Skip to content

k8ieone/srht-docker

Repository files navigation

About this fork

This is a fork of comcloudway's repo. The aim of this fork is to create pre-built multiarch images for sourcehut. I use Docker Buildx Bake to simplify the build process. The images are built every week and are not versioned in any way. The rest of this README is unaltered.

sourcehut ♥ docker

Unofficial docker containers for hosting sourcehut.

This project was inspired by ulyc's sourcehut-docker project. But since I was unable to get their init.sh to work, I decided to write my own port.

Also I wanted my docker-compose to provide an image for each component instead of providing one image with preconfigurable components.

Configuration

There are multiple different ways in which you might want to configure your sourcehut deployment:

Adding/Disabling services

To add or remove services, you can simply remove the given services from the (docker-compose.yml)[./docker-compose.yml] (I recommend commenting out the services instead, because it makes re-adding them again later easier).

Keep in mind, that you cannot remove every service, as some services may be required by others. It is best to consult the sourcehut documentation before removing services. A couple of good places to start, are the installation guide and the configuration guide.

[meta] Basic Config

As stated in the configuration guide, sourcehut uses a central configuration file:

sr.ht services all use a shared configuration file, [...]. The specific options you will configure will depend on the subset of and configuration of sr.ht services you choose to run.

We also use this configuration file, and link it to every sourcehut-service-container.

Before you can start all the services, you should rename the (config.example.ini)[./config/config.example.ini], located in the config folder, to config.ini and adjust the content to your liking.

Most importantly, we'll need to generate a couple of keys: First of all navigate into the base directory, and run sudo ./Dockerfile 1 to build a base image. We'll need this image later, when we are building the services, but for now, we can use it to generate our keys.

To do that, we can run the container and append the srht-keygen command.

That way we can generate a service key using doas docker run sr.ht-base srht-keygen service 1, and a network key using doas docker run sr.ht-base srht-keygen network 1.

Now you have to copy those keys (seperatly) and paste them into the appropriate section in the config.ini, you just created.

service-key= network-key=

We also need to create a public/private keypair for webhooks. Luckily, the srht-keygen util can also do that: doas docker run sr.ht-base srht-keygen webhook 1 This time around, we only want to copy the private key, and put it in the config.ini

private-key=

You should store the public key though, as it has to be distributed to every webhook client. For now, just put the public key into a pub.key file.

Additionally sourcehut requires you to setup email using SMTP. If you do not have a email account with smtp/imap support, you might want to have a look at docker-mailserver or purelymail.

smtp-host= smtp-port= smtp-from=[email protected] smtp-user= smtp-password= error-to=[email protected] error-from=[email protected]

After adding your smtp details, you have to generate a pgp key, to enableemail verification.

First of all, run gpg --generate key to generate a new keyair. It should print something like this:

pub ed25519 yyyy-mm-dd [SC] [expires: yyyy-mm-dd] uid Jakob Meier [email protected] sub cv25519 yyyy-mm-dd [E] [expires: yyyy-mm-dd]

Now copy the key id and run gpg --pinentry-mode loopback --passwd <key-id> to remove the password from the private key. Afterwards, you can export the public and private keys:

  • public key: ppg --armor --export <key-id> > config/email.pub
  • private key: gpg --armor --export-secret-keys <key-id> > config/email.priv and put your key id into the config file:

pgp-key-id=

For more information, you should consult the official sourcehut configuration. Additionally, every sourcehut service (that requires configuration), has a config.example.ini located in its root folder, i.e the meta.sh.ht repo

Building

You can manage this project with docker-compose, but because my base image is not on docker-hub, you'll have to build it yourself.

After the base container has been build, you can navigate back into the project root and use sudo docker compose build1 to build all other containers.

Admin User

To create a user with the CLI, you have to start the containers, with sudo docker compose up1 (or sudo docker compose up -d to run in background).

Now run sudo docker compose exec meta metasrht-manageuser -t admin -e <email> <user> to create a new user with the type admin.

Additional configuration

Now that we know how to get a base installation up and running, it is time to add more services. This means adding serviced to the docker-compose file, and configuring them in the config.ini.

[hub] Project Hub / Home

The oauth settings do not have to be configured, when running internally, as stated in the example configuration file:

Set of IP subnets which are permitted to utilize internal API

authentication. This should be limited to the subnets from which your

*.sr.ht services are running.

[git] Git VCS

Footnotes

  1. If you have configured docker/podman for non-sudo mode, you may run the command without the sudo. If you are using doas, you might have to replace sudo with doas 2 3 4 5 6

About

Pre-built Sourcehut containers

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages