commit a2b5a858e6935d6c4ad146b22062d07fb288a9ef · bladee.bsky.social/knot-container

+3

10-tangled.conf

···

       1
       +
       Match User git

     

       2
       +
           AuthorizedKeysCommand /usr/libexec/keyfetch -repoguard-path /usr/libexec/repoguard

     

       3
       +
           AuthorizedKeysCommandUser nobody

+26

Containerfile

···

       1
       +
       FROM registry.fedoraproject.org/fedora:41 AS build

     

       2
       +
       

     

       3
       +
       RUN dnf install --assumeyes git go && \

     

       4
       +
           git clone https://tangled.sh/@tangled.sh/core

     

       5
       +
       

     

       6
       +
       WORKDIR /core

     

       7
       +
       ENV CGO_ENABLED=1

     

       8
       +
       RUN go build -o knot ./cmd/knotserver && \

     

       9
       +
           go build -o keyfetch ./cmd/keyfetch && \

     

       10
       +
           go build -o repoguard ./cmd/repoguard

     

       11
       +
       

     

       12
       +
       FROM registry.fedoraproject.org/fedora:41 AS run

     

       13
       +
       

     

       14
       +
       RUN dnf install --assumeyes git openssh-server && \

     

       15
       +
           dnf clean all

     

       16
       +
       

     

       17
       +
       COPY --from=build /core/keyfetch /usr/libexec/keyfetch

     

       18
       +
       COPY --from=build /core/knot /usr/libexec/knot

     

       19
       +
       COPY --from=build /core/repoguard /usr/libexec/repoguard

     

       20
       +
       

     

       21
       +
       COPY ./10-tangled.conf /etc/ssh/sshd_config.d/10-tangled.conf

     

       22
       +
       

     

       23
       +
       RUN useradd -m git

     

       24
       +
       

     

       25
       +
       COPY ./entrypoint.sh /usr/libexec/entrypoint

     

       26
       +
       ENTRYPOINT [ "/usr/libexec/entrypoint" ]

+17

entrypoint.sh

···

       1
       +
       #!/usr/bin/env sh

     

       2
       +
       

     

       3
       +
       mkdir --parents /keys

     

       4
       +
       

     

       5
       +
       if [ ! -f /keys/ssh_host_ed25519_key ]

     

       6
       +
       then

     

       7
       +
           ssh-keygen -t ed25519 -f /keys/ssh_host_ed25519_key -N ""

     

       8
       +
       fi

     

       9
       +
       

     

       10
       +
       chmod 600 /keys/ssh_host_ed25519_key

     

       11
       +
       chmod 644 /keys/ssh_host_ed25519_key.pub

     

       12
       +
       chown root:root /keys/ssh_host_ed25519_key /keys/ssh_host_ed25519_key.pub

     

       13
       +
       

     

       14
       +
       /usr/sbin/sshd -D -h /keys/ssh_host_ed25519_key &

     

       15
       +
       

     

       16
       +
       chown git:git /home/git

     

       17
       +
       exec sudo -u git -E /usr/bin/sh -c "cd /home/git && /usr/libexec/knot \"$@\""