From 4ad48896baaa112125bbeaf77f727f0985f78288 Mon Sep 17 00:00:00 2001
From: hanna <me@hanna.lol>
Date: Fri, 30 May 2025 15:50:23 -0400
Subject: [PATCH] docker: update to unified binary deployment

---
 docker/Dockerfile                             | 25 +++++--------------
 .../etc/s6-overlay/s6-rc.d/knotserver/run     |  2 +-
 .../etc/ssh/sshd_config.d/tangled_sshd.conf   |  2 +-
 3 files changed, 8 insertions(+), 21 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 2c9c1a2..891e68f 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,25 +1,17 @@
 FROM docker.io/golang:1.24-alpine3.21 AS build
 
 ENV CGO_ENABLED=1
-
-RUN apk add --no-cache gcc musl-dev
-
 WORKDIR /usr/src/app
-
 COPY go.mod go.sum ./
+
+RUN apk add --no-cache gcc musl-dev
 RUN go mod download
 
 COPY . .
 RUN go build -v \
-    -o /usr/local/bin/knotserver \
+    -o /usr/local/bin/knot \
     -ldflags='-s -w -extldflags "-static"' \
-    ./cmd/knotserver && \
-    go build -v \
-    -o /usr/local/bin/keyfetch \
-    ./cmd/keyfetch && \
-    go build -v \
-    -o /usr/local/bin/repoguard \
-    ./cmd/repoguard
+    ./cmd/knot
 
 FROM docker.io/alpine:3.21
 
@@ -36,15 +28,10 @@ RUN apk add --no-cache shadow s6-overlay execline openssh git && \
     head -c 32 /dev/random | base64 | tr -dc 'a-zA-Z0-9' | passwd git --stdin && \
     mkdir /app && mkdir /home/git/repositories
 
-COPY --from=build /usr/local/bin/knotserver /usr/local/bin
-COPY --from=build /usr/local/bin/keyfetch /usr/local/libexec/tangled-keyfetch
-COPY --from=build /usr/local/bin/repoguard /home/git/repoguard
+COPY --from=build /usr/local/bin/knot /usr/local/bin
 COPY docker/rootfs/ .
 
-RUN chown root:root /usr/local/libexec/tangled-keyfetch && \
-    chmod 755 /usr/local/libexec/tangled-keyfetch
-
 EXPOSE 22
 EXPOSE 5555
 
-ENTRYPOINT ["/bin/sh", "-c", "chown git:git /home/git/repoguard && chown git:git /app && chown git:git /home/git/repositories && /init"]
+ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown git:git /home/git/repositories && /init"]
diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/knotserver/run b/docker/rootfs/etc/s6-overlay/s6-rc.d/knotserver/run
index d1e492e..3d5ecf1 100755
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/knotserver/run
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/knotserver/run
@@ -1,3 +1,3 @@
 #!/command/with-contenv ash
 
-exec s6-setuidgid git /usr/local/bin/knotserver
+exec s6-setuidgid git /usr/local/bin/knot server
diff --git a/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf b/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
index d41844a..b6366de 100644
--- a/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
+++ b/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
@@ -5,5 +5,5 @@ HostKey /etc/ssh/keys/ssh_host_ed25519_key
 PasswordAuthentication no
 
 Match User git
-  AuthorizedKeysCommand /usr/local/libexec/tangled-keyfetch -git-dir /home/git/repositories
+  AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized_keys
   AuthorizedKeysCommandUser nobody
-- 
2.43.0


From ba36e70d11a8d9f359153b72563223596b688f18 Mon Sep 17 00:00:00 2001
From: Roscoe Rubin-Rottenberg <roscoe@knotbin.xyz>
Date: Sat, 31 May 2025 19:53:19 -0400
Subject: [PATCH] port env var

---
 docker/docker-compose.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 7a1ad94..e6e0e23 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -24,8 +24,8 @@ services:
     depends_on:
       - knot
     ports:
-      - "443:443"
-      - "443:443/udp"
+      - "${KNOT_SERVER_PORT:-443}:443"
+      - "${KNOT_SERVER_PORT:-443}:443/udp"
     volumes:
       - caddy_data:/data
     restart: always
-- 
2.43.0


From ee4f170177bd976b1a619a49383b8c50139160ae Mon Sep 17 00:00:00 2001
From: Roscoe Rubin-Rottenberg <roscoe@knotbin.xyz>
Date: Sat, 31 May 2025 20:19:52 -0400
Subject: [PATCH] Update docker-compose.yml

---
 docker/docker-compose.yml | 18 +-----------------
 1 file changed, 1 insertion(+), 17 deletions(-)

diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index e6e0e23..7a078bf 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -14,20 +14,4 @@ services:
       - "./server:/app"
     ports:
       - "2222:22"
-  frontend:
-    image: caddy:2-alpine
-    command: >
-      caddy
-      reverse-proxy
-      --from ${KNOT_SERVER_HOSTNAME}
-      --to knot:5555
-    depends_on:
-      - knot
-    ports:
-      - "${KNOT_SERVER_PORT:-443}:443"
-      - "${KNOT_SERVER_PORT:-443}:443/udp"
-    volumes:
-      - caddy_data:/data
-    restart: always
-volumes:
-  caddy_data:
+      - "5555:5555"
-- 
2.43.0


