commit e8010592fb2ab0d4e1e1fbf4615202783203ada2 · anil.recoil.org/knot-docker

+24

Dockerfile

···

       1
       1
       +
       FROM alpine AS build

     

       2
       2
       +
       RUN apk add --update go git

     

       3
       3
       +
       RUN git clone https://tangled.sh/@tangled.sh/core /src

     

       4
       4
       +
       WORKDIR /src

     

       5
       5
       +
       ENV CGO_ENABLED=1

     

       6
       6
       +
       RUN cd cmd/knotserver && go build

     

       7
       7
       +
       RUN cd cmd/keyfetch && go build

     

       8
       8
       +
       RUN cd cmd/repoguard && go build

     

       9
       9
       +
       FROM alpine

     

       10
       10
       +
       RUN apk add --update git openssh-server su-exec

     

       11
       11
       +
       RUN addgroup -g 1000 git && \

     

       12
       12
       +
           adduser -D -u 1000 -G git -h /home/git git && \

     

       13
       13
       +
           mkdir -p /home/git && \

     

       14
       14
       +
           chown -R git:git /home/git

     

       15
       15
       +
       COPY --from=build /src/cmd/knotserver/knotserver /usr/bin/knotserver

     

       16
       16
       +
       COPY --from=build /src/cmd/keyfetch/keyfetch /usr/bin/keyfetch

     

       17
       17
       +
       COPY --from=build /src/cmd/repoguard/repoguard /usr/bin/repoguard

     

       18
       18
       +
       COPY keyfetch_sshd_config /tmp/keyfetch

     

       19
       19
       +
       RUN cat /tmp/keyfetch >> /etc/ssh/sshd_config && rm /tmp/keyfetch

     

       20
       20
       +
       COPY ssh_host_ed25519_key /etc/ssh

     

       21
       21
       +
       COPY ssh_host_ed25519_key.pub /etc/ssh

     

       22
       22
       +
       RUN chmod 600 /etc/ssh/ssh_host_ed25519_key

     

       23
       23
       +
       RUN chmod 644 /etc/ssh/ssh_host_ed25519_key.pub

     

       24
       24
       +
       CMD ["/bin/sh", "-c", "chown -R git:git /home/git && /usr/sbin/sshd && su-exec git knotserver"]

+10

README.md

···

       1
       1
       +
       Quick instructions:

     

       2
       2
       +
       - run `gen-key.sh` to generate an ssh host key

     

       3
       3
       +
       - set the server name in both `conf/Caddyfile` and in `knot.env.template`

     

       4
       4
       +
       - register a knot on tangled.sh and put the secret key in `knot.env.template`

     

       5
       5
       +
       - spin up the container and test that it works

     

       6
       6
       +
       

     

       7
       7
       +
       Buyer beware, this is a very new and untested setup for alpha software,

     

       8
       8
       +
       so don't commit any overly precious code to this.

     

       9
       9
       +
       

     

       10
       10
       +
       -- Anil Madhavapeddy <anil@recoil.org>

+3

conf/Caddyfile

···

       1
       1
       +
       git.recoil.org {

     

       2
       2
       +
         reverse_proxy knotserver:5555

     

       3
       3
       +
       }

+30

docker-compose.yml

···

       1
       1
       +
       services:

     

       2
       2
       +
         frontend:

     

       3
       3
       +
           image: caddy:2-alpine

     

       4
       4
       +
           depends_on:

     

       5
       5
       +
             - knotserver

     

       6
       6
       +
           ports:

     

       7
       7
       +
             - "443:443"

     

       8
       8
       +
             - "443:443/udp"

     

       9
       9
       +
             - "80:80"

     

       10
       10
       +
           volumes:

     

       11
       11
       +
             - caddy_data:/data

     

       12
       12
       +
             - ./conf:/etc/caddy

     

       13
       13
       +
         knotserver:

     

       14
       14
       +
           environment:

     

       15
       15
       +
            - KNOT_REPO_SCAN_PATH=/home/git

     

       16
       16
       +
            - KNOT_REPO_MAIN_BRANCH=main

     

       17
       17
       +
            - KNOT_SERVER_DB_PATH=/home/git/knotserver.db

     

       18
       18
       +
            - APPVIEW_ENDPOINT=https://tangled.sh

     

       19
       19
       +
            - KNOT_SERVER_INTERNAL_LISTEN_ADDR=0.0.0.0:5444

     

       20
       20
       +
            - KNOT_SERVER_LISTEN_ADDR=0.0.0.0:5555

     

       21
       21
       +
           env_file: knot.env

     

       22
       22
       +
           build:

     

       23
       23
       +
             dockerfile: Dockerfile

     

       24
       24
       +
           volumes:

     

       25
       25
       +
            - knot_data:/home/git

     

       26
       26
       +
           ports:

     

       27
       27
       +
             - "2222:22"

     

       28
       28
       +
       volumes:

     

       29
       29
       +
         caddy_data:

     

       30
       30
       +
         knot_data:

+3

gen-key.sh

···

       1
       1
       +
       #!/bin/sh

     

       2
       2
       +
       

     

       3
       3
       +
       ssh-keygen -t ed25519 -f ./ssh_host_ed25519_key -N ""

+3

keyfetch_sshd_config

···

       1
       1
       +
       Match User git

     

       2
       2
       +
         AuthorizedKeysCommand /usr/bin/keyfetch -repoguard-path /usr/bin/repoguard

     

       3
       3
       +
         AuthorizedKeysCommandUser nobody

+2

knot.env.template

···

       1
       1
       +
       KNOT_SERVER_HOSTNAME=<your hostname>

     

       2
       2
       +
       KNOT_SERVER_SECRET=<secret string from the tangled.sh ui>