diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..ea0a01c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,8 @@
+*.tar*
+
+*.crt
+*.key
+*.dh
+
+*.sw?
+*~
diff --git a/alpine/gitea/app.ini b/alpine/gitea/app.ini
new file mode 100644
index 0000000..cd64e3e
--- /dev/null
+++ b/alpine/gitea/app.ini
@@ -0,0 +1,32 @@
+RUN_USER = gitea
+RUN_MODE = prod
+
+[repository]
+ROOT = /var/lib/gitea/git
+SCRIPT_TYPE = sh
+
+[server]
+STATIC_ROOT_PATH = /usr/share/webapps/gitea
+APP_DATA_PATH    = /var/lib/gitea/data
+
+[database]
+DB_TYPE = sqlite3
+PATH = /var/lib/gitea/db/gitea.db
+SSL_MODE = disable
+
+[session]
+PROVIDER = file
+
+[log]
+MODE = info_console
+LEVEL = Info
+
+[Log.error_console]
+Mode=console
+Stderr=true
+Level=Error
+
+[Log.info_console]
+Mode=console
+Stderr=true
+Level=Info
diff --git a/alpine/gitea/build.sh b/alpine/gitea/build.sh
new file mode 100755
index 0000000..5365b0e
--- /dev/null
+++ b/alpine/gitea/build.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+[ -z $ROOTFS         ] && ROOTFS=/tmp/gitea
+[ -z $ALPINE_VERSION ] && ALPINE_VERSION=3.10
+[ -z $ALPINE_RELEASE ] && ALPINE_RELEASE=0
+
+ALPINE_TARBALL=alpine-minirootfs-$ALPINE_VERSION.$ALPINE_RELEASE-x86_64.tar.gz
+
+[ -f $ROOTFS.raw     ] && sudo rm $ROOTFS.raw
+[ -f $ALPINE_TARBALL ] || wget http://dl-cdn.alpinelinux.org/alpine/v$ALPINE_VERSION/releases/x86_64/$ALPINE_TARBALL
+
+sudo systemctl stop gitea.service && sudo portablectl detach gitea
+
+sudo mkdir -p $ROOTFS
+sudo tar xf $ALPINE_TARBALL -C $ROOTFS/
+
+sudo mkdir -p \
+    $ROOTFS/etc/systemd/system \
+    $ROOTFS/var/{lib,run,tmp} \
+    $ROOTFS/{dev,tmp,proc,root,run,sys} \
+    $ROOTFS/etc/gitea \
+    $ROOTFS/var/lib/gitea \
+    $ROOTFS/dev/log \
+    $ROOTFS/run/systemd/journal \
+    $ROOTFS/run/{dbus,gitea} \
+    $ROOTFS/{proc,sys,dev} \
+    $ROOTFS/var/tmp/ \
+    $ROOTFS/root/.ssh
+
+sudo touch  $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf
+
+sudo systemd-nspawn --directory $ROOTFS/ /sbin/apk update
+sudo systemd-nspawn --directory $ROOTFS/ /sbin/apk add --no-cache gitea openssh-keygen
+# sudo systemd-nspawn --directory $ROOTFS/ /bin/rm -rf /etc/apk /root/.cache /root/.config /var/cache/*
+
+sudo cp systemd/* $ROOTFS/etc/systemd/system/
+
+sudo mksquashfs $ROOTFS/ $ROOTFS.raw -all-root -noappend
+#sudo rm -rf $ROOTFS
+sudo portablectl attach $ROOTFS.raw
diff --git a/alpine/gitea/systemd/gitea.service b/alpine/gitea/systemd/gitea.service
new file mode 100644
index 0000000..139fee3
--- /dev/null
+++ b/alpine/gitea/systemd/gitea.service
@@ -0,0 +1,26 @@
+[Unit]
+Description=Gitea (Git with a cup of tea)
+After=network.target
+#Requires=mysql.service
+#Requires=mariadb.service
+#Requires=postgresql.service
+#Requires=memcached.service
+#Requires=redis.service
+
+[Service]
+Type=simple
+User=gitea
+Group=www-data
+
+Environment=USER=gitea HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea
+WorkingDirectory=/var/lib/gitea
+
+ExecStart=/bin/ls -al /etc/gitea/
+#ExecStart=/usr/bin/gitea web -c /etc/gitea/app.ini
+
+RuntimeDirectory=gitea
+StateDirectory=gitea
+ConfigurationDirectory=gitea
+
+[Install]
+WantedBy=multi-user.target
diff --git a/alpine-matrix/README.md b/alpine/matrix/README.md
similarity index 100%
rename from alpine-matrix/README.md
rename to alpine/matrix/README.md
diff --git a/alpine-matrix/build.sh b/alpine/matrix/build.sh
similarity index 66%
rename from alpine-matrix/build.sh
rename to alpine/matrix/build.sh
index 11776ca..917ca49 100644
--- a/alpine-matrix/build.sh
+++ b/alpine/matrix/build.sh
@@ -9,12 +9,14 @@ mkdir -p $ROOTFS
 tar xf $ALPINE_TARBALL -C $ROOTFS/ \
