From ccd759da45c38f86a80c9b06fd7b1b177dcf398c Mon Sep 17 00:00:00 2001 From: adtpdn Date: Thu, 2 Jul 2026 01:18:54 +0800 Subject: [PATCH 1/6] Add SSH clone tutorial for tailnet users via README --- GIT_CLONE_TUTORIAL.md | 43 ++++++++++++++++++++++++++++++++++++++++++ README.md | 44 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+) create mode 100644 GIT_CLONE_TUTORIAL.md diff --git a/GIT_CLONE_TUTORIAL.md b/GIT_CLONE_TUTORIAL.md new file mode 100644 index 0000000..6bc58ba --- /dev/null +++ b/GIT_CLONE_TUTORIAL.md @@ -0,0 +1,43 @@ +# Cloning from any tailnet machine + +## Prerequisites +- The remote machine must be on your tailnet (registered + can ping `100.85.x.x`) +- You must have an account on the Gitea instance (`http://git.klud.top`) +- You must have an SSH key on the remote machine (`ssh-keygen` if you don't) + +## Step 1: Add your SSH key to Gitea +1. Open `http://git.klud.top/user/settings/keys` in browser +2. Paste the content of `~/.ssh/id_ed25519.pub` (or `id_rsa.pub`) +3. Click "Add Key" + +## Step 2: Test SSH reachability +```bash +ssh -T git@thunderobot -p 222 +# Expected output: "Hello from Gitea!\n\nPlease come over!" +# If asked about fingerprint, type "yes" and press Enter +``` + +## Step 3: Clone a repo +```bash +# Using tea CLI +tea repos clone --git-protocol ssh danchie/tekton + +# Or plain git +git clone git@thunderobot:222/danchie/tekton.git +``` + +## Troubleshooting +- `ssh: connect to host thunderobot port 222: Connection refused` + → Ensure the remote machine has `tailscale ping thunderobot` resolving to `100.93.226.13` + → Ensure the host's port `222` is reachable from the remote (it's bound to `0.0.0.0:222` in Docker) + +- `Permission denied (publickey)` + → Your SSH key wasn't added via Gitea web UI + → Run `ssh-add ~/.ssh/id_ed25519` if you use an agent + +- `Host key verification failed` + → Run `ssh -T git@thunderobot -p 222` interactively once to accept the fingerprint + +## HTTPS is disabled +`DISABLE_HTTP_GIT = true` is set on the server. All clones MUST use SSH. +If you need to fetch via HTTPS for CI or other non-ssh environments, this must be remapped. \ No newline at end of file diff --git a/README.md b/README.md index 71e89ca..25c94c7 100644 --- a/README.md +++ b/README.md @@ -3,3 +3,47 @@ > Full developer documentation lives in this repo's **wiki** (sidebar link). > > See in particular: [Skin Creation Workflow](./Skin-Creation-Workflow), [Nakama Deployment](./Nakama-Deployment), and [Patch Release Workflow](./Patch-Release-Workflow). + +# Cloning from any tailnet machine + +## Prerequisites +- The remote machine must be on your tailnet (registered + can ping `100.85.x.x`) +- You must have an account on the Gitea instance (`http://git.klud.top`) +- You must have an SSH key on the remote machine (`ssh-keygen` if you don't) + +## Step 1: Add your SSH key to Gitea +1. Open `http://git.klud.top/user/settings/keys` in browser +2. Paste the content of `~/.ssh/id_ed25519.pub` (or `id_rsa.pub`) +3. Click "Add Key" + +## Step 2: Test SSH reachability +```bash +ssh -T git@thunderobot -p 222 +# Expected output: "Hello from Gitea!