julien.rbrt.fr / tangled-core
forked from tangled.org/core
Monorepo for Tangled — https://tangled.org
fork atom

docker: move to @tangled.sh/knot-docker

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.sh>

anirudh.fi de3ab1d5 7d8fff21

verified
options
unified split
Changed files
+5 -127
docker
Dockerfile
docker-compose.yml
rootfs
etc
s6-overlay
s6-rc.d
create-sshd-host-keys
type
up
knotserver
dependencies.d
base
run
type
sshd
dependencies.d
base
create-sshd-host-keys
run
type
user
contents.d
knotserver
sshd
scripts
create-sshd-host-keys
ssh
sshd_config.d
tangled_sshd.conf
docs
knot-hosting.md
-37
docker/Dockerfile 
···

       
1

       

       
-

       
FROM docker.io/golang:1.24-alpine3.21 AS build


     

       
2

       

       
-

       



     

       
3

       

       
-

       
ENV CGO_ENABLED=1


     

       
4

       

       
-

       
WORKDIR /usr/src/app


     

       
5

       

       
-

       
COPY go.mod go.sum ./


     

       
6

       

       
-

       



     

       
7

       

       
-

       
RUN apk add --no-cache gcc musl-dev


     

       
8

       

       
-

       
RUN go mod download


     

       
9

       

       
-

       



     

       
10

       

       
-

       
COPY . .


     

       
11

       

       
-

       
RUN go build -v \


     

       
12

       

       
-

       
    -o /usr/local/bin/knot \


     

       
13

       

       
-

       
    -ldflags='-s -w -extldflags "-static"' \


     

       
14

       

       
-

       
    ./cmd/knot


     

       
15

       

       
-

       



     

       
16

       

       
-

       
FROM docker.io/alpine:3.21


     

       
17

       

       
-

       



     

       
18

       

       
-

       
LABEL org.opencontainers.image.title=Tangled


     

       
19

       

       
-

       
LABEL org.opencontainers.image.description="Tangled is a decentralized and open code collaboration platform, built on atproto."


     

       
20

       

       
-

       
LABEL org.opencontainers.image.vendor=Tangled.sh


     

       
21

       

       
-

       
LABEL org.opencontainers.image.licenses=MIT


     

       
22

       

       
-

       
LABEL org.opencontainers.image.url=https://tangled.sh


     

       
23

       

       
-

       
LABEL org.opencontainers.image.source=https://tangled.sh/@tangled.sh/core


     

       
24

       

       
-

       



     

       
25

       

       
-

       
RUN apk add --no-cache shadow s6-overlay execline openssh git && \


     

       
26

       

       
-

       
    adduser --disabled-password git && \


     

       
27

       

       
-

       
    # We need to set password anyway since otherwise ssh won't work


     

       
28

       

       
-

       
    head -c 32 /dev/random | base64 | tr -dc 'a-zA-Z0-9' | passwd git --stdin && \


     

       
29

       

       
-

       
    mkdir /app && mkdir /home/git/repositories


     

       
30

       

       
-

       



     

       
31

       

       
-

       
COPY --from=build /usr/local/bin/knot /usr/local/bin


     

       
32

       

       
-

       
COPY docker/rootfs/ .


     

       
33

       

       
-

       



     

       
34

       

       
-

       
EXPOSE 22


     

       
35

       

       
-

       
EXPOSE 5555


     

       
36

       

       
-

       



     

       
37

       

       
-

       
ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown git:git /home/git/repositories && /init"]
-33
docker/docker-compose.yml 
···

       
1

       

       
-

       
services:


     

       
2

       

       
-

       
  knot:


     

       
3

       

       
-

       
    build:


     

       
4

       

       
-

       
      context: ..


     

       
5

       

       
-

       
      dockerfile: docker/Dockerfile


     

       
6

       

       
-

       
    environment:


     

       
7

       

       
-

       
      KNOT_SERVER_HOSTNAME: ${KNOT_SERVER_HOSTNAME}


     

       
8

       

       
-

       
      KNOT_SERVER_SECRET: ${KNOT_SERVER_SECRET}


     

       
9

       

       
-

       
      KNOT_SERVER_DB_PATH: "/app/knotserver.db"


     

       
10

       

       
-

       
      KNOT_REPO_SCAN_PATH: "/home/git/repositories"


     

       
11

       

       
-

       
    volumes:


     

       
12

       

       
-

       
      - "./keys:/etc/ssh/keys"


     

       
13

       

       
-

       
      - "./repositories:/home/git/repositories"


     

       
14

       

       
-

       
      - "./server:/app"


     

       
15

       

       
-

       
    ports:


     

       
16

       

       
-

       
      - "2222:22"


     

       
17

       

       
-

       
  frontend:


     

       
18

       

       
-

       
    image: caddy:2-alpine


     

       
19

       

       
-

       
    command: >


     

       
20

       

       
-

       
      caddy


     

       
21

       

       
-

       
      reverse-proxy


     

       
22

       

       
-

       
      --from ${KNOT_SERVER_HOSTNAME}


     

       
23

       

       
-

       
      --to knot:5555


     

       
24

       

       
-

       
    depends_on:


     

       
25

       

       
-

       
      - knot


     

       
26

       

       
-

       
    ports:


     

       
27

       

       
-

       
      - "443:443"


     

       
28

       

       
-

       
      - "443:443/udp"


     

       
29

       

       
-

       
    volumes:


     

       
30

       

       
-

       
      - caddy_data:/data


     

       
31

       

       
-

       
    restart: always


     

       
32

       

       
-

       
volumes:


     

       
33

       

       
-

       
  caddy_data:
-1
docker/rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/type 
···

       
1

       

       
-

       
oneshot
-1
docker/rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/up 
···

       
1

       

       
-

       
/etc/s6-overlay/scripts/create-sshd-host-keys
docker/rootfs/etc/s6-overlay/s6-rc.d/knotserver/dependencies.d/base

This is a binary file and will not be displayed.

