···
Read the introduction to Tangled [here](https://blog.tangled.sh/intro).
9
-
## knot self-hosting guide
11
-
So you want to run your own knot server? Great! Here are a few prerequisites:
13
-
1. A server of some kind (a VPS, a Raspberry Pi, etc.). Preferably running a Linux of some kind.
14
-
2. A (sub)domain name. People generally use `knot.example.com`.
15
-
3. A valid SSL certificate for your domain.
17
-
There's a couple of ways to get started:
18
-
* NixOS: refer to [flake.nix](https://tangled.sh/@tangled.sh/core/blob/master/flake.nix)
19
-
* Docker: Documented below.
20
-
* Manual: Documented below.
24
-
Clone this repository:
27
-
git clone https://tangled.sh/@tangled.sh/core
30
-
Modify the `docker/docker-compose.yml`, specifically the
31
-
`KNOT_SERVER_SECRET` and `KNOT_SERVER_HOSTNAME` env vars. Then run:
34
-
docker compose -f docker/docker-compose.yml up
39
-
First, clone this repository:
42
-
git clone https://tangled.sh/@tangled.sh/core
45
-
Then, build our binaries (you need to have Go installed):
46
-
* `knotserver`: the main server program
47
-
* `keyfetch`: utility to fetch ssh pubkeys
48
-
* `repoguard`: enforces repository access control
52
-
export CGO_ENABLED=1
53
-
go build -o knot ./cmd/knotserver
54
-
go build -o keyfetch ./cmd/keyfetch
55
-
go build -o repoguard ./cmd/repoguard
58
-
Next, move the `keyfetch` binary to a location owned by `root` --
59
-
`/usr/local/libexec/tangled-keyfetch` is a good choice:
62
-
sudo mv keyfetch /usr/local/libexec/tangled-keyfetch
63
-
sudo chown root:root /usr/local/libexec/tangled-keyfetch
64
-
sudo chmod 755 /usr/local/libexec/tangled-keyfetch
67
-
This is necessary because SSH `AuthorizedKeysCommand` requires [really specific
68
-
permissions](https://stackoverflow.com/a/27638306). Let's set that up:
71
-
sudo tee /etc/ssh/sshd_config.d/authorized_keys_command.conf <<EOF
73
-
AuthorizedKeysCommand /usr/local/libexec/tangled-keyfetch
74
-
AuthorizedKeysCommandUser nobody
78
-
Next, create the `git` user:
84
-
Copy the `repoguard` binary to the `git` user's home directory:
87
-
sudo cp repoguard /home/git
88
-
sudo chown git:git /home/git/repoguard
91
-
Now, let's set up the server. Copy the `knot` binary to
92
-
`/usr/local/bin/knotserver`. Then, create `/home/git/.knot.env` with the
93
-
following, updating the values as necessary. The `KNOT_SERVER_SECRET` can be
94
-
obtaind from the [/knots](/knots) page on Tangled.
97
-
KNOT_REPO_SCAN_PATH=/home/git
98
-
KNOT_SERVER_HOSTNAME=knot.example.com
99
-
APPVIEW_ENDPOINT=https://tangled.sh
100
-
KNOT_SERVER_SECRET=secret
101
-
KNOT_SERVER_INTERNAL_LISTEN_ADDR=127.0.0.1:5444
102
-
KNOT_SERVER_LISTEN_ADDR=127.0.0.1:5555
105
-
If you run a Linux distribution that uses systemd, you can use the provided
106
-
service file to run the server. Copy
107
-
[`knotserver.service`](https://tangled.sh/did:plc:wshs7t2adsemcrrd4snkeqli/core/blob/master/systemd/knotserver.service)
108
-
to `/etc/systemd/system/`. Then, run:
111
-
systemctl enable knotserver
112
-
systemctl start knotserver
115
-
You should now have a running knot server! You can finalize your registration by hitting the
116
-
`initialize` button on the [/knots](/knots) page.
11
+
* [knot hosting guide](https://tangled.sh/@tangled.sh/core/tree/master/docs/knot-hosting.md)
12
+
* [contributing guide](https://tangled.sh/@tangled.sh/core/tree/master/docs/contributing.md)
dunkirk.sh
anirudh.fi