commit a160282676284b7e0a1ce9bee73f6776081ff269 · sachy.dev/knot-spindle-docker

+70

Dockerfile

···

       1
       +
       FROM golang:1.25-alpine AS builder

     

       2
       +
       ENV KNOT_REPO_SCAN_PATH=/home/git/repositories

     

       3
       +
       ENV CGO_ENABLED=1

     

       4
       +
       

     

       5
       +
       ARG TAG='v1.11.0-alpha'

     

       6
       +
       

     

       7
       +
       WORKDIR /app

     

       8
       +
       RUN apk add git gcc musl-dev

     

       9
       +
       RUN git clone -b ${TAG} https://tangled.org/tangled.org/core .

     

       10
       +
       

     

       11
       +
       FROM builder AS build-knot

     

       12
       +
       RUN go build -o /usr/bin/knot -ldflags '-s -w -extldflags "-static"' ./cmd/knot

     

       13
       +
       

     

       14
       +
       FROM builder AS build-spindle

     

       15
       +
       RUN go build -o /usr/bin/spindle -ldflags '-s -w -extldflags "-static"' ./cmd/spindle

     

       16
       +
       

     

       17
       +
       FROM alpine:edge AS knot

     

       18
       +
       EXPOSE 5555

     

       19
       +
       EXPOSE 22

     

       20
       +
       

     

       21
       +
       LABEL org.opencontainers.image.title='knot'

     

       22
       +
       LABEL org.opencontainers.image.description='data server for tangled'

     

       23
       +
       LABEL org.opencontainers.image.source='https://tangled.org/sachy.dev/knot-spindle-docker'

     

       24
       +
       LABEL org.opencontainers.image.url='https://tangled.org'

     

       25
       +
       LABEL org.opencontainers.image.vendor='tangled.org'

     

       26
       +
       LABEL org.opencontainers.image.licenses='MIT'

     

       27
       +
       

     

       28
       +
       ARG UID=1000

     

       29
       +
       ARG GID=1000

     

       30
       +
       

     

       31
       +
       COPY rootfs .

     

       32
       +
       RUN chmod 755 /etc

     

       33
       +
       RUN chmod -R 755 /etc/s6-overlay

     

       34
       +
       RUN apk add shadow s6-overlay execline openssl openssh git curl bash

     

       35
       +
       RUN groupadd -g $GID -f git

     

       36
       +
       RUN useradd -u $UID -g $GID -d /home/git git

     

       37
       +
       RUN openssl rand -hex 16 | passwd --stdin git

     

       38
       +
       RUN mkdir -p /home/git/repositories && chown -R git:git /home/git

     

       39
       +
       COPY --from=build-knot /usr/bin/knot /usr/bin

     

       40
       +
       RUN mkdir /app && chown -R git:git /app

     

       41
       +
       

     

       42
       +
       HEALTHCHECK --interval=60s --timeout=30s --start-period=5s --retries=3 \

     

       43
       +
           CMD curl -f http://localhost:5555 || exit 1

     

       44
       +
       

     

       45
       +
       ENTRYPOINT ["/init"]

     

       46
       +
       

     

       47
       +
       FROM alpine:edge AS spindle

     

       48
       +
       

     

       49
       +
       EXPOSE 6555

     

       50
       +
       

     

       51
       +
       LABEL org.opencontainers.image.title="spindle"

     

       52
       +
       LABEL org.opencontainers.image.description="ci server for tangled"

     

       53
       +
       LABEL org.opencontainers.image.source="https://tangled.org/sachy.dev/knot-spindle-docker"

     

       54
       +
       LABEL org.opencontainers.image.url="https://tangled.org"

     

       55
       +
       LABEL org.opencontainers.image.vendor="tangled.org"

     

       56
       +
       LABEL org.opencontainers.image.licenses="MIT"

     

       57
       +
       

     

       58
       +
       ARG UID=1000

     

       59
       +
       ARG GID=1000

     

       60
       +
       

     

