./bin/knotserver ./cmd/knotserver
11
+
RUN go build -o ./bin/keyfetch ./cmd/keyfetch
12
+
RUN go build -o ./bin/repoguard ./cmd/repoguard
13
+
14
+
15
+
FROM alpine
16
+
17
+
RUN apk add git openssh-server su-exec
18
+
RUN addgroup -g 1000 git && \
19
+
adduser -D -u 1000 -G git -h /home/git git && \
20
+
mkdir -p /home/git && \
21
+
chown -R git:git /home/git && \
22
+
passwd -u git
23
+
24
+
COPY --from=build /src/bin/knotserver /usr/bin/knotserver
25
+
COPY --from=build /src/bin/keyfetch /usr/bin/keyfetch
26
+
COPY --from=build /src/bin/repoguard /usr/bin/repoguard
27
+
28
+
COPY sshd_config /etc/ssh/sshd_config
29
+
COPY entrypoint.sh /entrypoint.sh
30
+
31
+
ENV KNOT_REPO_SCAN_PATH=/home/git
32
+
ENV KNOT_REPO_MAIN_BRANCH=main
33
+
ENV KNOT_SERVER_DB_PATH=/home/git/knotserver.db
34
+
ENV APPVIEW_ENDPOINT=https://tangled.sh
35
+
ENV KNOT_SERVER_INTERNAL_LISTEN_ADDR=0.0.0.0:5444
36
+
ENV KNOT_SERVER_LISTEN_ADDR=0.0.0.0:5555
37
+
38
+
ENTRYPOINT ["/entrypoint.sh"]
+18
README.md
+18
README.md
···
1
1
# knot-docker
2
+
3
+
## quickstart
4
+
5
+
- register a knot on [tangled.sh/knots](https://tangled.sh/knot)
6
+
- copy `.env.example` to `.env`
7
+
- fill the host name and secret in the `.env` file
8
+
- run `docker-compose up -d`
9
+
10
+
## ssh client setup
11
+
12
+
the ssh daemon runs on port 2222. you can configure your ssh client to use port
13
+
2222 to push code to the server by adding the following to your ssh config:
14
+
15
+
```
16
+
Host knot.example.com
17
+
User git
18
+
Port 2222
19
+
```
+34
docker-compose.yaml
+34
docker-compose.yaml
···
1
+
services:
2
+
proxy:
3
+
image: caddy:2-alpine
4
+
command: >
5
+
caddy
6
+
reverse-proxy
7
+
--from ${KNOT_SERVER_HOSTNAME}
8
+
--to knotserver:5555
9
+
depends_on:
10
+
- knotserver
11
+
ports:
12
+
- "443:443"
13
+
volumes:
14
+
- caddy_data:/data
15
+
restart: always
16
+
17
+
knotserver:
18
+
build:
19
+
context: .
20
+
dockerfile: Dockerfile
21
+
environment:
22
+
- KNOT_SERVER_HOSTNAME=${KNOT_SERVER_HOSTNAME}
23
+
- KNOT_SERVER_SECRET=${KNOT_SERVER_SECRET}
24
+
volumes:
25
+
- knot_data:/home/git
26
+
- knot_keys:/etc/ssh/keys
27
+
ports:
28
+
- "2222:22"
29
+
restart: always
30
+
31
+
volumes:
32
+
caddy_data:
33
+
knot_data:
34
+
knot_keys:
+16
entrypoint.sh
+16
entrypoint.sh
···
1
+
#!/bin/sh
2
+
3
+
set -ex
4
+
5
+
if [ ! -f /etc/ssh/keys/ssh_host_ed25519_key ]; then
6
+
ssh-keygen -t ed25519 -f /etc/ssh/keys/ssh_host_ed25519_key -N ""
7
+
chmod 600 /etc/ssh/keys/ssh_host_ed25519_key
8
+
chmod 644 /etc/ssh/keys/ssh_host_ed25519_key.pub
9
+
fi
10
+
/usr/sbin/sshd -e -D &
11
+
12
+
if [ ! -f /home/git/knotserver.db ]; then
13
+
touch /home/git/knotserver.db
14
+
fi
15
+
chown -R git:git /home/git
16
+
su-exec git knotserver
+25
sshd_config
+25
sshd_config
···
1
+
Port 22
2
+
ListenAddress 0.0.0.0
3
+
4
+
LogLevel INFO
5
+
6
+
HostKey /etc/ssh/keys/ssh_host_ed25519_key
7
+
8
+
PasswordAuthentication no
9
+
KbdInteractiveAuthentication no
10
+
PubkeyAuthentication yes
11
+
12
+
PermitRootLogin no
13
+
AllowTcpForwarding no
14
+
GatewayPorts no
15
+
X11Forwarding no
16
+
PermitTTY no
17
+
PermitUserEnvironment no
18
+
UseDNS no
19
+
MaxAuthTries 3
20
+
LoginGraceTime 30s
21
+
Subsystem sftp internal-sftp
22
+
23
+
Match User git
24
+
AuthorizedKeysCommand /usr/bin/keyfetch -repoguard-path /usr/bin/repoguard
25
+
AuthorizedKeysCommandUser nobody