\n\nPlease come over!" +# If asked about fingerprint, type "yes" and press Enter +``` + +## Step 3: Clone a repo +```bash +# Using tea CLI +tea repos clone --git-protocol ssh danchie/tekton + +# Or plain git +git clone git@thunderobot:222/danchie/tekton.git +``` + +## Troubleshooting +- `ssh: connect to host thunderobot port 222: Connection refused` + → Ensure the remote machine has `tailscale ping thunderobot` resolving to `100.93.226.13` + → Ensure the host's port `222` is reachable from the remote (it's bound to `0.0.0.0:222` in Docker) + +- `Permission denied (publickey)` + → Your SSH key wasn't added via Gitea web UI + → Run `ssh-add ~/.ssh/id_ed25519` if you use an agent + +- `Host key verification failed` + → Run `ssh -T git@thunderobot -p 222` interactively once to accept the fingerprint + +## HTTPS is disabled +`DISABLE_HTTP_GIT = true` is set on the server. All clones MUST use SSH. +If you need to fetch via HTTPS for CI or other non-ssh environments, this must be remapped. \ No newline at end of file From 625ff5ec69f036837587773fd7f5deff58154ac4 Mon Sep 17 00:00:00 2001 From: adtpdn Date: Thu, 2 Jul 2026 01:35:51 +0800 Subject: [PATCH 2/6] Replace SSH tutorial in README with wiki pages by OS Linux, macOS, Windows SSH setup guides moved to wiki. README becomes index with wiki links and breadcrumb to existing docs. --- README.md | 42 +++++++++------------------------------ wiki/SSH-Setup-Linux.md | 36 +++++++++++++++++++++++++++++++++ wiki/SSH-Setup-Windows.md | 42 +++++++++++++++++++++++++++++++++++++++ wiki/SSH-Setup-macOS.md | 35 ++++++++++++++++++++++++++++++++ 4 files changed, 122 insertions(+), 33 deletions(-) create mode 100644 wiki/SSH-Setup-Linux.md create mode 100644 wiki/SSH-Setup-Windows.md create mode 100644 wiki/SSH-Setup-macOS.md diff --git a/README.md b/README.md index 25c94c7..6925acc 100644 --- a/README.md +++ b/README.md @@ -4,46 +4,22 @@ > > See in particular: [Skin Creation Workflow](./Skin-Creation-Workflow), [Nakama Deployment](./Nakama-Deployment), and [Patch Release Workflow](./Patch-Release-Workflow). -# Cloning from any tailnet machine +## SSH setup for cloning -## Prerequisites -- The remote machine must be on your tailnet (registered + can ping `100.85.x.x`) -- You must have an account on the Gitea instance (`http://git.klud.top`) -- You must have an SSH key on the remote machine (`ssh-keygen` if you don't) +All clones **must use SSH** over Tailscale. HTTPS is disabled on this instance. -## Step 1: Add your SSH key to Gitea -1. Open `http://git.klud.top/user/settings/keys` in browser -2. Paste the content of `~/.ssh/id_ed25519.pub` (or `id_rsa.pub`) -3. Click "Add Key" +Guides by operating system: -## Step 2: Test SSH reachability +- [Linux](/danchie/tekton/wiki/SSH-Setup-Linux) +- [macOS](/danchie/tekton/wiki/SSH-Setup-macOS) +- [Windows](/danchie/tekton/wiki/SSH-Setup-Windows) + +Quick verification after setup: ```bash ssh -T git@thunderobot -p 222 -# Expected output: "Hello from Gitea!\n\nPlease come over!" -# If asked about fingerprint, type "yes" and press Enter ``` -## Step 3: Clone a repo +Once verified, clone: ```bash -# Using tea CLI -tea repos clone --git-protocol ssh danchie/tekton - -# Or plain git git clone git@thunderobot:222/danchie/tekton.git ``` - -## Troubleshooting -- `ssh: connect to host thunderobot port 222: Connection refused` - → Ensure the remote machine has `tailscale ping thunderobot` resolving to `100.93.226.13` - → Ensure the host's port `222` is reachable from the remote (it's bound to `0.0.0.0:222` in Docker) - -- `Permission