From 46f923721d0e5bba655af3e6e79f90c0dcade628 Mon Sep 17 00:00:00 2001
From: Roscoe Rubin-Rottenberg <roscoe@knotbin.xyz>
Date: Sun, 1 Jun 2025 04:21:09 -0400
Subject: [PATCH] docker: config fixes

port env var

Update docker-compose.yml

Revert "Update docker-compose.yml"

This reverts commit ee4f170177bd976b1a619a49383b8c50139160ae.

Update docker-compose.yml

Update tangled_sshd.conf

is this anything

optional caddy
---
 docker/Dockerfile                                     |  3 ++-
 docker/docker-compose.yml                             | 10 ++++++----
 docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf |  2 +-
 guard/guard.go                                        |  2 +-
 keyfetch/keyfetch.go                                  |  2 +-
 5 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 891e68f..9990431 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,6 +1,7 @@
 FROM docker.io/golang:1.24-alpine3.21 AS build
 
 ENV CGO_ENABLED=1
+ENV KNOT_REPO_SCAN_PATH=/home/git/repositories
 WORKDIR /usr/src/app
 COPY go.mod go.sum ./
 
@@ -34,4 +35,4 @@ COPY docker/rootfs/ .
 EXPOSE 22
 EXPOSE 5555
 
-ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown git:git /home/git/repositories && /init"]
+ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown -R git:git \"$KNOT_REPO_SCAN_PATH\" && /init"]
\ No newline at end of file
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 7a1ad94..0041415 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -8,12 +8,15 @@ services:
       KNOT_SERVER_SECRET: ${KNOT_SERVER_SECRET}
       KNOT_SERVER_DB_PATH: "/app/knotserver.db"
       KNOT_REPO_SCAN_PATH: "/home/git/repositories"
+      KNOT_SERVER_INTERNAL_LISTEN_ADDR: "localhost:5444"
     volumes:
       - "./keys:/etc/ssh/keys"
       - "./repositories:/home/git/repositories"
       - "./server:/app"
     ports:
+      - "5555:5555"
       - "2222:22"
+    restart: always
   frontend:
     image: caddy:2-alpine
     command: >
@@ -24,10 +27,9 @@ services:
     depends_on:
       - knot
     ports:
-      - "443:443"
-      - "443:443/udp"
+      - "${KNOT_SERVER_PORT:-443}:443"
+      - "${KNOT_SERVER_PORT:-443}:443/udp"
     volumes:
       - caddy_data:/data
     restart: always
-volumes:
-  caddy_data:
+    profiles: ["caddy"]
diff --git a/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf b/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
index f09360e..7ad384f 100644
--- a/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
+++ b/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
@@ -5,5 +5,5 @@ HostKey /etc/ssh/keys/ssh_host_ed25519_key
 PasswordAuthentication no
 
 Match User git
-  AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized-keys
+  AuthorizedKeysCommand /usr/local/bin/knot keys -output authorized-keys -internal-api http://$(echo ${KNOT_SERVER_INTERNAL_LISTEN_ADDR:-localhost:5444}) -git-dir ${KNOT_REPO_SCAN_PATH:-/home/git/repositories} -log-path /tmp/knotguard.log
   AuthorizedKeysCommandUser nobody
diff --git a/guard/guard.go b/guard/guard.go
index 2e40ca9..d7db225 100644
--- a/guard/guard.go
+++ b/guard/guard.go
@@ -40,7 +40,7 @@ func Command() *cli.Command {
 			&cli.StringFlag{
 				Name:  "internal-api",
 				Usage: "internal API endpoint",
-				Value: "http://localhost:5444",
+				Value: "http://localhost:5555",
 			},
 		},
 	}
diff --git a/keyfetch/keyfetch.go b/keyfetch/keyfetch.go
index 6e7e4bc..a50bdb7 100644
--- a/keyfetch/keyfetch.go
+++ b/keyfetch/keyfetch.go
@@ -28,7 +28,7 @@ func Command() *cli.Command {
 			&cli.StringFlag{
 				Name:  "internal-api",
 				Usage: "internal API endpoint",
-				Value: "http://localhost:5444",
+				Value: "http://127.0.0.1:5444",
 			},
 			&cli.StringFlag{
 				Name:  "git-dir",
-- 
2.43.0