comparing dc82b2aec9a195ad119f83b40d1832bfa2236d30 and main on keea.dog/knot-spindle

+15 -15

Dockerfile

···

       1
        
       FROM golang:1.24-alpine AS builder

     

       2
       -
       ENV KNOT_REPO_SCAN_PATH=/home/git/repositories

     

       3
        
       ENV CGO_ENABLED=1

     

       4
        
       

     

       5
        
       ARG TAG='v1.10.0-alpha'

     
···

       7
        
       WORKDIR /app

     

       8
        
       RUN apk add git gcc musl-dev

     

       9
        
       RUN git clone -b ${TAG} https://tangled.org/@tangled.org/core .

     

       10
       -
       RUN go build -o /usr/bin/knot -ldflags '-s -w -extldflags "-static"' ./cmd/knot

     

       11
        
       

     

       12
        
       FROM alpine:edge

     

       13
       -
       EXPOSE 5555

     

       14
       -
       EXPOSE 22

     

       0
        
       
     

       15
        
       

     

       16
       -
       LABEL org.opencontainers.image.title='knot'

     

       17
       -
       LABEL org.opencontainers.image.description='data server for tangled'

     

       18
       -
       LABEL org.opencontainers.image.source='https://tangled.org/@tangled.org/knot-docker'

     

       19
        
       LABEL org.opencontainers.image.url='https://tangled.org'

     

       20
        
       LABEL org.opencontainers.image.vendor='tangled.org'

     

       21
        
       LABEL org.opencontainers.image.licenses='MIT'

     
···

       26
        
       COPY rootfs .

     

       27
        
       RUN chmod 755 /etc

     

       28
        
       RUN chmod -R 755 /etc/s6-overlay

     

       29
       -
       RUN apk add shadow s6-overlay execline openssl openssh git curl bash

     

       30
       -
       RUN groupadd -g $GID -f git

     

       31
       -
       RUN useradd -u $UID -g $GID -d /home/git git

     

       32
       -
       RUN openssl rand -hex 16 | passwd --stdin git

     

       33
       -
       RUN mkdir -p /home/git/repositories && chown -R git:git /home/git

     

       34
       -
       COPY --from=builder /usr/bin/knot /usr/bin

     

       35
       -
       RUN mkdir /app && chown -R git:git /app

     

       36
        
       

     

       37
        
       HEALTHCHECK --interval=60s --timeout=30s --start-period=5s --retries=3 \

     

       38
       -
           cmd curl -f http://localhost:5555 || exit 1

     

       39
        
       

     

       40
        
       ENTRYPOINT ["/init"]

···

       1
        
       FROM golang:1.24-alpine AS builder

     

       0
        
       
     

       2
        
       ENV CGO_ENABLED=1

     

       3
        
       

     

       4
        
       ARG TAG='v1.10.0-alpha'

     
···

       6
        
       WORKDIR /app

     

       7
        
       RUN apk add git gcc musl-dev

     

       8
        
       RUN git clone -b ${TAG} https://tangled.org/@tangled.org/core .

     

       9
       +
       RUN go build -o /usr/bin/spindle -ldflags '-s -w -extldflags "-static"' ./cmd/spindle

     

       10
        
       

     

       11
        
       FROM alpine:edge

     

       12
       +
       

     

       13
       +
       ARG PORT=6555

     

       14
       +
       EXPOSE $PORT

     

       15
        
       

     

       16
       +
       LABEL org.opencontainers.image.title='spindle'

     

       17
       +
       LABEL org.opencontainers.image.description='CI runner for tangled'

     

       18
       +
       LABEL org.opencontainers.image.source='https://tangled.org/@keea.dog/spindle-docker'

     

       19
        
       LABEL org.opencontainers.image.url='https://tangled.org'

     

       20
        
       LABEL org.opencontainers.image.vendor='tangled.org'

     

       21
        
       LABEL org.opencontainers.image.licenses='MIT'

     
···

       26
        
       COPY rootfs .