From 73dfa54c45d4ce8459767e9ad595e76f6ab89c91 Mon Sep 17 00:00:00 2001
From: Roscoe Rubin-Rottenberg <roscoe@knotbin.xyz>
Date: Sat, 31 May 2025 23:42:34 -0400
Subject: [PATCH] Revert "Update docker-compose.yml"

This reverts commit ee4f170177bd976b1a619a49383b8c50139160ae.
---
 docker/docker-compose.yml | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 7a078bf..e6e0e23 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -14,4 +14,20 @@ services:
       - "./server:/app"
     ports:
       - "2222:22"
-      - "5555:5555"
+  frontend:
+    image: caddy:2-alpine
+    command: >
+      caddy
+      reverse-proxy
+      --from ${KNOT_SERVER_HOSTNAME}
+      --to knot:5555
+    depends_on:
+      - knot
+    ports:
+      - "${KNOT_SERVER_PORT:-443}:443"
+      - "${KNOT_SERVER_PORT:-443}:443/udp"
+    volumes:
+      - caddy_data:/data
+    restart: always
+volumes:
+  caddy_data:
-- 
2.43.0


From 2df99324979c41911ce26c5f25962b3ac7313b92 Mon Sep 17 00:00:00 2001
From: Roscoe Rubin-Rottenberg <roscoe@knotbin.xyz>
Date: Sun, 1 Jun 2025 00:05:58 -0400
Subject: [PATCH] Update docker-compose.yml

---
 docker/docker-compose.yml | 17 +----------------
 1 file changed, 1 insertion(+), 16 deletions(-)

diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index e6e0e23..351c966 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -13,21 +13,6 @@ services:
       - "./repositories:/home/git/repositories"
       - "./server:/app"
     ports:
+      - "5555:5555"
       - "2222:22"
-  frontend:
-    image: caddy:2-alpine
-    command: >
-      caddy
-      reverse-proxy
-      --from ${KNOT_SERVER_HOSTNAME}
-      --to knot:5555
-    depends_on:
-      - knot
-    ports:
-      - "${KNOT_SERVER_PORT:-443}:443"
-      - "${KNOT_SERVER_PORT:-443}:443/udp"
-    volumes:
-      - caddy_data:/data
     restart: always
-volumes:
-  caddy_data:
-- 
2.43.0


From 17b1f0b5c946d958c978489bc96bd36738b8e127 Mon Sep 17 00:00:00 2001
From: Roscoe Rubin-Rottenberg <roscoe@knotbin.xyz>
Date: Sun, 1 Jun 2025 01:38:51 -0400
Subject: [PATCH] Update tangled_sshd.conf

---
 docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf b/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
index b6366de..b25fbe5 100644
--- a/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
+++ b/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
@@ -5,5 +5,5 @@ HostKey /etc/ssh/keys/ssh_host_ed25519_key
 PasswordAuthentication no
 
 Match User git
-  AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized_keys
+  AuthorizedKeysCommand /usr/local/bin/knot keys authorized_keys
   AuthorizedKeysCommandUser nobody
-- 
2.43.0


From 0cccf0c3b16e594e23a1cb6a0a6103746ec219a4 Mon Sep 17 00:00:00 2001
From: Roscoe Rubin-Rottenberg <roscoe@knotbin.xyz>
Date: Sun, 1 Jun 2025 02:14:46 -0400
Subject: [PATCH] Update tangled_sshd.conf

---
 docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf b/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
index b25fbe5..b6366de 100644
--- a/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
+++ b/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
@@ -5,5 +5,5 @@ HostKey /etc/ssh/keys/ssh_host_ed25519_key
 PasswordAuthentication no
 
 Match User git
-  AuthorizedKeysCommand /usr/local/bin/knot keys authorized_keys
+  AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized_keys
   AuthorizedKeysCommandUser nobody
-- 
2.43.0


From c2c66e3e84dec28433c153eb36b05bba87ff5801 Mon Sep 17 00:00:00 2001
From: Roscoe Rubin-Rottenberg <roscoe@knotbin.xyz>
Date: Sun, 1 Jun 2025 02:31:31 -0400
Subject: [PATCH] Update tangled_sshd.conf

---
 docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf b/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
index b6366de..f09360e 100644
--- a/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
+++ b/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
@@ -5,5 +5,5 @@ HostKey /etc/ssh/keys/ssh_host_ed25519_key
 PasswordAuthentication no
 
 Match User git
-  AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized_keys
+  AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized-keys
   AuthorizedKeysCommandUser nobody
-- 
2.43.0


From 7a082c7ad61c20a7491576fc44bb7417525b7a8d Mon Sep 17 00:00:00 2001
From: Roscoe Rubin-Rottenberg <roscoe@knotbin.xyz>
Date: Sun, 1 Jun 2025 03:29:50 -0400
Subject: [PATCH] is this anything

