uncenter.dev
+26
-37
Dockerfile
+26
-37
Dockerfile
···
1
-
FROM docker.io/golang:1.24-alpine3.21 AS build
1
+
from golang:1.24-alpine as builder
2
+
env KNOT_REPO_SCAN_PATH=/home/git/repositories
3
+
env CGO_ENABLED=1
2
4
3
-
ENV CGO_ENABLED=1
4
-
ENV KNOT_REPO_SCAN_PATH=/home/git/repositories
5
-
WORKDIR /usr/src/app
6
-
COPY go.mod go.sum ./
5
+
workdir /app
6
+
run apk add git gcc musl-dev
7
+
run git clone https://tangled.sh/@tangled.sh/core .
8
+
run go build -o /usr/bin/knot -ldflags '-s -w -extldflags "-static"' ./cmd/knot
7
9
8
-
RUN apk add --no-cache gcc musl-dev
9
-
RUN go mod download
10
+
from alpine:edge
11
+
expose 5555
12
+
expose 22
10
13
11
-
COPY . .
12
-
RUN go build -v \
13
-
-o /usr/local/bin/knot \
14
-
-ldflags='-s -w -extldflags "-static"' \
15
-
./cmd/knot
14
+
label org.opencontainers.image.title='knot'
15
+
label org.opencontainers.image.description='data server for tangled'
16
+
label org.opencontainers.image.source='https://tangled.sh/@tangled.sh/knot-docker'
17
+
label org.opencontainers.image.url='https://tangled.sh'
18
+
label org.opencontainers.image.vendor='tangled.sh'
19
+
label org.opencontainers.image.licenses='MIT'
16
20
17
-
FROM docker.io/alpine:3.21
21
+
copy rootfs .
22
+
run chmod -R 755 /etc/s6-overlay
23
+
run apk add shadow s6-overlay execline openssl openssh git curl
24
+
run useradd -s /bin/nologin -d /home/git git && openssl rand -hex 16 | passwd --stdin git
25
+
run mkdir -p /home/git/repositories && chown -R git:git /home/git/repositories
26
+
copy --from=builder /usr/bin/knot /usr/bin
27
+
run mkdir /app && chown -R git:git /app
18
28
19
-
LABEL org.opencontainers.image.title=Tangled
20
-
LABEL org.opencontainers.image.description="Tangled is a decentralized and open code collaboration platform, built on atproto."
21
-
LABEL org.opencontainers.image.vendor=Tangled.sh
22
-
LABEL org.opencontainers.image.licenses=MIT
23
-
LABEL org.opencontainers.image.url=https://tangled.sh
24
-
LABEL org.opencontainers.image.source=https://tangled.sh/@tangled.sh/core
29
+
healthcheck --interval=60s --timeout=30s --start-period=5s --retries=3 \
30
+
cmd curl -f http://localhost:5555 || exit 1
25
31
26
-
RUN apk add --no-cache shadow s6-overlay execline openssh git curl && \
27
-
adduser --disabled-password git && \
28
-
# We need to set password anyway since otherwise ssh won't work
29
-
head -c 32 /dev/random | base64 | tr -dc 'a-zA-Z0-9' | passwd git --stdin && \
30
-
mkdir /app && mkdir /home/git/repositories
32
+
entrypoint ["/init"]
31
33
32
-
COPY --from=build /usr/local/bin/knot /usr/local/bin
33
-
COPY docker/rootfs/ .
34
-
RUN chmod +x /etc/s6-overlay/scripts/keys-wrapper && \
35
-
chown git:git /app && \
36
-
chown -R git:git /home/git/repositories
37
-
38
-
EXPOSE 22
39
-
EXPOSE 5555
40
-
41
-
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
42
-
CMD curl -f http://localhost:5555/ || exit 1
43
-
44
-
ENTRYPOINT ["/init"]
+1
-1
rootfs/etc/s6-overlay/s6-rc.d/knotserver/run
+1
-1
rootfs/etc/s6-overlay/s6-rc.d/knotserver/run
+3
-3
rootfs/etc/s6-overlay/scripts/keys-wrapper
+3
-3
rootfs/etc/s6-overlay/scripts/keys-wrapper
···
1
1
#!/bin/sh
2
2
3
3
# Execute the knot keys command with proper shell context
4
-
exec /bin/sh -c '/usr/local/bin/knot keys \
5
-
-output authorized-keys \
4
+
exec /bin/sh -c '/usr/bin/knot keys -output authorized-keys \
6
5
-internal-api "http://${KNOT_SERVER_INTERNAL_LISTEN_ADDR:-localhost:5444}" \
7
6
-git-dir "${KNOT_REPO_SCAN_PATH:-/home/git/repositories}" \
8
-
-log-path "/tmp/knotguard.log"'
7
+
-log-path "/tmp/knotguard.log"'
8
+