Monorepo for Tangled
tangled.org
1# Development only. Not for production use.
2
3FROM golang:1.25-alpine
4
5RUN apk add --no-cache git build-base sqlite-dev tini sqlite-libs ca-certificates
6
7# air for live-reload
8RUN go install github.com/air-verse/air@v1.65.1 && \
9 mv /go/bin/air /usr/local/bin/air
10
11# goat for generating OAuth client key (moved out of indigo)
12RUN go install github.com/bluesky-social/goat@v0.2.3 && \
13 mv /go/bin/goat /usr/local/bin/goat
14
15ENV CGO_ENABLED=1
16ENV GOCACHE=/go/cache
17ENV GOMODCACHE=/go/mod
18
19# Generates OAuth client key on first run. Persists to appview-data so re-runs
20# reuse the same key. Mirrors flake.nix:221-222.
21COPY <<'EOF' /usr/local/bin/appview-entrypoint.sh
22#!/bin/sh
23set -eu
24
25SECRET=/var/lib/appview/oauth-secret
26KID=/var/lib/appview/oauth-kid
27
28if [ ! -s "$SECRET" ]; then
29 mkdir -p /var/lib/appview
30 goat key generate -t P-256 \
31 | grep -A1 'Secret Key' | tail -n1 | awk '{print $1}' \
32 > "$SECRET"
33 date +%s > "$KID"
34 echo "[oauth] generated kid=$(cat $KID)"
35fi
36
37export TANGLED_OAUTH_CLIENT_SECRET="$(cat $SECRET)"
38export TANGLED_OAUTH_CLIENT_KID="$(cat $KID)"
39
40# Pulled in from init-accounts via /shared (mounted ro).
41[ -r /shared/label-defaults ] && export TANGLED_LABEL_DEFAULTS="$(cat /shared/label-defaults)"
42[ -r /shared/label-gfi ] && export TANGLED_LABEL_GFI="$(cat /shared/label-gfi)"
43
44if [ -f /usr/local/share/ca-certificates/caddy.crt ]; then
45 update-ca-certificates
46fi
47
48exec air -c /src/.air/appview.toml
49EOF
50RUN chmod +x /usr/local/bin/appview-entrypoint.sh
51
52WORKDIR /src
53
54EXPOSE 3000
55
56ENTRYPOINT ["/sbin/tini", "--"]
57CMD ["/usr/local/bin/appview-entrypoint.sh"]