julien.rbrt.fr / tangled-core
forked from tangled.org/core
Monorepo for Tangled — https://tangled.org
fork atom
tangled-core / readme.md
at repo-deletion 3.3 kB view raw view rendered
1# tangled 2 3Hello Tanglers! This is the codebase for 4[Tangled](https://tangled.sh)&mdash;a code collaboration platform built 5on the [AT Protocol](https://atproto.com). 6 7Read the introduction to Tangled [here](https://blog.tangled.sh/intro). 8 9## knot self-hosting guide 10 11So you want to run your own knot server? Great! Here are a few prerequisites: 12 131. A server of some kind (a VPS, a Raspberry Pi, etc.). Preferably running a Linux of some kind. 142. A (sub)domain name. People generally use `knot.example.com`. 153. A valid SSL certificate for your domain. 16 17There's a couple of ways to get started: 18* NixOS: refer to [flake.nix](https://tangled.sh/@tangled.sh/core/blob/master/flake.nix) 19* Docker: Documented below. 20* Manual: Documented below. 21 22## docker setup 23 24Clone this repository: 25 26``` 27git clone https://tangled.sh/@tangled.sh/core 28``` 29 30Modify the `docker/docker-compose.yml`, specifically the 31`KNOT_SERVER_SECRET` and `KNOT_SERVER_HOSTNAME` env vars. Then run: 32 33``` 34docker compose -f docker/docker-compose.yml up 35``` 36 37### manual setup 38 39First, clone this repository: 40 41``` 42git clone https://tangled.sh/@tangled.sh/core 43``` 44 45Then, build our binaries (you need to have Go installed): 46* `knotserver`: the main server program 47* `keyfetch`: utility to fetch ssh pubkeys 48* `repoguard`: enforces repository access control 49 50``` 51cd core 52export CGO_ENABLED=1 53go build -o knot ./cmd/knotserver 54go build -o keyfetch ./cmd/keyfetch 55go build -o repoguard ./cmd/repoguard 56``` 57 58Next, move the `keyfetch` binary to a location owned by `root` -- 59`/usr/local/libexec/tangled-keyfetch` is a good choice: 60 61``` 62sudo mv keyfetch /usr/local/libexec/tangled-keyfetch 63sudo chown root:root /usr/local/libexec/tangled-keyfetch 64sudo chmod 755 /usr/local/libexec/tangled-keyfetch 65``` 66 67This is necessary because SSH `AuthorizedKeysCommand` requires [really specific 68permissions](https://stackoverflow.com/a/27638306). Let's set that up: 69 70``` 71sudo tee /etc/ssh/sshd_config.d/authorized_keys_command.conf <<EOF 72Match User git 73 AuthorizedKeysCommand /usr/local/libexec/tangled-keyfetch 74 AuthorizedKeysCommandUser nobody 75EOF 76``` 77 78Next, create the `git` user: 79 80``` 81sudo adduser git 82``` 83 84Copy the `repoguard` binary to the `git` user's home directory: 85 86``` 87sudo cp repoguard /home/git 88sudo chown git:git /home/git/repoguard 89``` 90 91Now, let's set up the server. Copy the `knot` binary to 92`/usr/local/bin/knotserver`. Then, create `/home/git/.knot.env` with the 93following, updating the values as necessary. The `KNOT_SERVER_SECRET` can be 94obtaind from the [/knots](/knots) page on Tangled. 95 96``` 97KNOT_REPO_SCAN_PATH=/home/git 98KNOT_SERVER_HOSTNAME=knot.example.com 99APPVIEW_ENDPOINT=https://tangled.sh 100KNOT_SERVER_SECRET=secret 101KNOT_SERVER_INTERNAL_LISTEN_ADDR=127.0.0.1:5444 102KNOT_SERVER_LISTEN_ADDR=127.0.0.1:5555 103``` 104 105If you run a Linux distribution that uses systemd, you can use the provided 106service file to run the server. Copy 107[`knotserver.service`](https://tangled.sh/did:plc:wshs7t2adsemcrrd4snkeqli/core/blob/master/systemd/knotserver.service) 108to `/etc/systemd/system/`. Then, run: 109 110``` 111systemctl enable knotserver 112systemctl start knotserver 113``` 114 115You should now have a running knot server! You can finalize your registration by hitting the 116`initialize` button on the [/knots](/knots) page.