sachy.dev / knot-spindle-docker
Personal docker image setups for Knot/Spindle
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

Initial commit, basic knot & spindle image setup

Sachymetsu a1602826

+196
+70
Dockerfile
··· 1 + FROM golang:1.25-alpine AS builder 2 + ENV KNOT_REPO_SCAN_PATH=/home/git/repositories 3 + ENV CGO_ENABLED=1 4 + 5 + ARG TAG='v1.11.0-alpha' 6 + 7 + WORKDIR /app 8 + RUN apk add git gcc musl-dev 9 + RUN git clone -b ${TAG} https://tangled.org/tangled.org/core . 10 + 11 + FROM builder AS build-knot 12 + RUN go build -o /usr/bin/knot -ldflags '-s -w -extldflags "-static"' ./cmd/knot 13 + 14 + FROM builder AS build-spindle 15 + RUN go build -o /usr/bin/spindle -ldflags '-s -w -extldflags "-static"' ./cmd/spindle 16 + 17 + FROM alpine:edge AS knot 18 + EXPOSE 5555 19 + EXPOSE 22 20 + 21 + LABEL org.opencontainers.image.title='knot' 22 + LABEL org.opencontainers.image.description='data server for tangled' 23 + LABEL org.opencontainers.image.source='https://tangled.org/sachy.dev/knot-spindle-docker' 24 + LABEL org.opencontainers.image.url='https://tangled.org' 25 + LABEL org.opencontainers.image.vendor='tangled.org' 26 + LABEL org.opencontainers.image.licenses='MIT' 27 + 28 + ARG UID=1000 29 + ARG GID=1000 30 + 31 + COPY rootfs . 32 + RUN chmod 755 /etc 33 + RUN chmod -R 755 /etc/s6-overlay 34 + RUN apk add shadow s6-overlay execline openssl openssh git curl bash 35 + RUN groupadd -g $GID -f git 36 + RUN useradd -u $UID -g $GID -d /home/git git 37 + RUN openssl rand -hex 16 | passwd --stdin git 38 + RUN mkdir -p /home/git/repositories && chown -R git:git /home/git 39 + COPY --from=build-knot /usr/bin/knot /usr/bin 40 + RUN mkdir /app && chown -R git:git /app 41 + 42 + HEALTHCHECK --interval=60s --timeout=30s --start-period=5s --retries=3 \ 43 + CMD curl -f http://localhost:5555 || exit 1 44 + 45 + ENTRYPOINT ["/init"] 46 + 47 + FROM alpine:edge AS spindle 48 + 49 + EXPOSE 6555 50 + 51 + LABEL org.opencontainers.image.title="spindle" 52 + LABEL org.opencontainers.image.description="ci server for tangled" 53 + LABEL org.opencontainers.image.source="https://tangled.org/sachy.dev/knot-spindle-docker" 54 + LABEL org.opencontainers.image.url="https://tangled.org" 55 + LABEL org.opencontainers.image.vendor="tangled.org" 56 + LABEL org.opencontainers.image.licenses="MIT" 57 + 58 + ARG UID=1000 59 + ARG GID=1000 60 + 61 + RUN adduser --system --uid $UID spindle 62 + RUN addgroup --system --gid $UID spindle 63 + RUN mkdir -p /app && chown -R spindle:spindle /app 64 + COPY --from=build-spindle /usr/bin/spindle /usr/bin 65 + 66 + WORKDIR /app 67 + CMD ["spindle"] 68 + VOLUME ["/app"] 69 + HEALTHCHECK --interval=60s --timeout=30s --start-period=5s --retries=3 \ 70 + CMD curl -f http://localhost:6555 || exit 1
+21
LICENSE-MIT
··· 1 + MIT License 2 + 3 + Copyright (c) 2025 Sachy.dev 4 + 5 + Permission is hereby granted, free of charge, to any person obtaining a copy 6 + of this software and associated documentation files (the "Software"), to deal 7 + in the Software without restriction, including without limitation the rights 8 + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 + copies of the Software, and to permit persons to whom the Software is 10 + furnished to do so, subject to the following conditions: 11 + 12 + The above copyright notice and this permission notice shall be included in all 13 + copies or substantial portions of the Software. 14 + 15 + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 + SOFTWARE.
+5
README.md
··· 1 + # Sachy's Knot/Spindle Docker images 2 + 3 + More info TBA 4 + 5 + Licensed under MIT
+49
docker-bake.hcl
··· 1 + variable "UID" { 2 + default = "1000" 3 + } 4 + 5 + variable "GID" { 6 + default = "1000" 7 + } 8 + 9 + group "edge" { 10 + targets = ["knot-edge", "spindle-edge"] 11 + } 12 + 13 + target "knot-edge" { 14 + context = "." 15 + target = "knot" 16 + args = { 17 + TAG = "master" 18 + UID = UID 19 + GID = GID 20 + } 21 + tags = ["sachymetsu/knot:edge"] 22 + } 23 + 24 + target "spindle-edge" { 25 + context = "." 26 + target = "spindle" 27 + args = { 28 + TAG = "master" 29 + UID = UID 30 + GID = GID 31 + } 32 + tags = ["sachymetsu/spindle:edge"] 33 + } 34 + 35 + target "latest" { 36 + name = "${APP}-${replace(TAG, ".", "-")}" 37 + context = "." 38 + matrix = { 39 + APP = ["knot", "spindle"] 40 + TAG = ["v1.11.0-alpha"] 41 + } 42 + target = "${APP}" 43 + args = { 44 + TAG = "${TAG}" 45 + UID = UID 46 + GID = GID 47 + } 48 + tags = ["sachymetsu/${APP}:${TAG}"] 49 + }
+1
rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/type
··· 1 + oneshot
+1
rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/up
··· 1 + /etc/s6-overlay/scripts/create-sshd-host-keys
rootfs/etc/s6-overlay/s6-rc.d/knotserver/dependencies.d/base