denied (publickey)` - → Your SSH key wasn't added via Gitea web UI - → Run `ssh-add ~/.ssh/id_ed25519` if you use an agent - -- `Host key verification failed` - → Run `ssh -T git@thunderobot -p 222` interactively once to accept the fingerprint - -## HTTPS is disabled -`DISABLE_HTTP_GIT = true` is set on the server. All clones MUST use SSH. -If you need to fetch via HTTPS for CI or other non-ssh environments, this must be remapped. \ No newline at end of file diff --git a/wiki/SSH-Setup-Linux.md b/wiki/SSH-Setup-Linux.md new file mode 100644 index 0000000..4cd60ab --- /dev/null +++ b/wiki/SSH-Setup-Linux.md @@ -0,0 +1,36 @@ +# SSH Setup — Linux + +## Generate an SSH key +Open a terminal and run: +```bash +ssh-keygen -t ed25519 -C "your-name@example.com" +``` +Press Enter to accept the default path `/home//.ssh/id_ed25519`. Use a passphrase for extra safety. + +## Add the public key to Gitea +```bash +cat ~/.ssh/id_ed25519.pub +``` +Copy the full output, then open `http://git.klud.top/user/settings/keys` in your browser and paste it. Title: `linux-`. + +## Accept the server fingerprint and test +```bash +ssh -T git@thunderobot -p 222 +``` +- If asked `Are you sure you want to continue connecting (yes/no/[fingerprint])?`, type `yes`. +- Expected output: `Hi there, ! You've successfully authenticated with the key named linux-, but Gitea does not provide shell access.` + +## Clone a repo +```bash +git clone git@thunderobot:222/danchie/tekton.git +``` +Or with tea: +```bash +tea repos clone --git-protocol ssh danchie/tekton +``` + +## Troubleshooting +- **`Permission denied (publickey)`** — Your key wasn't added in the Gitea UI, or the agent hasn't loaded it. Run `ssh-add ~/.ssh/id_ed25519`. +- **`Host key verification failed`** — Run the `ssh -T` command above interactively at least once. +- **`ssh: connect to host thunderobot port 222: Connection refused`** — Ensure Tailscale is running and you can reach `100.93.226.13`. +- **`ssh: Could not resolve hostname thunderobot`** — Run `tailscale ping thunderobot` to verify tailnet DNS works. If not, use `ssh -T git@100.93.226.13 -p 222` instead. diff --git a/wiki/SSH-Setup-Windows.md b/wiki/SSH-Setup-Windows.md new file mode 100644 index 0000000..9a52876 --- /dev/null +++ b/wiki/SSH-Setup-Windows.md @@ -0,0 +1,42 @@ +# SSH Setup — Windows + +## Install Git for Windows +Download from https://git-scm.com/download/win and install with default options. + +This installs `git`, `ssh`, and `git-bash`. + +## Generate an SSH key +Open **Git Bash** and run: +```bash +ssh-keygen -t ed25519 -C "your-name@example.com" +``` +Press Enter to accept the default path `C:\Users\\.ssh\id_ed25519`. Set a passphrase, or leave it empty. + +## Add the public key to Gitea +```bash +cat ~/.ssh/id_ed25519.pub +``` +Copy the full output, then open `http://git.klud.top/user/settings/keys` in your browser and paste it. Title: `windows-`. + +## Accept the server fingerprint and test +```bash +ssh -T git@thunderobot -p 222 +``` +- If asked `Are you sure you want to continue connecting (yes/no/[fingerprint])?`, type `yes`. +- Expected output: `Hi there, ! You've successfully authenticated with the key named windows-, but Gitea does not provide shell access.