keea.dog / knot-spindle
forked from tangled.org/knot-docker
Community maintained Docker config for the spindle server
fork atom

all: init

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.sh>

anirudh.fi 9533f374

verified
options
unified split
Changed files
+114
Dockerfile
docker-compose.yml
readme.md
rootfs
etc
s6-overlay
s6-rc.d
create-sshd-host-keys
type
up
knotserver
dependencies.d
base
run
type
sshd
dependencies.d
base
create-sshd-host-keys
run
type
user
contents.d
knotserver
sshd
scripts
create-sshd-host-keys
ssh
sshd_config.d
tangled_sshd.conf
+37
Dockerfile 
···

       

       
1

       
+

       
FROM docker.io/golang:1.24-alpine3.21 AS build


     

       

       
2

       
+

       



     

       

       
3

       
+

       
ENV CGO_ENABLED=1


     

       

       
4

       
+

       
WORKDIR /usr/src/app


     

       

       
5

       
+

       
COPY go.mod go.sum ./


     

       

       
6

       
+

       



     

       

       
7

       
+

       
RUN apk add --no-cache gcc musl-dev


     

       

       
8

       
+

       
RUN go mod download


     

       

       
9

       
+

       



     

       

       
10

       
+

       
COPY . .


     

       

       
11

       
+

       
RUN go build -v \


     

       

       
12

       
+

       
    -o /usr/local/bin/knot \


     

       

       
13

       
+

       
    -ldflags='-s -w -extldflags "-static"' \


     

       

       
14

       
+

       
    ./cmd/knot


     

       

       
15

       
+

       



     

       

       
16

       
+

       
FROM docker.io/alpine:3.21


     

       

       
17

       
+

       



     

       

       
18

       
+

       
LABEL org.opencontainers.image.title=Tangled


     

       

       
19

       
+

       
LABEL org.opencontainers.image.description="Tangled is a decentralized and open code collaboration platform, built on atproto."


     

       

       
20

       
+

       
LABEL org.opencontainers.image.vendor=Tangled.sh


     

       

       
21

       
+

       
LABEL org.opencontainers.image.licenses=MIT


     

       

       
22

       
+

       
LABEL org.opencontainers.image.url=https://tangled.sh


     

       

       
23

       
+

       
LABEL org.opencontainers.image.source=https://tangled.sh/@tangled.sh/core


     

       

       
24

       
+

       



     

       

       
25

       
+

       
RUN apk add --no-cache shadow s6-overlay execline openssh git && \


     

       

       
26

       
+

       
    adduser --disabled-password git && \


     

       

       
27

       
+

       
    # We need to set password anyway since otherwise ssh won't work


     

       

       
28

       
+

       
    head -c 32 /dev/random | base64 | tr -dc 'a-zA-Z0-9' | passwd git --stdin && \


     

       

       
29

       
+

       
    mkdir /app && mkdir /home/git/repositories


     

       

       
30

       
+

       



     

       

       
31

       
+

       
COPY --from=build /usr/local/bin/knot /usr/local/bin


     

       

       
32

       
+

       
COPY docker/rootfs/ .


     

       

       
33

       
+

       



     

       

       
34

       
+

       
EXPOSE 22


     

       

       
35

       
+

       
EXPOSE 5555


     

       

       
36

       
+

       



     

       

       
37

       
+

       
ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown git:git /home/git/repositories && /init"]
+33
docker-compose.yml 
···

       

       
1

       
+

       
services:


     

       

       
2

       
+

       
  knot:


     

       

       
3

       
+

       
    build:


     

       

       
4

       
+

       
      context: ..


     

       

       
5

       
+

       
      dockerfile: docker/Dockerfile


     

       

       
6

       
+

       
    environment:


     

       

       
7

       
+

       
      KNOT_SERVER_HOSTNAME: ${KNOT_SERVER_HOSTNAME}


     

       

       
8

       
+

       
      KNOT_SERVER_SECRET: ${KNOT_SERVER_SECRET}


     

       

       
9

       
+

       
      KNOT_SERVER_DB_PATH: "/app/knotserver.db"


     

       

       
10

       
+

       
      KNOT_REPO_SCAN_PATH: "/home/git/repositories"


     

       

       
11

       
+

       
    volumes:


     

       

       
12

       
+

       
      - "./keys:/etc/ssh/keys"


     

       

       
13

       
+

       
      - "./repositories:/home/git/repositories"


     

       

       
14

       
+

       
      - "./server:/app"


     

       

       
15

       
+

       
    ports:


     

       

       
16

       
+

       
      - "2222:22"


     

       