       61
       +
       RUN adduser --system --uid $UID spindle

     

       62
       +
       RUN addgroup --system --gid $UID spindle

     

       63
       +
       RUN mkdir -p /app && chown -R spindle:spindle /app

     

       64
       +
       COPY --from=build-spindle /usr/bin/spindle /usr/bin

     

       65
       +
       

     

       66
       +
       WORKDIR /app

     

       67
       +
       CMD ["spindle"]

     

       68
       +
       VOLUME ["/app"]

     

       69
       +
       HEALTHCHECK --interval=60s --timeout=30s --start-period=5s --retries=3 \

     

       70
       +
           CMD curl -f http://localhost:6555 || exit 1

+21

LICENSE-MIT

···

       1
       +
       MIT License

     

       2
       +
       

     

       3
       +
       Copyright (c) 2025 Sachy.dev

     

       4
       +
       

     

       5
       +
       Permission is hereby granted, free of charge, to any person obtaining a copy

     

       6
       +
       of this software and associated documentation files (the "Software"), to deal

     

       7
       +
       in the Software without restriction, including without limitation the rights

     

       8
       +
       to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

     

       9
       +
       copies of the Software, and to permit persons to whom the Software is

     

       10
       +
       furnished to do so, subject to the following conditions:

     

       11
       +
       

     

       12
       +
       The above copyright notice and this permission notice shall be included in all

     

       13
       +
       copies or substantial portions of the Software.

     

       14
       +
       

     

       15
       +
       THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

     

       16
       +
       IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

     

       17
       +
       FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

     

       18
       +
       AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

     

       19
       +
       LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

     

       20
       +
       OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

     

       21
       +
       SOFTWARE.

+5

README.md

···

       1
       +
       # Sachy's Knot/Spindle Docker images

     

       2
       +
       

     

       3
       +
       More info TBA

     

       4
       +
       

     

       5
       +
       Licensed under MIT

+49

docker-bake.hcl

···

       1
       +
       variable "UID" {

     

       2
       +
         default = "1000"

     

       3
       +
       }

     

       4
       +
       

     

       5
       +
       variable "GID" {

     

       6
       +
         default = "1000"

     

       7
       +
       }

     

       8
       +
       

     

       9
       +
       group "edge" {

     

       10
       +
         targets = ["knot-edge", "spindle-edge"]

     

       11
       +
       }

     

       12
       +
       

     

       13
       +
       target "knot-edge" {

     

       14
       +
         context = "."

     

       15
       +
         target = "knot"

     

       16
       +
         args = {

     

       17
       +
           TAG = "master"

     

       18
       +
           UID = UID

     

       19
       +
           GID = GID

     

       20
       +
         }

     

       21
       +
         tags = ["sachymetsu/knot:edge"]

     

       22
       +
       }

     

       23
       +
       

     

       24
       +
       target "spindle-edge" {

     

       25
       +
         context = "."

     

       26
       +
         target = "spindle"

     

       27
       +
         args = {

     

       28
       +
           TAG = "master"

     

       29
       +
           UID = UID

     

       30
       +
           GID = GID

     

       31
       +
         }

     

       32
       +
         tags = ["sachymetsu/spindle:edge"]

     

       33
       +
       }

     

       34
       +
       

     

       35
       +
       target "latest" {

     

       36
       +
         name = "${APP}-${replace(TAG, ".", "-")}"

     

       37
       +
         context = "."

     

       38
       +
         matrix = {

     

       39
       +
           APP = ["knot", "spindle"]

     

       40
       +
           TAG = ["v1.11.0-alpha"]

     

       41
       +
         }

     

       42
       +
         target = "${APP}"

     

       43
       +
         args = {

     

       44
       +
           TAG = "${TAG}"

     

       45
       +
           UID = UID

     

       46
       +
           GID = GID

     

       47
       +
         }

     

       48
       +
         tags = ["sachymetsu/${APP}:${TAG}"]

     

       49
       +
       }

+1

rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/type

···

       0

···

       1
       +
       oneshot

+1

rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/up

···

       0

···

       1
       +
       /etc/s6-overlay/scripts/create-sshd-host-keys

rootfs/etc/s6-overlay/s6-rc.d/knotserver/dependencies.d/base

This is a binary file and will not be displayed.

