julien.rbrt.fr / tangled-core
forked from tangled.org/core
Monorepo for Tangled — https://tangled.org
fork atom

readme: add links to documentation

anirudh.fi 97b684b5 0eb4fb0c

+3 -107
unified split
+3 -107
readme.md
··· 6 6 7 7 Read the introduction to Tangled [here](https://blog.tangled.sh/intro). 8 8 9 - ## knot self-hosting guide 10 - 11 - So you want to run your own knot server? Great! Here are a few prerequisites: 12 - 13 - 1. A server of some kind (a VPS, a Raspberry Pi, etc.). Preferably running a Linux of some kind. 14 - 2. A (sub)domain name. People generally use `knot.example.com`. 15 - 3. A valid SSL certificate for your domain. 16 - 17 - There's a couple of ways to get started: 18 - * NixOS: refer to [flake.nix](https://tangled.sh/@tangled.sh/core/blob/master/flake.nix) 19 - * Docker: Documented below. 20 - * Manual: Documented below. 21 - 22 - ## docker setup 23 - 24 - Clone this repository: 25 - 26 - ``` 27 - git clone https://tangled.sh/@tangled.sh/core 28 - ``` 29 - 30 - Modify the `docker/docker-compose.yml`, specifically the 31 - `KNOT_SERVER_SECRET` and `KNOT_SERVER_HOSTNAME` env vars. Then run: 32 - 33 - ``` 34 - docker compose -f docker/docker-compose.yml up 35 - ``` 36 - 37 - ### manual setup 38 - 39 - First, clone this repository: 40 - 41 - ``` 42 - git clone https://tangled.sh/@tangled.sh/core 43 - ``` 44 - 45 - Then, build our binaries (you need to have Go installed): 46 - * `knotserver`: the main server program 47 - * `keyfetch`: utility to fetch ssh pubkeys 48 - * `repoguard`: enforces repository access control 49 - 50 - ``` 51 - cd core 52 - export CGO_ENABLED=1 53 - go build -o knot ./cmd/knotserver 54 - go build -o keyfetch ./cmd/keyfetch 55 - go build -o repoguard ./cmd/repoguard 56 - ``` 57 - 58 - Next, move the `keyfetch` binary to a location owned by `root` -- 59 - `/usr/local/libexec/tangled-keyfetch` is a good choice: 60 - 61 - ``` 62 - sudo mv keyfetch /usr/local/libexec/tangled-keyfetch 63 - sudo chown root:root /usr/local/libexec/tangled-keyfetch 64 - sudo chmod 755 /usr/local/libexec/tangled-keyfetch 65 - ``` 66 - 67 - This is necessary because SSH `AuthorizedKeysCommand` requires [really specific 68 - permissions](https://stackoverflow.com/a/27638306). Let's set that up: 69 - 70 - ``` 71 - sudo tee /etc/ssh/sshd_config.d/authorized_keys_command.conf <<EOF 72 - Match User git 73 - AuthorizedKeysCommand /usr/local/libexec/tangled-keyfetch 74 - AuthorizedKeysCommandUser nobody 75 - EOF 76 - ``` 77 - 78 - Next, create the `git` user: 79 - 80 - ``` 81 - sudo adduser git 82 - ``` 83 - 84 - Copy the `repoguard` binary to the `git` user's home directory: 9 + Documentation: 85 10 86 - ``` 87 - sudo cp repoguard /home/git 88 - sudo chown git:git /home/git/repoguard 89 - ``` 90 - 91 - Now, let's set up the server. Copy the `knot` binary to 92 - `/usr/local/bin/knotserver`. Then, create `/home/git/.knot.env` with the 93 - following, updating the values as necessary. The `KNOT_SERVER_SECRET` can be 94 - obtaind from the [/knots](/knots) page on Tangled. 95 - 96 - ``` 97 - KNOT_REPO_SCAN_PATH=/home/git 98 - KNOT_SERVER_HOSTNAME=knot.example.com 99 - APPVIEW_ENDPOINT=https://tangled.sh 100 - KNOT_SERVER_SECRET=secret 101 - KNOT_SERVER_INTERNAL_LISTEN_ADDR=127.0.0.1:5444 102 - KNOT_SERVER_LISTEN_ADDR=127.0.0.1:5555 103 - ``` 104 - 105 - If you run a Linux distribution that uses systemd, you can use the provided 106 - service file to run the server. Copy 107 - [`knotserver.service`](https://tangled.sh/did:plc:wshs7t2adsemcrrd4snkeqli/core/blob/master/systemd/knotserver.service) 108 - to `/etc/systemd/system/`. Then, run: 109 - 110 - ``` 111 - systemctl enable knotserver 112 - systemctl start knotserver 113 - ``` 114 - 115 - You should now have a running knot server! You can finalize your registration by hitting the 116 - `initialize` button on the [/knots](/knots) page. 11 + * [knot hosting guide](https://tangled.sh/@tangled.sh/core/tree/master/docs/knot-hosting.md) 12 + * [contributing guide](https://tangled.sh/@tangled.sh/core/tree/master/docs/contributing.md)