       
17

       
+

       
  frontend:


     

       

       
18

       
+

       
    image: caddy:2-alpine


     

       

       
19

       
+

       
    command: >


     

       

       
20

       
+

       
      caddy


     

       

       
21

       
+

       
      reverse-proxy


     

       

       
22

       
+

       
      --from ${KNOT_SERVER_HOSTNAME}


     

       

       
23

       
+

       
      --to knot:5555


     

       

       
24

       
+

       
    depends_on:


     

       

       
25

       
+

       
      - knot


     

       

       
26

       
+

       
    ports:


     

       

       
27

       
+

       
      - "443:443"


     

       

       
28

       
+

       
      - "443:443/udp"


     

       

       
29

       
+

       
    volumes:


     

       

       
30

       
+

       
      - caddy_data:/data


     

       

       
31

       
+

       
    restart: always


     

       

       
32

       
+

       
volumes:


     

       

       
33

       
+

       
  caddy_data:
+4
readme.md 
···

       

       
1

       
+

       
# knot-docker


     

       

       
2

       
+

       



     

       

       
3

       
+

       
This is a community maintained Docker setup for hosting your own knot


     

       

       
4

       
+

       
server.
+1
rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/type 
···

       

       
1

       
+

       
oneshot
+1
rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/up 
···

       

       
1

       
+

       
/etc/s6-overlay/scripts/create-sshd-host-keys
rootfs/etc/s6-overlay/s6-rc.d/knotserver/dependencies.d/base

This is a binary file and will not be displayed.

+3
rootfs/etc/s6-overlay/s6-rc.d/knotserver/run 
···

       

       
1

       
+

       
#!/command/with-contenv ash


     

       

       
2

       
+

       



     

       

       
3

       
+

       
exec s6-setuidgid git /usr/local/bin/knot server
+1
rootfs/etc/s6-overlay/s6-rc.d/knotserver/type 
···

       

       
1

       
+

       
longrun
rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/base

This is a binary file and will not be displayed.

rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/create-sshd-host-keys

This is a binary file and will not be displayed.

+3
rootfs/etc/s6-overlay/s6-rc.d/sshd/run 
···

       

       
1

       
+

       
#!/usr/bin/execlineb -P


     

       

       
2

       
+

       



     

       

       
3

       
+

       
/usr/sbin/sshd -e -D
+1
rootfs/etc/s6-overlay/s6-rc.d/sshd/type 
···

       

       
1

       
+

       
longrun
rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/knotserver

This is a binary file and will not be displayed.

rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/sshd

This is a binary file and will not be displayed.

+21
rootfs/etc/s6-overlay/scripts/create-sshd-host-keys 
···

       

       
1

       
+

       
#!/usr/bin/execlineb -P


     

       

       
2

       
+

       



     

       

       
3

       
+

       
foreground {


     

       

       
4

       
+

       
  if -n { test -d /etc/ssh/keys }


     

       

       
5

       
+

       
  mkdir /etc/ssh/keys


     

       

       
6

       
+

       
}


     

       

       
7

       
+

       



     

       

       
8

       
+

       
foreground {


     

       

       
9

       
+

       
  if -n { test -f /etc/ssh/keys/ssh_host_rsa_key }


     

       

       
10

       
+

       
  ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_rsa_key -q -N ""


     

       

       
11

       
+

       
}


     

       

       
12

       
+

       



     

       

       
13

       
+

       
foreground {


     

       

       
14

       
+

       
  if -n { test -f /etc/ssh/keys/ssh_host_ecdsa_key }


     

       

       
15

       
+

       
  ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ecdsa_key -q -N ""


     

       

       
16

       
+

       
}


     

       

       
17

       
+

       



     

       

       
18

       
+

       
foreground {


     

       

       
19

       
+

       
  if -n { test -f /etc/ssh/keys/ssh_host_ed25519_key }


     

       

       
20

       
+

       
  ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ed25519_key -q -N ""


     

       

       
21

       
+

       
}
+9
rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf 
···

       

       
1

       
+

       
HostKey /etc/ssh/keys/ssh_host_rsa_key


     

       

       
2

       
+

       
HostKey /etc/ssh/keys/ssh_host_ecdsa_key


     

       

       
3

       
+

       
HostKey /etc/ssh/keys/ssh_host_ed25519_key


     

       

       
4

       
+

       



     

       

       
5

       
+

       
PasswordAuthentication no


     

       

       
6

       
+

       



     

       

       
7

       
+

       
Match User git


     

       

       
8

       
+

       
  AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized-keys


     

       

       
9

       
+

       
  AuthorizedKeysCommandUser nobody