` + +If you get this message, the key is recognized. + +## Clone a repo +```bash +git clone git@thunderobot:222/danchie/tekton.git +``` +Or with tea: +```bash +tea repos clone --git-protocol ssh danchie/tekton +``` + +## Troubleshooting +- **`Permission denied (publickey)`** — Your key wasn't added in the Gitea UI, or `~/.ssh/id_ed25519` isn't being offered. Run `ssh-add ~/.ssh/id_ed25519` in Git Bash. +- **`Host key verification failed`** — Run the `ssh -T` command above interactively at least once. +- **`ssh: connect to host thunderobot port 222: Connection refused`** — Ensure you can reach the tailnet host: `ping 100.93.226.13`. If ping fails, your machine isn't on the tailnet. diff --git a/wiki/SSH-Setup-macOS.md b/wiki/SSH-Setup-macOS.md new file mode 100644 index 0000000..fc406c3 --- /dev/null +++ b/wiki/SSH-Setup-macOS.md @@ -0,0 +1,35 @@ +# SSH Setup — macOS + +## Generate an SSH key +Open **Terminal** and run: +```bash +ssh-keygen -t ed25519 -C "your-name@example.com" +``` +Press Enter to accept the default path `/Users//.ssh/id_ed25519`. Use a passphrase for extra safety. + +## Add the public key to Gitea +```bash +cat ~/.ssh/id_ed25519.pub +``` +Copy the full output, then open `http://git.klud.top/user/settings/keys` in your browser and paste it. Title: `macos-`. + +## Accept the server fingerprint and test +```bash +ssh -T git@thunderobot -p 222 +``` +- If asked `Are you sure you want to continue connecting (yes/no/[fingerprint])?`, type `yes`. +- Expected output: `Hi there, ! You've successfully authenticated with the key named macos-, but Gitea does not provide shell access.` + +## Clone a repo +```bash +git clone git@thunderobot:222/danchie/tekton.git +``` +Or with tea: +```bash +tea repos clone --git-protocol ssh danchie/tekton +``` + +## Troubleshooting +- **`Permission denied (publickey)`** — Your key wasn't added in the Gitea UI, or the key isn't loaded in the agent. Run `ssh-add ~/.ssh/id_ed25519`. +- **`Host key verification failed`** — Run the `ssh -T` command above interactively at least once. +- **`ssh: connect to host thunderobot port 222: Connection refused`** — Ensure Tailscale is running and you can reach `100.93.226.13`. From 8255b1f465a36c516a46f9a5e0cf204b3b3b6495 Mon Sep 17 00:00:00 2001 From: adtpdn Date: Thu, 2 Jul 2026 01:50:54 +0800 Subject: [PATCH 3/6] Fix README wiki links to relative paths --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6925acc..50e739e 100644 --- a/README.md +++ b/README.md @@ -10,9 +10,9 @@ All clones **must use SSH** over Tailscale. HTTPS is disabled on this instance. Guides by operating system: -- [Linux](/danchie/tekton/wiki/SSH-Setup-Linux) -- [macOS](/danchie/tekton/wiki/SSH-Setup-macOS) -- [Windows](/danchie/tekton/wiki/SSH-Setup-Windows) +- [Linux](./wiki/SSH-Setup-Linux) +- [macOS](./wiki/SSH-Setup-macOS) +- [Windows](./wiki/SSH-Setup-Windows) Quick verification after setup: ```bash From 19f10a4486ca8a7eb123b2be4ac0a384f1fd2100 Mon Sep 17 00:00:00 2001 From: adtpdn Date: Thu, 2 Jul 2026 01:54:18 +0800 Subject: [PATCH 4/6] Remove wiki folder from main repo; wiki pages live in tekton.wiki.git --- wiki/SSH-Setup-Linux.md | 36 --------------------------------- wiki/SSH-Setup-Windows.md | 42 --------------------------------------- wiki/SSH-Setup-macOS.md | 35 -------------------------------- 3 files changed, 113 deletions(-) delete mode 100644 wiki/SSH-Setup-Linux.md delete mode 100644 wiki/SSH-Setup-Windows.md