keea.dog / knot-spindle
forked from tangled.org/knot-docker
Community maintained Docker config for the spindle server
fork atom

all: update to clone from core repo

hanna a27bd8f0 4e66ee74

options
unified split
Changed files
+30 -41
Dockerfile
rootfs
etc
s6-overlay
s6-rc.d
knotserver
run
scripts
keys-wrapper
+26 -37
Dockerfile 
···

       
1

       

       
-

       
FROM docker.io/golang:1.24-alpine3.21 AS build


     

       

       
1

       
+

       
from golang:1.24-alpine as builder


     

       

       
2

       
+

       
env KNOT_REPO_SCAN_PATH=/home/git/repositories


     

       

       
3

       
+

       
env CGO_ENABLED=1


     

       
2

       
4

       
 

       



     

       
3

       

       
-

       
ENV CGO_ENABLED=1


     

       
4

       

       
-

       
ENV KNOT_REPO_SCAN_PATH=/home/git/repositories


     

       
5

       

       
-

       
WORKDIR /usr/src/app


     

       
6

       

       
-

       
COPY go.mod go.sum ./


     

       

       
5

       
+

       
workdir /app


     

       

       
6

       
+

       
run apk add git gcc musl-dev


     

       

       
7

       
+

       
run git clone https://tangled.sh/@tangled.sh/core .


     

       

       
8

       
+

       
run go build -o /usr/bin/knot -ldflags '-s -w -extldflags "-static"' ./cmd/knot


     

       
7

       
9

       
 

       



     

       
8

       

       
-

       
RUN apk add --no-cache gcc musl-dev


     

       
9

       

       
-

       
RUN go mod download


     

       

       
10

       
+

       
from alpine:edge


     

       

       
11

       
+

       
expose 5555


     

       

       
12

       
+

       
expose 22


     

       
10

       
13

       
 

       



     

       
11

       

       
-

       
COPY . .


     

       
12

       

       
-

       
RUN go build -v \


     

       
13

       

       
-

       
    -o /usr/local/bin/knot \


     

       
14

       

       
-

       
    -ldflags='-s -w -extldflags "-static"' \


     

       
15

       

       
-

       
    ./cmd/knot


     

       

       
14

       
+

       
label org.opencontainers.image.title='knot'


     

       

       
15

       
+

       
label org.opencontainers.image.description='data server for tangled'


     

       

       
16

       
+

       
label org.opencontainers.image.source='https://tangled.sh/@tangled.sh/knot-docker'


     

       

       
17

       
+

       
label org.opencontainers.image.url='https://tangled.sh'


     

       

       
18

       
+

       
label org.opencontainers.image.vendor='tangled.sh'


     

       

       
19

       
+

       
label org.opencontainers.image.licenses='MIT'


     

       
16

       
20

       
 

       



     

       
17

       

       
-

       
FROM docker.io/alpine:3.21


     

       

       
21

       
+

       
copy rootfs .


     

       

       
22

       
+

       
run chmod -R 755 /etc/s6-overlay


     

       

       
23

       
+

       
run apk add shadow s6-overlay execline openssl openssh git curl


     

       

       
24

       
+

       
run useradd -s /bin/nologin -d /home/git git && openssl rand -hex 16 | passwd --stdin git


     

       

       
25

       
+

       
run mkdir -p /home/git/repositories && chown -R git:git /home/git/repositories


     

       

       
26

       
+

       
copy --from=builder /usr/bin/knot /usr/bin


     

       

       
27

       
+

       
run mkdir /app && chown -R git:git /app


     

       
18

       
28

       
 

       



     

       
19

       

       
-

       
LABEL org.opencontainers.image.title=Tangled


     

       
20

       

       
-

       
LABEL org.opencontainers.image.description="Tangled is a decentralized and open code collaboration platform, built on atproto."


     

       
21

       

       
-

       
LABEL org.opencontainers.image.vendor=Tangled.sh


     

       
22

       

       
-

       
LABEL org.opencontainers.image.licenses=MIT


     

       
23

       

       
-

       
LABEL org.opencontainers.image.url=https://tangled.sh


     

       
24

       

       
-

       
LABEL org.opencontainers.image.source=https://tangled.sh/@tangled.sh/core


     

       

       
29

       
+

       
healthcheck --interval=60s --timeout=30s --start-period=5s --retries=3 \


     

       

       
30

       
+

       
  cmd curl -f http://localhost:5555 || exit 1


     

       
25

       
31

       
 

       



     

       
26

       

       
-

       
RUN apk add --no-cache shadow s6-overlay execline openssh git curl && \


     

       
27

       

       
-

       
    adduser --disabled-password git && \


     

       
28

       

       
-

       
    # We need to set password anyway since otherwise ssh won't work


     

       
29

       

       
-

       
    head -c 32 /dev/random | base64 | tr -dc 'a-zA-Z0-9' | passwd git --stdin && \


     

       
30

       

       
-

       
    mkdir /app && mkdir /home/git/repositories


     

       

       
32

       
+

       
entrypoint ["/init"]


     

       
31

       
33

       
 

       



     

       
32

       

       
-

       
COPY --from=build /usr/local/bin/knot /usr/local/bin


     

       
33

       

       
-

       
COPY docker/rootfs/ .


     

       
34

       

       
-

       
RUN chmod +x /etc/s6-overlay/scripts/keys-wrapper && \


     

       
35

       

       
-

       
    chown git:git /app && \


     

       
36

       

       
-

       
    chown -R git:git /home/git/repositories


     

       
37

       

       
-

       



     

       
38

       

       
-

       
EXPOSE 22


     

       
39

       

       
-

       
EXPOSE 5555


     

       
40

       

       
-

       



     

       
41

       

       
-

       
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \


     

       
42

       

       
-

       
    CMD curl -f http://localhost:5555/ || exit 1


     

       
43

       

       
-

       



     

       
44

       

       
-

       
ENTRYPOINT ["/init"]
+1 -1
rootfs/etc/s6-overlay/s6-rc.d/knotserver/run 
···

       
1

       
1

       
 

       
#!/command/with-contenv ash


     

       
2

       
2

       
 

       



     

       
3

       

       
-

       
exec s6-setuidgid git /usr/local/bin/knot server


     

       

       
3

       
+

       
exec s6-setuidgid git /usr/bin/knot server
+3 -3
rootfs/etc/s6-overlay/scripts/keys-wrapper 
···

       
1

       
1

       
 

       
#!/bin/sh


     

       
2

       
2

       
 

       



     

       
3

       
3

       
 

       
# Execute the knot keys command with proper shell context


     

       
4

       

       
-

       
exec /bin/sh -c '/usr/local/bin/knot keys \


     

       
5

       

       
-

       
    -output authorized-keys \


     

       

       
4

       
+

       
exec /bin/sh -c '/usr/bin/knot keys -output authorized-keys \


     

       
6

       
5

       
 

       
    -internal-api "http://${KNOT_SERVER_INTERNAL_LISTEN_ADDR:-localhost:5444}" \


     

       
7

       
6

       
 

       
    -git-dir "${KNOT_REPO_SCAN_PATH:-/home/git/repositories}" \


     

       
8

       

       
-

       
    -log-path "/tmp/knotguard.log"' 

     

       

       
7

       
+

       
    -log-path "/tmp/knotguard.log"'


     

       

       
8

       
+