+17

.env.yaml

··· 1 1 + DOCKER_USER: ENC[AES256_GCM,data:eg6enZA=,iv:Zx73u8oHotkMPbnm/gdT+3V/6hSuJx2/3os9M2ls0k8=,tag:d4Tz73i/CGAURCKXP7d/Yw==,type:str] 2 2 + DOCKER_TOKEN: ENC[AES256_GCM,data:nPswAg==,iv:aG5OGjVZpxjjq1urC6dmZODrrswg6cxO/V/JMax04Ao=,tag:ctUIXWTLRSKmqJbN8gHYQw==,type:str] 3 3 + sops: 4 4 + age: 5 5 + - recipient: age1tw3hs5xhr28dq2dklfptftf0rl322cl9p9pe9yjrkkt4md2gtays772qjt 6 6 + enc: | 7 7 + -----BEGIN AGE ENCRYPTED FILE----- 8 8 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUTkpTSG9FalE5cGlFQi9w 9 9 + eVFmTHozM1RhYjFEMWVvellHTC9Wc3NKeFYwCkxKQTNabWVmNkc4SmZ3OFBqNVNW 10 10 + TExMUE9UUmtXWStRMFNFNFk0dmZaczgKLS0tIGdkUEJWYUx5cUdaRTJxVytib1ZV 11 11 + cjA3NXZOQUhwc01EVmdPdjYxd2FkTVUKSvzexBtylIyQCUPVBqThkL0yah37T9/I 12 12 + RDPl3vsdvcMpN0TKCVwn7P3W+7vciT86wq+6haG1fT1AFqAXCEDaiQ== 13 13 + -----END AGE ENCRYPTED FILE----- 14 14 + lastmodified: "2025-11-21T11:32:23Z" 15 15 + mac: ENC[AES256_GCM,data:aeLnT/cUVVVtIy4o6TLZwIfXBCh4zb9Efsiwxhc11FpS5TutcpYPg5tRj1t5NJn0soyCZI6mvWVosTw00BwFPik62Ztvl7Y/lH0G/Z8G3nko4C4lGxYjf9FNPpEt3cLB75T9024aacs1ASkDBzGRWpI1XVFxzHXtzGvg0qlHDf4=,iv:p+Gjlzpj+LpXifQampcBuipQyLxeoO+l0i3zUpyMtx4=,tag:pAuhnWLadAtGZgJ0d+QAAQ==,type:str] 16 16 + unencrypted_suffix: _unencrypted 17 17 + version: 3.10.2

+4

.sops.yaml

··· 1 1 + --- 2 2 + creation_rules: 3 3 + - path_regex: .*\.env\.yaml 4 4 + age: age1tw3hs5xhr28dq2dklfptftf0rl322cl9p9pe9yjrkkt4md2gtays772qjt

+14

.tangled/workflows/build.yml

··· 1 1 + when: 2 2 + - event: [push, pull_request] 3 3 + branch: [main] 4 4 + engine: nixery 5 5 + dependencies: 6 6 + nixpkgs: 7 7 + - mise 8 8 + steps: 9 9 + - name: Install dependencies 10 10 + command: | 11 11 + mise install 12 12 + - name: Build images 13 13 + command: | 14 14 + mise build

+14

.tangled/workflows/publish.yml

··· 1 1 + when: 2 2 + - event: [push, manual] 3 3 + branch: [main] 4 4 + engine: nixery 5 5 + dependencies: 6 6 + nixpkgs: 7 7 + - mise 8 8 + steps: 9 9 + - name: Install dependencies 10 10 + command: | 11 11 + mise install 12 12 + - name: Build and push images 13 13 + command: | 14 14 + mise publish

