-3

.gitmodules

reviewed

··· 1 1 - [submodule "knot"] 2 2 - path = knot 3 3 - url = https://tangled.org/@tangled.org/knot-docker

+1 -1

commit.sh

reviewed

··· 14 14 15 15 # restart/rebuild all containers 16 16 docker compose build --no-cache 17 17 - docker compose up -d --force-recreate 17 17 + docker compose up -d --force-recreate --remove-orphans 18 18 19 19 # clear out dockerfiles to stop my drive exploding 20 20 docker system prune -af

+1

compose.yml

reviewed

··· 15 15 args: 16 16 UID: 1000 17 17 GID: 1000 18 18 + TAG: v1.11.0-alpha 18 19 restart: unless-stopped 19 20 ports: 20 21 - "5555:5555"

+40

knot/Dockerfile

reviewed

··· 1 1 + FROM golang:1.24-alpine as builder 2 2 + ENV KNOT_REPO_SCAN_PATH=/home/git/repositories 3 3 + ENV CGO_ENABLED=1 4 4 + 5 5 + ARG TAG='v1.10.0-alpha' 6 6 + 7 7 + WORKDIR /app 8 8 + RUN apk add git gcc musl-dev 9 9 + RUN git clone -b ${TAG} https://tangled.org/@tangled.org/core . 10 10 + RUN go build -o /usr/bin/knot -ldflags '-s -w -extldflags "-static"' ./cmd/knot 11 11 + 12 12 + FROM alpine:edge 13 13 + EXPOSE 5555 14 14 + EXPOSE 22 15 15 + 16 16 + LABEL org.opencontainers.image.title='knot' 17 17 + LABEL org.opencontainers.image.description='data server for tangled' 18 18 + LABEL org.opencontainers.image.source='https://tangled.org/@tangled.org/knot-docker' 19 19 + LABEL org.opencontainers.image.url='https://tangled.org' 20 20 + LABEL org.opencontainers.image.vendor='tangled.org' 21 21 + LABEL org.opencontainers.image.licenses='MIT' 22 22 + 23 23 + ARG UID=1000 24 24 + ARG GID=1000 25 25 + 26 26 + COPY rootfs . 27 27 + RUN chmod 755 /etc 28 28 + RUN chmod -R 755 /etc/s6-overlay 29 29 + RUN apk add shadow s6-overlay execline openssl openssh git curl bash 30 30 + RUN groupadd -g $GID -f git 31 31 + RUN useradd -u $UID -g $GID -d /home/git git 32 32 + RUN openssl rand -hex 16 | passwd --stdin git 33 33 + RUN mkdir -p /home/git/repositories && chown -R git:git /home/git 34 34 + COPY --from=builder /usr/bin/knot /usr/bin 35 35 + RUN mkdir /app && chown -R git:git /app 36 36 + 37 37 + HEALTHCHECK --interval=60s --timeout=30s --start-period=5s --retries=3 \ 38 38 + cmd curl -f http://localhost:5555 || exit 1 39 39 + 40 40 + ENTRYPOINT ["/init"]

+1

knot/rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/type

reviewed

··· 1 1 + oneshot

+1

knot/rootfs/etc/s6-overlay/s6-rc.d/create-sshd-host-keys/up

reviewed

··· 1 1 + /etc/s6-overlay/scripts/create-sshd-host-keys

knot/rootfs/etc/s6-overlay/s6-rc.d/knotserver/dependencies.d/base

reviewed

This is a binary file and will not be displayed.

+3

knot/rootfs/etc/s6-overlay/s6-rc.d/knotserver/run

reviewed

··· 1 1 + #!/command/with-contenv ash 2 2 + 3 3 + exec s6-setuidgid git /usr/bin/knot server

+1

knot/rootfs/etc/s6-overlay/s6-rc.d/knotserver/type

reviewed

··· 1 1 + longrun

knot/rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/base

reviewed

This is a binary file and will not be displayed.

knot/rootfs/etc/s6-overlay/s6-rc.d/sshd/dependencies.d/create-sshd-host-keys

reviewed

This is a binary file and will not be displayed.

+3

knot/rootfs/etc/s6-overlay/s6-rc.d/sshd/run

reviewed

··· 1 1 + #!/usr/bin/execlineb -P 2 2 + 3 3 + /usr/sbin/sshd -e -D

+1

knot/rootfs/etc/s6-overlay/s6-rc.d/sshd/type

reviewed

··· 1 1 + longrun

knot/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/knotserver

reviewed

This is a binary file and will not be displayed.

knot/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/sshd

reviewed

This is a binary file and will not be displayed.

+21

knot/rootfs/etc/s6-overlay/scripts/create-sshd-host-keys

reviewed

··· 1 1 + #!/usr/bin/execlineb -P 2 2 + 3 3 + foreground { 4 4 + if -n { test -d /etc/ssh/keys } 5 5 + mkdir /etc/ssh/keys 6 6 + } 7 7 + 8 8 + foreground { 9 9 + if -n { test -f /etc/ssh/keys/ssh_host_rsa_key } 10 10 + ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_rsa_key -q -N "" 11 11 + } 12 12 + 13 13 + foreground { 14 14 + if -n { test -f /etc/ssh/keys/ssh_host_ecdsa_key } 15 15 + ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ecdsa_key -q -N "" 16 16 + } 17 17 + 18 18 + foreground { 19 19 + if -n { test -f /etc/ssh/keys/ssh_host_ed25519_key } 20 20 + ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_ed25519_key -q -N "" 21 21 + }

+8

knot/rootfs/etc/s6-overlay/scripts/keys-wrapper

reviewed

··· 1 1 + #!/bin/sh 2 2 + 3 3 + # Execute the knot keys command with proper shell context 4 4 + exec /bin/sh -c '/usr/bin/knot keys -output authorized-keys \ 5 5 + -internal-api "http://${KNOT_SERVER_INTERNAL_LISTEN_ADDR:-localhost:5444}" \ 6 6 + -git-dir "${KNOT_REPO_SCAN_PATH:-/home/git/repositories}" \ 7 7 + -log-path "/tmp/knotguard.log"' 8 8 +

+3

knot/rootfs/etc/ssh/sshd_config.d/authorized_keys_command.conf

reviewed

··· 1 1 + Match User git 2 2 + AuthorizedKeysCommand /usr/bin/knot keys -o authorized-keys -git-dir /home/git/repositories 3 3 + AuthorizedKeysCommandUser nobody

+9

knot/rootfs/etc/ssh/sshd_config.d/tangled_sshd.conf

reviewed

··· 1 1 + HostKey /etc/ssh/keys/ssh_host_rsa_key 2 2 + HostKey /etc/ssh/keys/ssh_host_ecdsa_key 3 3 + HostKey /etc/ssh/keys/ssh_host_ed25519_key 4 4 + 5 5 + PasswordAuthentication no 6 6 + 7 7 + Match User git 8 8 + AuthorizedKeysCommand /etc/s6-overlay/scripts/keys-wrapper 9 9 + AuthorizedKeysCommandUser nobody