delete mode 100644 wiki/SSH-Setup-macOS.md diff --git a/wiki/SSH-Setup-Linux.md b/wiki/SSH-Setup-Linux.md deleted file mode 100644 index 4cd60ab..0000000 --- a/wiki/SSH-Setup-Linux.md +++ /dev/null @@ -1,36 +0,0 @@ -# SSH Setup — Linux - -## Generate an SSH key -Open a terminal and run: -```bash -ssh-keygen -t ed25519 -C "your-name@example.com" -``` -Press Enter to accept the default path `/home//.ssh/id_ed25519`. Use a passphrase for extra safety. - -## Add the public key to Gitea -```bash -cat ~/.ssh/id_ed25519.pub -``` -Copy the full output, then open `http://git.klud.top/user/settings/keys` in your browser and paste it. Title: `linux-`. - -## Accept the server fingerprint and test -```bash -ssh -T git@thunderobot -p 222 -``` -- If asked `Are you sure you want to continue connecting (yes/no/[fingerprint])?`, type `yes`. -- Expected output: `Hi there, ! You've successfully authenticated with the key named linux-, but Gitea does not provide shell access.` - -## Clone a repo -```bash -git clone git@thunderobot:222/danchie/tekton.git -``` -Or with tea: -```bash -tea repos clone --git-protocol ssh danchie/tekton -``` - -## Troubleshooting -- **`Permission denied (publickey)`** — Your key wasn't added in the Gitea UI, or the agent hasn't loaded it. Run `ssh-add ~/.ssh/id_ed25519`. -- **`Host key verification failed`** — Run the `ssh -T` command above interactively at least once. -- **`ssh: connect to host thunderobot port 222: Connection refused`** — Ensure Tailscale is running and you can reach `100.93.226.13`. -- **`ssh: Could not resolve hostname thunderobot`** — Run `tailscale ping thunderobot` to verify tailnet DNS works. If not, use `ssh -T git@100.93.226.13 -p 222` instead. diff --git a/wiki/SSH-Setup-Windows.md b/wiki/SSH-Setup-Windows.md deleted file mode 100644 index 9a52876..0000000 --- a/wiki/SSH-Setup-Windows.md +++ /dev/null @@ -1,42 +0,0 @@ -# SSH Setup — Windows - -## Install Git for Windows -Download from https://git-scm.com/download/win and install with default options. - -This installs `git`, `ssh`, and `git-bash`. - -## Generate an SSH key -Open **Git Bash** and run: -```bash -ssh-keygen -t ed25519 -C "your-name@example.com" -``` -Press Enter to accept the default path `C:\Users\\.ssh\id_ed25519`. Set a passphrase, or leave it empty. - -## Add the public key to Gitea -```bash -cat ~/.ssh/id_ed25519.pub -``` -Copy the full output, then open `http://git.klud.top/user/settings/keys` in your browser and paste it. Title: `windows-`. - -## Accept the server fingerprint and test -```bash -ssh -T git@thunderobot -p 222 -``` -- If asked `Are you sure you want to continue connecting (yes/no/[fingerprint])?`, type `yes`. -- Expected output: `Hi there, ! You've successfully authenticated with the key named windows-, but Gitea does not provide shell access.` - -If you get this message, the key is recognized. - -## Clone a repo -```bash -git clone git@thunderobot:222/danchie/tekton.git -``` -Or with tea: -```bash -tea repos clone --git-protocol ssh danchie/tekton -``` - -## Troubleshooting -- **`Permission denied (publickey)`** — Your key wasn't added in the Gitea UI, or `~/.ssh/id_ed25519` isn't being offered. Run `ssh-add ~/.ssh/id_ed25519` in Git Bash. -- **`Host key verification failed`** — Run the `ssh -T` command above interactively at least once. -- **`ssh: