readme.md at group-profile-timeline · julien.rbrt.fr/tangled-core

Monorepo for Tangled — https://tangled.org
tangled-core / readme.md
at group-profile-timeline 3.3 kB view raw view rendered
  1# tangled
  2
  3Hello Tanglers! This is the codebase for
  4[Tangled](https://tangled.sh)&mdash;a code collaboration platform built
  5on the [AT Protocol](https://atproto.com).
  6
  7Read the introduction to Tangled [here](https://blog.tangled.sh/intro).
  8
  9## knot self-hosting guide
 10
 11So you want to run your own knot server? Great! Here are a few prerequisites:
 12
 131. A server of some kind (a VPS, a Raspberry Pi, etc.). Preferably running a Linux of some kind.
 142. A (sub)domain name. People generally use `knot.example.com`.
 153. A valid SSL certificate for your domain.
 16
 17There's a couple of ways to get started:
 18* NixOS: refer to [flake.nix](https://tangled.sh/@tangled.sh/core/blob/master/flake.nix)
 19* Docker: Documented below.
 20* Manual: Documented below.
 21
 22## docker setup
 23
 24Clone this repository:
 25
 26```
 27git clone https://tangled.sh/@tangled.sh/core
 28```
 29
 30Modify the `docker/docker-compose.yml`, specifically the
 31`KNOT_SERVER_SECRET` and `KNOT_SERVER_HOSTNAME` env vars. Then run:
 32
 33```
 34docker compose -f docker/docker-compose.yml up
 35```
 36
 37### manual setup
 38
 39First, clone this repository:
 40
 41```
 42git clone https://tangled.sh/@tangled.sh/core
 43```
 44
 45Then, build our binaries (you need to have Go installed):
 46* `knotserver`: the main server program
 47* `keyfetch`: utility to fetch ssh pubkeys
 48* `repoguard`: enforces repository access control
 49
 50```
 51cd core
 52export CGO_ENABLED=1
 53go build -o knot ./cmd/knotserver
 54go build -o keyfetch ./cmd/keyfetch
 55go build -o repoguard ./cmd/repoguard
 56```
 57
 58Next, move the `keyfetch` binary to a location owned by `root` --
 59`/usr/local/libexec/tangled-keyfetch` is a good choice:
 60
 61```
 62sudo mv keyfetch /usr/local/libexec/tangled-keyfetch
 63sudo chown root:root /usr/local/libexec/tangled-keyfetch
 64sudo chmod 755 /usr/local/libexec/tangled-keyfetch
 65```
 66
 67This is necessary because SSH `AuthorizedKeysCommand` requires [really specific
 68permissions](https://stackoverflow.com/a/27638306). Let's set that up:
 69
 70```
 71sudo tee /etc/ssh/sshd_config.d/authorized_keys_command.conf <<EOF
 72Match User git
 73  AuthorizedKeysCommand /usr/local/libexec/tangled-keyfetch
 74  AuthorizedKeysCommandUser nobody
 75EOF
 76```
 77
 78Next, create the `git` user:
 79
 80```
 81sudo adduser git
 82```
 83
 84Copy the `repoguard` binary to the `git` user's home directory:
 85
 86```
 87sudo cp repoguard /home/git
 88sudo chown git:git /home/git/repoguard
 89```
 90
 91Now, let's set up the server. Copy the `knot` binary to
 92`/usr/local/bin/knotserver`. Then, create `/home/git/.knot.env` with the
 93following, updating the values as necessary. The `KNOT_SERVER_SECRET` can be
 94obtaind from the [/knots](/knots) page on Tangled.
 95
 96```
 97KNOT_REPO_SCAN_PATH=/home/git
 98KNOT_SERVER_HOSTNAME=knot.example.com
 99APPVIEW_ENDPOINT=https://tangled.sh
100KNOT_SERVER_SECRET=secret
101KNOT_SERVER_INTERNAL_LISTEN_ADDR=127.0.0.1:5444
102KNOT_SERVER_LISTEN_ADDR=127.0.0.1:5555
103```
104
105If you run a Linux distribution that uses systemd, you can use the provided
106service file to run the server. Copy
107[`knotserver.service`](https://tangled.sh/did:plc:wshs7t2adsemcrrd4snkeqli/core/blob/master/systemd/knotserver.service)
108to `/etc/systemd/system/`. Then, run:
109
110```
111systemctl enable knotserver
112systemctl start knotserver
113```
114
115You should now have a running knot server! You can finalize your registration by hitting the
116`initialize` button on the [/knots](/knots) page.