+3

rootfs/etc/s6-overlay/s6-rc.d/knotserver/run

···

       1
       +
       #!/command/with-contenv ash

     

       2
       +
       

     

       3
       +
       exec s6-setuidgid git /usr/bin/knot server

+1

rootfs/etc/s6-overlay/s6-rc.d/knotserver/type

···

       0

···

       1
       +
       longrun

rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/base

This is a binary file and will not be displayed.

rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/create-sshd-host-keys

This is a binary file and will not be displayed.

+3

rootfs/etc/s6-overlay/s6-rc.d/sshd/run

···

       1
       +
       #!/usr/bin/execlineb -P

     

       2
       +
       

     

       3
       +
       /usr/sbin/sshd -e -D

+1

rootfs/etc/s6-overlay/s6-rc.d/sshd/type

···

       0

···

       1
       +
       longrun

rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/knotserver

This is a binary file and will not be displayed.

rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/sshd

This is a binary file and will not be displayed.

+21

rootfs/etc/s6-overlay/scripts/create-sshd-host-keys

···

       1
       +
       #!/usr/bin/execlineb -P

     

       2
       +
       

     

       3
       +
       foreground {

     

       4
       +
         if -n { test -d /etc/ssh/keys }

     

       5
       +
         mkdir /etc/ssh/keys

     

       6
       +
       }

     

       7
       +
       

     

       8
       +
       foreground {

     

       9
       +
         if -n { test -f /etc/ssh/keys/ssh_host_rsa_key }

     

       10
       +
         ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_rsa_key -q -N ""

     

       11
       +
       }

     

       12
       +
       

     

       13
       +
       foreground {

     

       14
       +
         if -n { test -f /etc/ssh/keys/ssh_host_ecdsa_key }

     

       15
       +
         ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ecdsa_key -q -N ""

     

       16
       +
       }

     

       17
       +
       

     

       18
       +
       foreground {

     

       19
       +
         if -n { test -f /etc/ssh/keys/ssh_host_ed25519_key }

     

       20
       +
         ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ed25519_key -q -N ""

     

       21
       +
       }

+8

rootfs/etc/s6-overlay/scripts/keys-wrapper

···

       1
       +
       #!/bin/sh

     

       2
       +
       

     

       3
       +
       # Execute the knot keys command with proper shell context

     

       4
       +
       exec /bin/sh -c '/usr/bin/knot keys -output authorized-keys \

     

       5
       +
           -internal-api "http://${KNOT_SERVER_INTERNAL_LISTEN_ADDR:-localhost:5444}" \

     

       6
       +
           -git-dir "${KNOT_REPO_SCAN_PATH:-/home/git/repositories}" \

     

       7
       +
           -log-path "/tmp/knotguard.log"'

     

       8
       +

+3

rootfs/etc/ssh/sshd_config.d/authorized_keys_command.conf

···

       1
       +
       Match User git

     

       2
       +
         AuthorizedKeysCommand /usr/bin/knot keys -o authorized-keys -git-dir /home/git/repositories

     

       3
       +
         AuthorizedKeysCommandUser nobody

+9

rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf

···

       1
       +
       HostKey /etc/ssh/keys/ssh_host_rsa_key

     

       2
       +
       HostKey /etc/ssh/keys/ssh_host_ecdsa_key

     

       3
       +
       HostKey /etc/ssh/keys/ssh_host_ed25519_key

     

       4
       +
       

     

       5
       +
       PasswordAuthentication no

     

       6
       +
       

     

       7
       +
       Match User git

     

       8
       +
         AuthorizedKeysCommand /etc/s6-overlay/scripts/keys-wrapper

     

       9
       +
         AuthorizedKeysCommandUser nobody