connect to host thunderobot port 222: Connection refused`** — Ensure you can reach the tailnet host: `ping 100.93.226.13`. If ping fails, your machine isn't on the tailnet. diff --git a/wiki/SSH-Setup-macOS.md b/wiki/SSH-Setup-macOS.md deleted file mode 100644 index fc406c3..0000000 --- a/wiki/SSH-Setup-macOS.md +++ /dev/null @@ -1,35 +0,0 @@ -# SSH Setup — macOS - -## Generate an SSH key -Open **Terminal** and run: -```bash -ssh-keygen -t ed25519 -C "your-name@example.com" -``` -Press Enter to accept the default path `/Users//.ssh/id_ed25519`. Use a passphrase for extra safety. - -## Add the public key to Gitea -```bash -cat ~/.ssh/id_ed25519.pub -``` -Copy the full output, then open `http://git.klud.top/user/settings/keys` in your browser and paste it. Title: `macos-`. - -## Accept the server fingerprint and test -```bash -ssh -T git@thunderobot -p 222 -``` -- If asked `Are you sure you want to continue connecting (yes/no/[fingerprint])?`, type `yes`. -- Expected output: `Hi there, ! You've successfully authenticated with the key named macos-, but Gitea does not provide shell access.` - -## Clone a repo -```bash -git clone git@thunderobot:222/danchie/tekton.git -``` -Or with tea: -```bash -tea repos clone --git-protocol ssh danchie/tekton -``` - -## Troubleshooting -- **`Permission denied (publickey)`** — Your key wasn't added in the Gitea UI, or the key isn't loaded in the agent. Run `ssh-add ~/.ssh/id_ed25519`. -- **`Host key verification failed`** — Run the `ssh -T` command above interactively at least once. -- **`ssh: connect to host thunderobot port 222: Connection refused`** — Ensure Tailscale is running and you can reach `100.93.226.13`. From 74c1e86c3238a2c54def08eac5849ad60247e9b2 Mon Sep 17 00:00:00 2001 From: adtpdn Date: Thu, 2 Jul 2026 01:56:46 +0800 Subject: [PATCH 5/6] Use absolute wiki URLs in README --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 50e739e..378fcbc 100644 --- a/README.md +++ b/README.md @@ -10,9 +10,9 @@ All clones **must use SSH** over Tailscale. HTTPS is disabled on this instance. Guides by operating system: -- [Linux](./wiki/SSH-Setup-Linux) -- [macOS](./wiki/SSH-Setup-macOS) -- [Windows](./wiki/SSH-Setup-Windows) +- [Linux](https://git.klud.top/danchie/tekton/wiki/SSH-Setup-Linux) +- [macOS](https://git.klud.top/danchie/tekton/wiki/SSH-Setup-macOS) +- [Windows](https://git.klud.top/danchie/tekton/wiki/SSH-Setup-Windows) Quick verification after setup: ```bash From 8fc3c1b91540b9a3b2c7001a0bb17ff096e672f7 Mon Sep 17 00:00:00 2001 From: adtpdn Date: Thu, 2 Jul 2026 01:58:18 +0800 Subject: [PATCH 6/6] Fix README breadcrumb/wiki links to absolute URLs --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 378fcbc..1f8ef0c 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ > Full developer documentation lives in this repo's **wiki** (sidebar link). > -> See in particular: [Skin Creation Workflow](./Skin-Creation-Workflow), [Nakama Deployment](./Nakama-Deployment), and [Patch Release Workflow](./Patch-Release-Workflow). +> See in particular: [Skin Creation Workflow](https://git.klud.top/danchie/tekton/wiki/Skin-Creation-Workflow), [Nakama Deployment](https://git.klud.top/danchie/tekton/wiki/Nakama-Deployment), and [Patch Release Workflow](https://git.klud.top/danchie/tekton/wiki/Patch-Release-Workflow). ## SSH setup for cloning