docker: fix config #198

closed

opened by

knotbin.com 6 months ago targeting master from [deleted fork]: fix-docker

(i be traumatized) fixes knotguard options, along with some more config improvements and fixes in docker compose and dockerfile

options

unified split

Changed files

+11 -8

docker

Dockerfile

docker-compose.yml

rootfs

etc

ssh

sshd_config.d

tangled_sshd.conf

guard

guard.go

keyfetch

keyfetch.go

+2 -1

docker/Dockerfile

···

       1
       1
        
       FROM docker.io/golang:1.24-alpine3.21 AS build

     

       2
       2
        
       

     

       3
       3
        
       ENV CGO_ENABLED=1

     

       4
       4
       +
       ENV KNOT_REPO_SCAN_PATH=/home/git/repositories

     

       4
       5
        
       WORKDIR /usr/src/app

     

       5
       6
        
       COPY go.mod go.sum ./

     

       6
       7
        
       

     
···

       34
       35
        
       EXPOSE 22

     

       35
       36
        
       EXPOSE 5555

     

       36
       37
        
       

     

       37
       37
       -
       ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown git:git /home/git/repositories && /init"]

     

       38
       38
       +
       ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown -R git:git \"$KNOT_REPO_SCAN_PATH\" && /init"]

+6 -4

docker/docker-compose.yml

···

       8
       8
        
             KNOT_SERVER_SECRET: ${KNOT_SERVER_SECRET}

     

       9
       9
        
             KNOT_SERVER_DB_PATH: "/app/knotserver.db"

     

       10
       10
        
             KNOT_REPO_SCAN_PATH: "/home/git/repositories"

     

       11
       11
       +
             KNOT_SERVER_INTERNAL_LISTEN_ADDR: "localhost:5444"

     

       11
       12
        
           volumes:

     

       12
       13
        
             - "./keys:/etc/ssh/keys"

     

       13
       14
        
             - "./repositories:/home/git/repositories"

     

       14
       15
        
             - "./server:/app"

     

       15
       16
        
           ports:

     

       17
       17
       +
             - "5555:5555"

     

       16
       18
        
             - "2222:22"

     

       19
       19
       +
           restart: always

     

       17
       20
        
         frontend:

     

       18
       21
        
           image: caddy:2-alpine

     

       19
       22
        
           command: >

     
···

       24
       27
        
           depends_on:

     

       25
       28
        
             - knot

     

       26
       29
        
           ports:

     

       27
       27
       -
             - "443:443"

     

       28
       28
       -
             - "443:443/udp"

     

       30
       30
       +
             - "${KNOT_SERVER_PORT:-443}:443"

     

       31
       31
       +
             - "${KNOT_SERVER_PORT:-443}:443/udp"

     

       29
       32
        
           volumes:

     

       30
       33
        
             - caddy_data:/data

     

       31
       34
        
           restart: always

     

       32
       32
       -
       volumes:

     

       33
       33
       -
         caddy_data:

     

       35
       35
       +
           profiles: ["caddy"]

+1 -1

docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf

···

       5
       5
        
       PasswordAuthentication no

     

       6
       6
        
       

     

       7
       7
        
       Match User git

     

       8
       8
       -
         AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized-keys

     

       8
       8
       +
         AuthorizedKeysCommand /usr/local/bin/knot keys -output authorized-keys -internal-api http://$(echo ${KNOT_SERVER_INTERNAL_LISTEN_ADDR:-localhost:5444}) -git-dir ${KNOT_REPO_SCAN_PATH:-/home/git/repositories} -log-path /tmp/knotguard.log

     

       9
       9
        
         AuthorizedKeysCommandUser nobody

+1 -1

guard/guard.go

···

       40
       40
        
       			&cli.StringFlag{

     

       41
       41
        
       				Name:  "internal-api",

     

       42
       42
        
       				Usage: "internal API endpoint",

     

       43
       43
       -
       				Value: "http://localhost:5444",

     

       43
       43
       +
       				Value: "http://localhost:5555",

     

       44
       44
        
       			},

     

       45
       45
        
       		},

     

       46
       46
        
       	}

+1 -1

keyfetch/keyfetch.go

···

       28
       28
        
       			&cli.StringFlag{

     

       29
       29
        
       				Name:  "internal-api",

     

       30
       30
        
       				Usage: "internal API endpoint",

     

       31
       31
       -
       				Value: "http://localhost:5444",

     

       31
       31
       +
       				Value: "http://127.0.0.1:5444",

     

       32
       32
        
       			},

     

       33
       33
        
       			&cli.StringFlag{

     

       34
       34
        
       				Name:  "git-dir",