This is a binary file and will not be displayed.

+3
rootfs/etc/s6-overlay/s6-rc.d/knotserver/run
··· 1 + #!/command/with-contenv ash 2 + 3 + exec s6-setuidgid git /usr/bin/knot server
+1
rootfs/etc/s6-overlay/s6-rc.d/knotserver/type
··· 1 + longrun
rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/base

This is a binary file and will not be displayed.

rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/create-sshd-host-keys

This is a binary file and will not be displayed.

+3
rootfs/etc/s6-overlay/s6-rc.d/sshd/run
··· 1 + #!/usr/bin/execlineb -P 2 + 3 + /usr/sbin/sshd -e -D
+1
rootfs/etc/s6-overlay/s6-rc.d/sshd/type
··· 1 + longrun
rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/knotserver

This is a binary file and will not be displayed.

rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/sshd

This is a binary file and will not be displayed.

+21
rootfs/etc/s6-overlay/scripts/create-sshd-host-keys
··· 1 + #!/usr/bin/execlineb -P 2 + 3 + foreground { 4 + if -n { test -d /etc/ssh/keys } 5 + mkdir /etc/ssh/keys 6 + } 7 + 8 + foreground { 9 + if -n { test -f /etc/ssh/keys/ssh_host_rsa_key } 10 + ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_rsa_key -q -N "" 11 + } 12 + 13 + foreground { 14 + if -n { test -f /etc/ssh/keys/ssh_host_ecdsa_key } 15 + ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ecdsa_key -q -N "" 16 + } 17 + 18 + foreground { 19 + if -n { test -f /etc/ssh/keys/ssh_host_ed25519_key } 20 + ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ed25519_key -q -N "" 21 + }
+8
rootfs/etc/s6-overlay/scripts/keys-wrapper
··· 1 + #!/bin/sh 2 + 3 + # Execute the knot keys command with proper shell context 4 + exec /bin/sh -c '/usr/bin/knot keys -output authorized-keys \ 5 + -internal-api "http://${KNOT_SERVER_INTERNAL_LISTEN_ADDR:-localhost:5444}" \ 6 + -git-dir "${KNOT_REPO_SCAN_PATH:-/home/git/repositories}" \ 7 + -log-path "/tmp/knotguard.log"' 8 +
+3
rootfs/etc/ssh/sshd_config.d/authorized_keys_command.conf
··· 1 + Match User git 2 + AuthorizedKeysCommand /usr/bin/knot keys -o authorized-keys -git-dir /home/git/repositories 3 + AuthorizedKeysCommandUser nobody
+9
rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf
··· 1 + HostKey /etc/ssh/keys/ssh_host_rsa_key 2 + HostKey /etc/ssh/keys/ssh_host_ecdsa_key 3 + HostKey /etc/ssh/keys/ssh_host_ed25519_key 4 + 5 + PasswordAuthentication no 6 + 7 + Match User git 8 + AuthorizedKeysCommand /etc/s6-overlay/scripts/keys-wrapper 9 + AuthorizedKeysCommandUser nobody