+37

Dockerfile

··· 1 1 + FROM docker.io/golang:1.24-alpine3.21 AS build 2 2 + 3 3 + ENV CGO_ENABLED=1 4 4 + WORKDIR /usr/src/app 5 5 + COPY go.mod go.sum ./ 6 6 + 7 7 + RUN apk add --no-cache gcc musl-dev 8 8 + RUN go mod download 9 9 + 10 10 + COPY . . 11 11 + RUN go build -v \ 12 12 + -o /usr/local/bin/knot \ 13 13 + -ldflags='-s -w -extldflags "-static"' \ 14 14 + ./cmd/knot 15 15 + 16 16 + FROM docker.io/alpine:3.21 17 17 + 18 18 + LABEL org.opencontainers.image.title=Tangled 19 19 + LABEL org.opencontainers.image.description="Tangled is a decentralized and open code collaboration platform, built on atproto." 20 20 + LABEL org.opencontainers.image.vendor=Tangled.sh 21 21 + LABEL org.opencontainers.image.licenses=MIT 22 22 + LABEL org.opencontainers.image.url=https://tangled.sh 23 23 + LABEL org.opencontainers.image.source=https://tangled.sh/@tangled.sh/core 24 24 + 25 25 + RUN apk add --no-cache shadow s6-overlay execline openssh git && \ 26 26 + adduser --disabled-password git && \ 27 27 + # We need to set password anyway since otherwise ssh won't work 28 28 + head -c 32 /dev/random | base64 | tr -dc 'a-zA-Z0-9' | passwd git --stdin && \ 29 29 + mkdir /app && mkdir /home/git/repositories 30 30 + 31 31 + COPY --from=build /usr/local/bin/knot /usr/local/bin 32 32 + COPY docker/rootfs/ . 33 33 + 34 34 + EXPOSE 22 35 35 + EXPOSE 5555 36 36 + 37 37 + ENTRYPOINT ["/bin/sh", "-c", "chown git:git /app && chown git:git /home/git/repositories && /init"]

+33

docker-compose.yml

··· 1 1 + services: 2 2 + knot: 3 3 + build: 4 4 + context: .. 5 5 + dockerfile: docker/Dockerfile 6 6 + environment: 7 7 + KNOT_SERVER_HOSTNAME: ${KNOT_SERVER_HOSTNAME} 8 8 + KNOT_SERVER_SECRET: ${KNOT_SERVER_SECRET} 9 9 + KNOT_SERVER_DB_PATH: "/app/knotserver.db" 10 10 + KNOT_REPO_SCAN_PATH: "/home/git/repositories" 11 11 + volumes: 12 12 + - "./keys:/etc/ssh/keys" 13 13 + - "./repositories:/home/git/repositories" 14 14 + - "./server:/app" 15 15 + ports: 16 16 + - "2222:22" 17 17 + frontend: 18 18 + image: caddy:2-alpine 19 19 + command: > 20 20 + caddy 21 21 + reverse-proxy 22 22 + --from ${KNOT_SERVER_HOSTNAME} 23 23 + --to knot:5555 24 24 + depends_on: 25 25 + - knot 26 26 + ports: 27 27 + - "443:443" 28 28 + - "443:443/udp" 29 29 + volumes: 30 30 + - caddy_data:/data 31 31 + restart: always 32 32 + volumes: 33 33 + caddy_data:

+4

readme.md

··· 1 1 + # knot-docker 2 2 + 3 3 + This is a community maintained Docker setup for hosting your own knot 4 4 + server.

+1

rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/type

··· 1 1 + oneshot

+1

rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/up

··· 1 1 + /etc/s6-overlay/scripts/create-sshd-host-keys

rootfs/etc/s6-overlay/s6-rc.d/knotserver/dependencies.d/base

This is a binary file and will not be displayed.

+3

rootfs/etc/s6-overlay/s6-rc.d/knotserver/run

··· 1 1 + #!/command/with-contenv ash 2 2 + 3 3 + exec s6-setuidgid git /usr/local/bin/knot server

+1

rootfs/etc/s6-overlay/s6-rc.d/knotserver/type

··· 1 1 + longrun

rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/base

This is a binary file and will not be displayed.

rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/create-sshd-host-keys

This is a binary file and will not be displayed.

+3

rootfs/etc/s6-overlay/s6-rc.d/sshd/run

··· 1 1 + #!/usr/bin/execlineb -P 2 2 + 3 3 + /usr/sbin/sshd -e -D

+1

rootfs/etc/s6-overlay/s6-rc.d/sshd/type

··· 1 1 + longrun

rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/knotserver

This is a binary file and will not be displayed.

rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/sshd

This is a binary file and will not be displayed.

+21

rootfs/etc/s6-overlay/scripts/create-sshd-host-keys

··· 1 1 + #!/usr/bin/execlineb -P 2 2 + 3 3 + foreground { 4 4 + if -n { test -d /etc/ssh/keys } 5 5 + mkdir /etc/ssh/keys 6 6 + } 7 7 + 8 8 + foreground { 9 9 + if -n { test -f /etc/ssh/keys/ssh_host_rsa_key } 10 10 + ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_rsa_key -q -N "" 11 11 + } 12 12 + 13 13 + foreground { 14 14 + if -n { test -f /etc/ssh/keys/ssh_host_ecdsa_key } 15 15 + ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ecdsa_key -q -N "" 16 16 + } 17 17 + 18 18 + foreground { 19 19 + if -n { test -f /etc/ssh/keys/ssh_host_ed25519_key } 20 20 + ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ed25519_key -q -N "" 21 21 + }

+9

rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf

··· 1 1 + HostKey /etc/ssh/keys/ssh_host_rsa_key 2 2 + HostKey /etc/ssh/keys/ssh_host_ecdsa_key 3 3 + HostKey /etc/ssh/keys/ssh_host_ed25519_key 4 4 + 5 5 + PasswordAuthentication no 6 6 + 7 7 + Match User git 8 8 + AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized-keys 9 9 + AuthorizedKeysCommandUser nobody