     

       27
        
       RUN chmod 755 /etc

     

       28
        
       RUN chmod -R 755 /etc/s6-overlay

     

       29
       +
       RUN apk add shadow s6-overlay execline openssl curl

     

       30
       +
       RUN groupadd -g $GID -f spindle

     

       31
       +
       RUN useradd -u $UID -g $GID -d /home/spindle spindle

     

       32
       +
       RUN openssl rand -hex 16 | passwd --stdin spindle

     

       33
       +
       RUN mkdir -p /home/spindle/repositories && chown -R spindle:spindle /home/spindle

     

       34
       +
       COPY --from=builder /usr/bin/spindle /usr/bin

     

       35
       +
       RUN mkdir /app && chown -R spindle:spindle /app

     

       36
        
       

     

       37
        
       HEALTHCHECK --interval=60s --timeout=30s --start-period=5s --retries=3 \

     

       38
       +
           CMD curl -f http://localhost:${PORT} || exit 1

     

       39
        
       

     

       40
        
       ENTRYPOINT ["/init"]

+15 -15

docker-compose.yml

···

       1
        
       services:

     

       2
       -
         knot:

     

       3
        
           build:

     

       4
        
             context: .

     

       5
        
             args:

     

       6
        
               UID: 1000

     

       7
        
               GID: 1000

     

       0
        
       
     

       8
        
           environment:

     

       9
       -
             KNOT_SERVER_HOSTNAME: ${KNOT_SERVER_HOSTNAME}

     

       10
       -
             KNOT_SERVER_OWNER: ${KNOT_SERVER_OWNER}

     

       11
       -
             KNOT_SERVER_DB_PATH: /app/knotserver.db

     

       12
       -
             KNOT_REPO_SCAN_PATH: /home/git/repositories

     

       13
       -
             KNOT_SERVER_INTERNAL_LISTEN_ADDR: localhost:5444

     

       0
        
       
     

       14
        
           volumes:

     

       15
       -
             - ./keys:/etc/ssh/keys

     

       16
       -
             - ./repositories:/home/git/repositories

     

       17
        
             - ./server:/app

     

       0
        
       
     

       18
        
           ports:

     

       19
       -
             - "5555:5555"

     

       20
       -
             - "2222:22"

     

       21
        
           restart: always

     

       22
        
         frontend:

     

       23
        
           image: caddy:alpine

     

       24
        
           command: >

     

       25
        
             caddy

     

       26
        
             reverse-proxy

     

       27
       -
             --from ${KNOT_SERVER_HOSTNAME}

     

       28
       -
             --to knot:5555

     

       29
        
           depends_on:

     

       30
       -
             - knot

     

       31
        
           ports:

     

       32
       -
             - ${KNOT_SERVER_PORT:-443}:443

     

       33
       -
             - ${KNOT_SERVER_PORT:-443}:443/udp

     

       34
        
           volumes:

     

       35
        
             - ./caddy_data:/data

     

       36
        
           restart: always

···

       1
        
       services:

     

       2
       +
         spindle:

     

       3
        
           build:

     

       4
        
             context: .

     

       5
        
             args:

     

       6
        
               UID: 1000

     

       7
        
               GID: 1000

     

       8
       +
               PORT: ${INTERNAL_PORT:-6555}

     

       9
        
           environment:

     

       10
       +
             SPINDLE_SERVER_HOSTNAME: ${SPINDLE_SERVER_HOSTNAME}

     

       11
       +
             SPINDLE_SERVER_OWNER: ${SPINDLE_SERVER_OWNER}

     

       12
       +
             SPINDLE_SERVER_DB_PATH: /app/spindle.db

     

       13
       +
             SPINDLE_SERVER_LISTEN_ADDR: localhost:6555

     

       14
       +
             SPINDLE_PIPELINES_LOG_DIR: /var/log/spindle

     

       15
       +
             PORT: ${INTERNAL_PORT:-6555}

     

       16
        
           volumes:

     

       0
        
       
     

       0
        
       
     

       17
        
             - ./server:/app

     

       18
       +
             - /var/run/docker.sock:/var/run/docker.sock

     

       19
        
           ports:

     

       20
       +
             - "${INTERNAL_PORT:-6555}:${INTERNAL_PORT:-6555}"

     

       0
        
       
     

       21
        
           restart: always

     

       22
        
         frontend:

     

       23
        
           image: caddy:alpine

     

       24
        
           command: >

     

       25
        
             caddy

     

       26
        
             reverse-proxy

     

       27
       +
             --from ${SPINDLE_SERVER_HOSTNAME}

     

       28
       +
             --to spindle:6555

     

       29
        
           depends_on:

     

       30
       +
             - spindle

     

       31
        
           ports:

     

       32
       +
             - ${SPINDLE_SERVER_PORT:-443}:443

     

       33
       +
             - ${SPINDLE_SERVER_PORT:-443}:443/udp

     

       34
        
           volumes:

     

       35
        
             - ./caddy_data:/data

     

       36
        
           restart: always

-1

rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/type

···

       1
       -
       oneshot

···

       0

-1

rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/up

···

       1
       -
       /etc/s6-overlay/scripts/create-sshd-host-keys

···

       0

rootfs/etc/s6-overlay/s6-rc.d/knotserver/dependencies.d/base

This is a binary file and will not be displayed.