---
 guard/guard.go       | 2 +-
 keyfetch/keyfetch.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/guard/guard.go b/guard/guard.go
index 2e40ca9..d7db225 100644
--- a/guard/guard.go
+++ b/guard/guard.go
@@ -40,7 +40,7 @@ func Command() *cli.Command {
 			&cli.StringFlag{
 				Name:  "internal-api",
 				Usage: "internal API endpoint",
-				Value: "http://localhost:5444",
+				Value: "http://localhost:5555",
 			},
 		},
 	}
diff --git a/keyfetch/keyfetch.go b/keyfetch/keyfetch.go
index 6e7e4bc..a50bdb7 100644
--- a/keyfetch/keyfetch.go
+++ b/keyfetch/keyfetch.go
@@ -28,7 +28,7 @@ func Command() *cli.Command {
 			&cli.StringFlag{
 				Name:  "internal-api",
 				Usage: "internal API endpoint",
-				Value: "http://localhost:5444",
+				Value: "http://127.0.0.1:5444",
 			},
 			&cli.StringFlag{
 				Name:  "git-dir",
-- 
2.43.0


From 6720f04592cead0a9ab51c1c40f3e7e58c880c12 Mon Sep 17 00:00:00 2001
From: Roscoe Rubin-Rottenberg <roscoe@knotbin.xyz>
Date: Sun, 1 Jun 2025 03:38:16 -0400
Subject: [PATCH] is THIS anything

---
 docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf b/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
index f09360e..489185a 100644
--- a/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
+++ b/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
@@ -5,5 +5,5 @@ HostKey /etc/ssh/keys/ssh_host_ed25519_key
 PasswordAuthentication no
 
 Match User git
-  AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized-keys
+  AuthorizedKeysCommand /usr/local/bin/knot keys -output authorized-keys -internal-api http://localhost:5444 -git-dir /home/git/repositories -log-path /tmp/knotguard.log
   AuthorizedKeysCommandUser nobody
-- 
2.43.0


From 4abb37fa4a4a9a1adfb837f5026d02bd81e5687a Mon Sep 17 00:00:00 2001
From: Roscoe Rubin-Rottenberg <roscoe@knotbin.xyz>
Date: Sun, 1 Jun 2025 03:51:15 -0400
Subject: [PATCH] optional caddy

---
 docker/Dockerfile                               |  3 ++-
 docker/docker-compose.yml                       | 17 +++++++++++++++++
 .../etc/ssh/sshd_config.d/tangled_sshd.conf     |  2 +-
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 891e68f..9990431 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,6 +1,7 @@
 FROM docker.io/golang:1.24-alpine3.21 AS build
 
 ENV CGO_ENABLED=1
+ENV KNOT_REPO_SCAN_PATH=/home/git/repositories
 WORKDIR /usr/src/app
 COPY go.mod go.sum ./
 
@@ -34,4 +35,4 @@ COPY docker/rootfs/ .
 EXPOSE 22
 EXPOSE 5555
 
-ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown git:git /home/git/repositories && /init"]
+ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown -R git:git \"$KNOT_REPO_SCAN_PATH\" && /init"]
\ No newline at end of file
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 351c966..0041415 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -8,6 +8,7 @@ services:
       KNOT_SERVER_SECRET: ${KNOT_SERVER_SECRET}
       KNOT_SERVER_DB_PATH: "/app/knotserver.db"
       KNOT_REPO_SCAN_PATH: "/home/git/repositories"
+      KNOT_SERVER_INTERNAL_LISTEN_ADDR: "localhost:5444"
     volumes:
       - "./keys:/etc/ssh/keys"
       - "./repositories:/home/git/repositories"
@@ -16,3 +17,19 @@ services:
       - "5555:5555"
       - "2222:22"
     restart: always
+  frontend:
+    image: caddy:2-alpine
+    command: >
+      caddy
+      reverse-proxy
+      --from ${KNOT_SERVER_HOSTNAME}
+      --to knot:5555
+    depends_on:
+      - knot
+    ports:
+      - "${KNOT_SERVER_PORT:-443}:443"
+      - "${KNOT_SERVER_PORT:-443}:443/udp"
+    volumes:
+      - caddy_data:/data
+    restart: always
+    profiles: ["caddy"]
diff --git a/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf b/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
index 489185a..7ad384f 100644
--- a/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
+++ b/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
@@ -5,5 +5,5 @@ HostKey /etc/ssh/keys/ssh_host_ed25519_key
 PasswordAuthentication no
 
 Match User git
-  AuthorizedKeysCommand /usr/local/bin/knot keys -output authorized-keys -internal-api http://localhost:5444 -git-dir /home/git/repositories -log-path /tmp/knotguard.log
+  AuthorizedKeysCommand /usr/local/bin/knot keys -output authorized-keys -internal-api http://$(echo ${KNOT_SERVER_INTERNAL_LISTEN_ADDR:-localhost:5444}) -git-dir ${KNOT_REPO_SCAN_PATH:-/home/git/repositories} -log-path /tmp/knotguard.log
   AuthorizedKeysCommandUser nobody
-- 
2.43.0