From 66bc7a0839de8c85162aea07c4fe03dee20efe69 Mon Sep 17 00:00:00 2001
From: Roscoe Rubin-Rottenberg <roscoe@knotbin.xyz>
Date: Sun, 1 Jun 2025 04:21:09 -0400
Subject: [PATCH] docker: config fixes

port env var

Update docker-compose.yml

Revert "Update docker-compose.yml"

This reverts commit ee4f170177bd976b1a619a49383b8c50139160ae.

Update docker-compose.yml

Update tangled_sshd.conf

is this anything

optional caddy

fix stupid stuff

Update docker-compose.yml

fix authkeyscommand

docker: config fixes

port env var

Update docker-compose.yml

Revert "Update docker-compose.yml"

This reverts commit ee4f170177bd976b1a619a49383b8c50139160ae.

Update docker-compose.yml

Update tangled_sshd.conf

is this anything

optional caddy

fix stupid stuff

Update docker-compose.yml

fix authkeyscommand
---
 docker/Dockerfile                                     |  3 ++-
 docker/docker-compose.yml                             | 10 ++++++----
 docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf |  2 +-
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 891e68f..9990431 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,6 +1,7 @@
 FROM docker.io/golang:1.24-alpine3.21 AS build
 
 ENV CGO_ENABLED=1
+ENV KNOT_REPO_SCAN_PATH=/home/git/repositories
 WORKDIR /usr/src/app
 COPY go.mod go.sum ./
 
@@ -34,4 +35,4 @@ COPY docker/rootfs/ .
 EXPOSE 22
 EXPOSE 5555
 
-ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown git:git /home/git/repositories && /init"]
+ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown -R git:git \"$KNOT_REPO_SCAN_PATH\" && /init"]
\ No newline at end of file
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 7a1ad94..0041415 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -8,12 +8,15 @@ services:
       KNOT_SERVER_SECRET: ${KNOT_SERVER_SECRET}
       KNOT_SERVER_DB_PATH: "/app/knotserver.db"
       KNOT_REPO_SCAN_PATH: "/home/git/repositories"
+      KNOT_SERVER_INTERNAL_LISTEN_ADDR: "localhost:5444"
     volumes:
       - "./keys:/etc/ssh/keys"
       - "./repositories:/home/git/repositories"
       - "./server:/app"
     ports:
+      - "5555:5555"
       - "2222:22"
+    restart: always
   frontend:
     image: caddy:2-alpine
     command: >
@@ -24,10 +27,9 @@ services:
     depends_on:
       - knot
     ports:
-      - "443:443"
-      - "443:443/udp"
+      - "${KNOT_SERVER_PORT:-443}:443"
+      - "${KNOT_SERVER_PORT:-443}:443/udp"
     volumes:
       - caddy_data:/data
     restart: always
-volumes:
-  caddy_data:
+    profiles: ["caddy"]
diff --git a/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf b/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
index f09360e..c5d1bee 100644
--- a/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
+++ b/docker/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
@@ -5,5 +5,5 @@ HostKey /etc/ssh/keys/ssh_host_ed25519_key
 PasswordAuthentication no
 
 Match User git
-  AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized-keys
+  AuthorizedKeysCommand /bin/sh -c '/usr/local/bin/knot keys -output authorized-keys -internal-api http://${KNOT_SERVER_INTERNAL_LISTEN_ADDR:-localhost:5444} -git-dir ${KNOT_REPO_SCAN_PATH:-/home/git/repositories} -log-path /tmp/knotguard.log'
   AuthorizedKeysCommandUser nobody
-- 
2.43.0