-3
docker/rootfs/etc/s6-overlay/s6-rc.d/knotserver/run 
···

       
1

       

       
-

       
#!/command/with-contenv ash


     

       
2

       

       
-

       



     

       
3

       

       
-

       
exec s6-setuidgid git /usr/local/bin/knot server
-1
docker/rootfs/etc/s6-overlay/s6-rc.d/knotserver/type 
···

       
1

       

       
-

       
longrun
docker/rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/base

This is a binary file and will not be displayed.

docker/rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/create-sshd-host-keys

This is a binary file and will not be displayed.

-3
docker/rootfs/etc/s6-overlay/s6-rc.d/sshd/run 
···

       
1

       

       
-

       
#!/usr/bin/execlineb -P


     

       
2

       

       
-

       



     

       
3

       

       
-

       
/usr/sbin/sshd -e -D
-1
docker/rootfs/etc/s6-overlay/s6-rc.d/sshd/type 
···

       
1

       

       
-

       
longrun
docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/knotserver

This is a binary file and will not be displayed.

docker/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/sshd

This is a binary file and will not be displayed.

-21
docker/rootfs/etc/s6-overlay/scripts/create-sshd-host-keys 
···

       
1

       

       
-

       
#!/usr/bin/execlineb -P


     

       
2

       

       
-

       



     

       
3

       

       
-

       
foreground {


     

       
4

       

       
-

       
  if -n { test -d /etc/ssh/keys }


     

       
5

       

       
-

       
  mkdir /etc/ssh/keys


     

       
6

       

       
-

       
}


     

       
7

       

       
-

       



     

       
8

       

       
-

       
foreground {


     

       
9

       

       
-

       
  if -n { test -f /etc/ssh/keys/ssh_host_rsa_key }


     

       
10

       

       
-

       
  ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_rsa_key -q -N ""


     

       
11

       

       
-

       
}


     

       
12

       

       
-

       



     

       
13

       

       
-

       
foreground {


     

       
14

       

       
-

       
  if -n { test -f /etc/ssh/keys/ssh_host_ecdsa_key }


     

       
15

       

       
-

       
  ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ecdsa_key -q -N ""


     

       
16

       

       
-

       
}


     

       
17

       

       
-

       



     

       
18

       

       
-

       
foreground {


     

       
19

       

       
-

       
  if -n { test -f /etc/ssh/keys/ssh_host_ed25519_key }


     

       
20

       

       
-

       
  ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ed25519_key -q -N ""


     

       
21

       

       
-

       
}
-9
docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf 
···

       
1

       

       
-

       
HostKey /etc/ssh/keys/ssh_host_rsa_key


     

       
2

       

       
-

       
HostKey /etc/ssh/keys/ssh_host_ecdsa_key


     

       
3

       

       
-

       
HostKey /etc/ssh/keys/ssh_host_ed25519_key


     

       
4

       

       
-

       



     

       
5

       

       
-

       
PasswordAuthentication no


     

       
6

       

       
-

       



     

       
7

       

       
-

       
Match User git


     

       
8

       

       
-

       
  AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized-keys


     

       
9

       

       
-

       
  AuthorizedKeysCommandUser nobody
+5 -17
docs/knot-hosting.md 
···

       
7

       
7

       
 

       
3. A valid SSL certificate for your domain.


     

       
8

       
8

       
 

       



     

       
9

       
9

       
 

       
There's a couple of ways to get started:


     

       
10

       

       
-

       
* NixOS: refer to [flake.nix](https://tangled.sh/@tangled.sh/core/blob/master/flake.nix)


     

       
11

       

       
-

       
* Docker: Documented below.


     

       

       
10

       
+

       
* NixOS: refer to


     

       

       
11

       
+

       
[flake.nix](https://tangled.sh/@tangled.sh/core/blob/master/flake.nix)


     

       

       
12

       
+

       
* Docker: Documented at


     

       

       
13

       
+

       
[@tangled.sh/knot-docker](https://tangled.sh/@tangled.sh/knot-docker)


     

       

       
14

       
+

       
(community maintained: support is not guaranteed!)


     

       
12

       
15

       
 

       
* Manual: Documented below.


     

       
13

       

       
-

       



     

       
14

       

       
-

       
## docker setup


     

       
15

       

       
-

       



     

       
16

       

       
-

       
Clone this repository:


     

       
17

       

       
-

       



     

       
18

       

       
-

       
```


     

       
19

       

       
-

       
git clone https://tangled.sh/@tangled.sh/core


     

       
20

       

       
-

       
```


     

       
21

       

       
-

       



     

       
22

       

       
-

       
Modify the `docker/docker-compose.yml`, specifically the


     

       
23

       

       
-

       
`KNOT_SERVER_SECRET` and `KNOT_SERVER_HOSTNAME` env vars. Then run:


     

       
24

       

       
-

       



     

       
25

       

       
-

       
```


     

       
26

       

       
-

       
docker compose -f docker/docker-compose.yml up


     

       
27

       

       
-

       
```


     

       
28

       
16

       
 

       



     

       
29

       
17

       
 

       
## manual setup


     

       
30

       
18