+6

Justfile

reviewed

··· 1 1 + build target *args: 2 2 + docker buildx bake \ 3 3 + --allow 'fs.read={{ justfile_directory() / "knot" }}' \ 4 4 + --file "{{ justfile_directory() / "bake.hcl" }}" \ 5 5 + {{ target }} \ 6 6 + {{ args }}

+21

bake.hcl

reviewed

··· 1 1 + variable "COMMIT" { 2 2 + value = "442e2ab1" 3 3 + } 4 4 + 5 5 + target "base" { 6 6 + contexts = { 7 7 + tangled = "https://tangled.org/tangled.org/core.git#${COMMIT}" 8 8 + } 9 9 + } 10 10 + 11 11 + target "knot" { 12 12 + inherits = ["base"] 13 13 + dockerfile = "./knot/Dockerfile" 14 14 + tags = ["atcr.io/hayden.moe/tngl-knot"] 15 15 + } 16 16 + 17 17 + # target "spindle" { 18 18 + # inherits = ["base"] 19 19 + # dockerfile = "./spindle/Dockerfile" 20 20 + # tags = ["atcr.io/hayden.moe/tngl-spindle"] 21 21 + # }

+30

knot/Dockerfile

reviewed

··· 1 1 + FROM golang:1.24.4 AS build 2 2 + 3 3 + WORKDIR /src 4 4 + COPY --from=tangled . . 5 5 + ENV CGO_ENABLED=1 6 6 + RUN go build -o knot ./cmd/knot 7 7 + 8 8 + FROM rockylinux/rockylinux:10-ubi AS run 9 9 + 10 10 + RUN dnf update -y && \ 11 11 + dnf install -y openssh-server && \ 12 12 + dnf clean all && \ 13 13 + rm -rf /var/cache/dnf 14 14 + COPY --from=build --chown=root:root /src/knot /usr/local/bin/knot 15 15 + 16 16 + RUN adduser git --shell=/bin/false 17 17 + USER git 18 18 + 19 19 + WORKDIR /home/git 20 20 + VOLUME [ "/data" ] 21 21 + 22 22 + ENV KNOT_REPO_SCAN_PATH=/data/repos 23 23 + ENV KNOT_SERVER_DB_PATH=/data/knotserver.db 24 24 + ENV KNOT_SERVER_INTERNAL_LISTEN_ADDR=127.0.0.1:5444 25 25 + ENV KNOT_SERVER_LISTEN_ADDR=0.0.0.0:5555 26 26 + 27 27 + COPY --chmod=0755 knot/entrypoint.sh /usr/local/bin/entrypoint.sh 28 28 + COPY --chmod=0644 knot/sshd_config /etc/ssh/sshd_config.tpl 29 29 + 30 30 + CMD ["/usr/local/bin/entrypoint.sh"]

+31

knot/entrypoint.sh

reviewed

··· 1 1 + #!/usr/bin/env bash 2 2 + set -euo pipefail 3 3 + 4 4 + data_root="$(dirname ${KNOT_REPO_SCAN_PATH:-/data/repos})" 5 5 + ssh_root="${data_root}/ssh" 6 6 + repos_root="${KNOT_REPO_SCAN_PATH:-$data_root/repos}" 7 7 + 8 8 + mkdir -p "$ssh_root" 9 9 + mkdir -p "$repos_root" 10 10 + 11 11 + if [[ ! -f "$ssh_root/ssh_host_rsa_key" ]]; then 12 12 + ssh-keygen -t rsa -f "$ssh_root/ssh_host_rsa_key" -N '' 13 13 + fi 14 14 + 15 15 + if [[ ! -f "$ssh_root/ssh_host_ecdsa_key" ]]; then 16 16 + ssh-keygen -t ecdsa -f "$ssh_root/ssh_host_ecdsa_key" -N '' 17 17 + fi 18 18 + 19 19 + if [[ ! -f "$ssh_root/ssh_host_ed25519_key" ]]; then 20 20 + ssh-keygen -t ed25519 -f "$ssh_root/ssh_host_ed25519_key" -N '' 21 21 + fi 22 22 + 23 23 + cat /etc/ssh/sshd_config.tpl \ 24 24 + | sed "s|__ssh_root__|${ssh_root}|g" \ 25 25 + > $ssh_root/sshd_config 26 26 + 27 27 + /usr/sbin/sshd -f "$ssh_root/sshd_config" -D & 28 28 + sshd_pid=$! 29 29 + trap "kill $sshd_pid" EXIT 30 30 + 31 31 + /usr/local/bin/knot server

+12

knot/sshd_config

reviewed

··· 1 1 + Port 2222 2 2 + 3 3 + HostKey __ssh_root__/ssh_host_rsa_key 4 4 + HostKey __ssh_root__/ssh_host_ecdsa_key 5 5 + HostKey __ssh_root__/ssh_host_ed25519_key 6 6 + 7 7 + PasswordAuthentication no 8 8 + 9 9 + AllowUsers git@* 10 10 + Match User git 11 11 + AuthorizedKeysCommand /usr/local/bin/knot keys -o authorized_keys 12 12 + AuthorizedKeysCommandUser git

+2

mise.toml

reviewed

··· 1 1 + [tools] 2 2 + just = "1.43.1"