setting up a knot (until we dockerize/nix it):

grab binaries:
--------------

    git clone https://tangled.sh/@tangled.sh/core; cd core

    go build ./cmd/knotserver    # serves your git repos
    go build ./cmd/keyfetch      # exposes pubkeys to sshd
    go build ./cmd/repoguard     # enforces RBAC rules etc on your knot


setting up knotserver:
----------------------

you need to configure these env vars:

    KNOT_REPO_SCAN_PATH=/home/git          # create a `git` user preferably
    KNOT_SERVER_HOSTNAME=knot.my.domain
    APPVIEW_ENDPOINT=https://tangled.sh
    KNOT_SERVER_SECRET=<you will get a secret in a later step>
    KNOT_SERVER_INTERNAL_LISTEN_ADDR=127.0.0.1:5444
    KNOT_SERVER_LISTEN_ADDR=127.0.0.1:5555


setting up keyfetch:
--------------------

add this to your /etc/ssh/sshd_config:

    Match User git
        AuthorizedKeysCommand /path/to/bin/keyfetch
        AuthorizedKeysCommandUser nobody


setting up repoguard:
---------------------

keyfetch looks for the repoguard binary in /home/git/repoguard by default.
you can plop it in there.


finally, head to tangled.sh:

- click on your handle on the topbar > knots > enter your KNOT_SERVER_HOSTNAME,
  and hit register. you will see a secret key.
- plug the secret key into KNOT_SERVER_SECRET above and start your knotserver
- back on tangled.sh, click on `initialize`, and if everything went okay, you should see 
  "check success"
- now, you can hit the `+` on the topbar, and you should see your knot as an available
  destination for your repo!