+40 -16

Dockerfile

··· 1 1 - FROM alpine AS install 2 2 - ARG TANGLED_VERSION=v1.11.0-alpha 3 3 - RUN curl -sLo core.tar.gz https://tangled.org/tangled.org/core/archive/${TANGLED_VERSION} 4 4 - RUN tar -zxvf core.tar.gz -C /app 5 5 - 6 1 FROM golang:alpine AS build 7 7 - WORKDIR /app 8 8 - COPY --from=install /app . 2 2 + 3 3 + FROM alpine AS runtime 4 4 + RUN addgroup --system --gid 1001 tangled 5 5 + RUN adduser --system --uid 1001 tangled 6 6 + RUN mkdir -p /var/lib/tangled 7 7 + VOLUME ["/var/lib/tangled"] 8 8 + 9 9 + FROM build AS tangled 10 10 + # earliest version with knot & spindle 11 11 + ARG TANGLED_VERSION=v1.6.0-alpha 12 12 + ENV URL=https://tangled.org/tangled.org/core/archive/${TANGLED_VERSION} 13 13 + RUN wget -O '-' $URL | tar -zxvf '-' 14 14 + RUN mv core-${TANGLED_VERSION} /core 15 15 + WORKDIR /core 9 16 RUN go mod download 17 17 + 18 18 + FROM build AS build_spindle 19 19 + WORKDIR /app 20 20 + COPY --from=tangled /core . 10 21 RUN go build -o spindle cmd/spindle/main.go 11 22 12 12 - FROM alpine 13 13 - WORKDIR /var/lib/spindle 23 23 + FROM build AS build_knot 24 24 + WORKDIR /app 25 25 + COPY --from=tangled /core . 26 26 + RUN go build -o knot cmd/knot/main.go 27 27 + 28 28 + FROM runtime AS spindle 29 29 + RUN mkdir -p /var/log/spindle 30 30 + COPY --from=build_spindle /app/spindle /usr/bin/spindle 31 31 + ENV SPINDLE_SERVER_DB_PATH=/var/lib/tangled/spindle.db 32 32 + USER tangled 14 33 EXPOSE 6555 15 15 - RUN adduser --uid 1001 spindle 16 16 - RUN addgroup --gid 1001 spindle 17 17 - USER spindle 18 18 - RUN mkdir -p /var/{lib,log}/spindle 19 19 - VOLUME [ "/var/lib/spindle", "/var/log/spindle" ] 20 20 - COPY --from=build --chown=spindle:spindle /app/spindle /usr/bin/spindle 21 21 - CMD spindle 34 34 + VOLUME ["/var/log/spindle"] 35 35 + CMD ["spindle"] 36 36 + 37 37 + FROM runtime AS knot 38 38 + COPY --from=build_knot /app/knot /usr/bin/knot 39 39 + ENV KNOT_SERVER_DB_PATH=/var/lib/tangled/knotserver.db 40 40 + ENV KNOT_REPO_SCAN_PATH=/home/git/repositories 41 41 + ENV KNOT_SERVER_INTERNAL_LISTEN_ADDR=localhost:5444 42 42 + USER tangled 43 43 + EXPOSE 5555 44 44 + VOLUME ["/var/log/spindle"] 45 45 + CMD ["knot"]

+40 -36

README.md

··· 1 1 - # tubbo/spindle 1 1 + # Tangled Containers 2 2 3 3 - A container image for the Spindle CI server. 3 3 + Container images for the [Tangled][] knot and spindle servers. All tagged 4 4 + versions of `@tangled.org/core` are supported, as well as directly from the 5 5 + `master` branch. 4 6 5 7 ## Usage 6 8 7 7 - Set your configuration in a `.env` file: 9 9 + Start a Knot Server: 8 10 9 9 - ```env 10 10 - SPINDLE_SERVER_HOSTNAME="your.spindle.server.host" 11 11 - SPINDLE_SERVER_OWNER="did:web:your.handle" 11 11 + ```sh 12 12 + docker run --name knot -e KNOT_SERVER_HOSTNAME=example.com -e KNOT_SERVER_OWNER=did:plc:yourdidgoeshere tubbo/knot 12 13 ``` 13 14 14 14 - Create a `compose.yml` to configure the Spindle service, or add it to 15 15 - an existing Compose file: 15 15 + Start a Spindle Server: 16 16 17 17 - ```yaml 18 18 - name: tangled 19 19 - services: 20 20 - spindle: 21 21 - image: tubbo/spindle:latest 22 22 - environment: 23 23 - - SPINDLE_SERVER_HOSTNAME 24 24 - - SPINDLE_SERVER_OWNER 25 25 - volumes: 26 26 - - certs:/app 27 27 - - pipelines:/var/log/spindle 28 28 - caddy: 29 29 - image: caddy:alpine 30 30 - command: > 31 31 - caddy reverse-proxy --from ${SPINDLE_SERVER_HOSTNAME} --to spindle:6555 32 32 - depends_on: 33 33 - - spindle 34 34 - ports: 35 35 - - 443:443 36 36 - - 443:443/udp 37 37 - volumes: 38 38 - - caddy:/data 39 39 - volumes: 40 40 - certs: 41 41 - spindle: 42 42 - pipelines: 17 17 + ```sh 18 18 + docker run --name spindle -e SPINDLE_SERVER_HOSTNAME=example.com -e SPINDLE_SERVER_OWNER=did:plc:yourdidgoeshere tubbo/spindle 43 19 ``` 44 20 45 45 - Run the Spindle server and its Caddy frontend: 21 21 + ### Supported tags 22 22 + 23 23 + - `latest` for the most recently tagged version 24 24 + - `v1.x.x-alpha` to specify the tag 25 25 + - `edge` to use the most recent Git commit to `master` 26 26 + 27 27 + ## Development 28 28 + 29 29 + Images are built with [Docker Bake][], using [mise][] as a task runner and 30 30 + toolchain installer. 31 31 + 32 32 + To contribute to this repository, clone it from Tangled: 46 33 47 34 ```sh 48 48 - docker compose up --detach 35 35 + git clone https://tangled.org/@psychedeli.ca/tangled-containers 36 36 + cd tangled-containers 37 37 + ``` 38 38 + 39 39 + Install dependencies with [mise][]: 40 40 + 41 41 + ```sh 42 42 + mise install 43 43 + ``` 44 44 + 45 45 + Then, build the most recent images by running: 46 46 + 47 47 + ```sh 48 48 + mise build 49 49 ``` 50 50 + 51 51 + [Tangled]: https://tangled.org 52 52 + [Docker Bake]: https://docs.docker.com/build/bake/ 53 53 + [mise]: https://mise.jdx.dev

