knotbin.com
(i be traumatized) fixes knotguard options, along with some more config improvements and fixes in docker compose and dockerfile
+2
-1
docker/Dockerfile
+2
-1
docker/Dockerfile
···
1
1
FROM docker.io/golang:1.24-alpine3.21 AS build
2
2
3
3
ENV CGO_ENABLED=1
4
+
ENV KNOT_REPO_SCAN_PATH=/home/git/repositories
4
5
WORKDIR /usr/src/app
5
6
COPY go.mod go.sum ./
6
7
···
34
35
EXPOSE 22
35
36
EXPOSE 5555
36
37
37
-
ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown git:git /home/git/repositories && /init"]
38
+
ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown -R git:git \"$KNOT_REPO_SCAN_PATH\" && /init"]
+6
-4
docker/docker-compose.yml
+6
-4
docker/docker-compose.yml
···
8
8
KNOT_SERVER_SECRET: ${KNOT_SERVER_SECRET}
9
9
KNOT_SERVER_DB_PATH: "/app/knotserver.db"
10
10
KNOT_REPO_SCAN_PATH: "/home/git/repositories"
11
+
KNOT_SERVER_INTERNAL_LISTEN_ADDR: "localhost:5444"
11
12
volumes:
12
13
- "./keys:/etc/ssh/keys"
13
14
- "./repositories:/home/git/repositories"
14
15
- "./server:/app"
15
16
ports:
17
+
- "5555:5555"
16
18
- "2222:22"
19
+
restart: always
17
20
frontend:
18
21
image: caddy:2-alpine
19
22
command: >
···
24
27
depends_on:
25
28
- knot
26
29
ports:
27
-
- "443:443"
28
-
- "443:443/udp"
30
+
- "${KNOT_SERVER_PORT:-443}:443"
31
+
- "${KNOT_SERVER_PORT:-443}:443/udp"
29
32
volumes:
30
33
- caddy_data:/data
31
34
restart: always
32
-
volumes:
33
-
caddy_data:
35
+
profiles: ["caddy"]
+1
-1
docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
+1
-1
docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
···
5
5
PasswordAuthentication no
6
6
7
7
Match User git
8
-
AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized-keys
8
+
AuthorizedKeysCommand /bin/sh -c '/usr/local/bin/knot keys -output authorized-keys -internal-api http://${KNOT_SERVER_INTERNAL_LISTEN_ADDR:-localhost:5444} -git-dir ${KNOT_REPO_SCAN_PATH:-/home/git/repositories} -log-path /tmp/knotguard.log'
9
9
AuthorizedKeysCommandUser nobody