-3

rootfs/etc/s6-overlay/s6-rc.d/knotserver/run

···

       1
       -
       #!/command/with-contenv ash

     

       2
       -
       

     

       3
       -
       exec s6-setuidgid git /usr/bin/knot server

-1

rootfs/etc/s6-overlay/s6-rc.d/knotserver/type

···

       1
       -
       longrun

···

       0

rootfs/etc/s6-overlay/s6-rc.d/spindleserver/dependencies.d/base

This is a binary file and will not be displayed.

+3

rootfs/etc/s6-overlay/s6-rc.d/spindleserver/run

···

       1
       +
       #!/command/with-contenv ash

     

       2
       +
       

     

       3
       +
       exec s6-setuidgid spindle /usr/bin/spindle server

+1

rootfs/etc/s6-overlay/s6-rc.d/spindleserver/type

···

       0

···

       1
       +
       longrun

rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/base

This is a binary file and will not be displayed.

rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/create-sshd-host-keys

This is a binary file and will not be displayed.

-3

rootfs/etc/s6-overlay/s6-rc.d/sshd/run

···

       1
       -
       #!/usr/bin/execlineb -P

     

       2
       -
       

     

       3
       -
       /usr/sbin/sshd -e -D

-1

rootfs/etc/s6-overlay/s6-rc.d/sshd/type

···

       1
       -
       longrun

···

       0

rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/knotserver

This is a binary file and will not be displayed.

rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/spindleserver

This is a binary file and will not be displayed.

rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/sshd

This is a binary file and will not be displayed.

-21

rootfs/etc/s6-overlay/scripts/create-sshd-host-keys

···

       1
       -
       #!/usr/bin/execlineb -P

     

       2
       -
       

     

       3
       -
       foreground {

     

       4
       -
         if -n { test -d /etc/ssh/keys }

     

       5
       -
         mkdir /etc/ssh/keys

     

       6
       -
       }

     

       7
       -
       

     

       8
       -
       foreground {

     

       9
       -
         if -n { test -f /etc/ssh/keys/ssh_host_rsa_key }

     

       10
       -
         ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_rsa_key -q -N ""

     

       11
       -
       }

     

       12
       -
       

     

       13
       -
       foreground {

     

       14
       -
         if -n { test -f /etc/ssh/keys/ssh_host_ecdsa_key }

     

       15
       -
         ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ecdsa_key -q -N ""

     

       16
       -
       }

     

       17
       -
       

     

       18
       -
       foreground {

     

       19
       -
         if -n { test -f /etc/ssh/keys/ssh_host_ed25519_key }

     

       20
       -
         ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ed25519_key -q -N ""

     

       21
       -
       }

-8

rootfs/etc/s6-overlay/scripts/keys-wrapper

···

       1
       -
       #!/bin/sh

     

       2
       -
       

     

       3
       -
       # Execute the knot keys command with proper shell context

     

       4
       -
       exec /bin/sh -c '/usr/bin/knot keys -output authorized-keys \

     

       5
       -
           -internal-api "http://${KNOT_SERVER_INTERNAL_LISTEN_ADDR:-localhost:5444}" \

     

       6
       -
           -git-dir "${KNOT_REPO_SCAN_PATH:-/home/git/repositories}" \

     

       7
       -
           -log-path "/tmp/knotguard.log"'

     

       8
       -

-3

rootfs/etc/ssh/sshd_config.d/authorized_keys_command.conf

···

       1
       -
       Match User git

     

       2
       -
         AuthorizedKeysCommand /usr/bin/knot keys -o authorized-keys -git-dir /home/git/repositories

     

       3
       -
         AuthorizedKeysCommandUser nobody

-9

rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf

···

       1
       -
       HostKey /etc/ssh/keys/ssh_host_rsa_key

     

       2
       -
       HostKey /etc/ssh/keys/ssh_host_ecdsa_key

     

       3
       -
       HostKey /etc/ssh/keys/ssh_host_ed25519_key

     

       4
       -
       

     

       5
       -
       PasswordAuthentication no

     

       6
       -
       

     

       7
       -
       Match User git

     

       8
       -
         AuthorizedKeysCommand /etc/s6-overlay/scripts/keys-wrapper

     

       9
       -
         AuthorizedKeysCommandUser nobody

Compare changes