+40 -2

docker-bake.hcl

··· 1 1 - target "spindle" { 1 1 + group "default" { 2 2 + targets = ["latest", "edge", "release"] 3 3 + } 4 4 + 5 5 + target "latest" { 6 6 + name = "${component}-latest" 2 7 context = "." 3 8 dockerfile = "Dockerfile" 9 9 + target = "${component}" 10 10 + tags = ["tubbo/${component}:latest", "tubbo/${component}:v1.11.0-alpha"] 4 11 args = { 5 12 TANGLED_VERSION = "v1.11.0-alpha" 6 13 } 7 7 - tags = ["tubbo/spindle:latest", "tubbo/spindle:v1.11.0-alpha"] 14 14 + matrix = { 15 15 + component = ["knot", "spindle"] 16 16 + } 17 17 + } 18 18 + 19 19 + target "edge" { 20 20 + name = "${component}-edge" 21 21 + context = "." 22 22 + dockerfile = "Dockerfile" 23 23 + target = "${component}" 24 24 + tags = ["tubbo/${component}:edge"] 25 25 + args = { 26 26 + TANGLED_VERSION = "master" 27 27 + } 28 28 + matrix = { 29 29 + component = ["knot", "spindle"] 30 30 + } 31 31 + } 32 32 + 33 33 + target "release" { 34 34 + name = "${component}-${replace("${version}", ".", "-")}" 35 35 + context = "." 36 36 + dockerfile = "Dockerfile" 37 37 + target = "${component}" 38 38 + tags = ["tubbo/${component}:${version}"] 39 39 + args = { 40 40 + TANGLED_VERSION = "${version}" 41 41 + } 42 42 + matrix = { 43 43 + component = ["knot", "spindle"] 44 44 + version = ["v1.11.0-alpha", "v1.10.0-alpha", "v1.9.0-alpha", "v1.8.0-alpha", "v1.7.0-alpha", "v1.6.0-alpha"] 45 45 + } 8 46 }

+16 -1

mise.toml

··· 1 1 [tools] 2 2 docker-cli = "latest" 3 3 4 4 + [settings] 5 5 + experimental = true 6 6 + 7 7 + [env] 8 8 + _.file = ".env.yaml" 9 9 + 4 10 [tasks.build] 5 5 - description = "Build the Docker image" 11 11 + description = "Build container images" 6 12 run = "docker bake" 13 13 + sources = ["docker-bake.hcl", "Dockerfile"] 14 14 + outputs = { auto = true } 15 15 + 16 16 + [tasks.publish] 17 17 + description = "Publish container images" 18 18 + run = [ 19 19 + "echo $DOCKER_TOKEN | docker login -u $DOCKER_USER --password-stdin", 20 20 + { task = "build --push" } 21 21 + ]