     ./etc/apk ./etc/os-release ./usr ./lib ./bin ./sbin ./var
 
-mkdir -p $ROOTFS/etc/systemd/system \
-         $ROOTFS/var/{lib,run,tmp} \
-         $ROOTFS/{dev,tmp,proc,root,run,sys} \
-         $ROOTFS/etc/matrix \
-         $ROOTFS/var/lib/matrix-{synapse,appservice-irc}
-touch    $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf
+mkdir -p \
+    $ROOTFS/etc/systemd/system \
+    $ROOTFS/var/{lib,run,tmp} \
+    $ROOTFS/{dev,tmp,proc,root,run,sys} \
+    $ROOTFS/etc/matrix \
+    $ROOTFS/var/lib/matrix-{synapse,appservice-irc}
+
+touch $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf
 
 touch $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf
 cp systemd/* $ROOTFS/etc/systemd/system/
diff --git a/alpine/matrix/conf/homeserver.jenga.yaml b/alpine/matrix/conf/homeserver.jenga.yaml
new file mode 100644
index 0000000..009d965
--- /dev/null
+++ b/alpine/matrix/conf/homeserver.jenga.yaml
@@ -0,0 +1,143 @@
+no_tls: False
+tls_certificate_path: "/etc/synapse/jenga.local.tls.crt"
+tls_private_key_path: "/etc/synapse/jenga.local.tls.key"
+tls_dh_params_path: "/etc/synapse/jenga.local.tls.dh"
+tls_fingerprints: []
+# tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
+
+
+## Server ##
+server_name: "jenga.local"
+pid_file: /var/lib/synapse/homeserver.pid
+
+
+soft_file_limit: 0
+use_presence: true
+
+
+listeners:
+  -
+    port: 8448
+    bind_addresses:
+      - '::'
+      - '0.0.0.0'
+    type: http
+    tls: true
+    x_forwarded: false
+    resources:
+      -
+        names:
+          - client       # The client-server APIs, both v1 and v2
+          # - webclient  # A web client. Requires web_client_location to be set.
+        compress: true
+
+      - names: [federation]  # Federation APIs
+        compress: false
+
+
+# Database configuration
+database:
+  name: "sqlite3"
+  args:
+    database: "/var/lib/synapse/homeserver.db"
+
+event_cache_size: "10K"
+
+log_config: "/etc/synapse/log.config"
+
+
+## Ratelimiting ##
+rc_messages_per_second: 0.2
+rc_message_burst_count: 10.0
+federation_rc_window_size: 1000
+federation_rc_sleep_limit: 10
+federation_rc_sleep_delay: 500
+federation_rc_reject_limit: 50
+federation_rc_concurrent: 3
+
+# Directory where uploaded images and attachments are stored.
+media_store_path: "/var/lib/synapse/media_store"
+uploads_path: "/var/lib/synapse/uploads"
+max_upload_size: "10M"
+max_image_pixels: "32M"
+
+dynamic_thumbnails: false
+thumbnail_sizes:
+- width: 32
+  height: 32
+  method: crop
+- width: 96
+  height: 96
+  method: crop
+- width: 320
+  height: 240
+  method: scale
+- width: 640
+  height: 480
+  method: scale
+- width: 800
+  height: 600
+  method: scale
+
+url_preview_enabled: False
+max_spider_size: "10M"
+
+
+## Captcha ##
+recaptcha_public_key: "YOUR_PUBLIC_KEY"
+recaptcha_private_key: "YOUR_PRIVATE_KEY"
+enable_registration_captcha: False
+recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
+
+turn_user_lifetime: "1h"
+turn_allow_guests: True
+
+
+## Registration ##
+enable_registration: False
+registration_shared_secret: ",@MxAOPr0kkpC-Gzzk1=Ea-HKH@S-utf:Uf0fiz;xAo~I2Y9Fk"
+bcrypt_rounds: 12
+allow_guest_access: False
+trusted_third_party_id_servers:
+    - matrix.org
+    - vector.im
+
+autocreate_auto_join_rooms: true
+
+
+## Metrics ###
+enable_metrics: False
+report_stats: false
+
+
+## API Configuration ##
+room_invite_state_types:
+    - "m.room.join_rules"
+    - "m.room.canonical_alias"
+    - "m.room.avatar"
+    - "m.room.name"
+app_service_config_files: []
+track_appservice_user_ips: False
+macaroon_secret_key: "mL9+dY892cIh&=L6kdZV.SU;i_N=-*DBkA,p^Jp8eQ_v7-DXz4"
+expire_access_token: False
+form_secret: "&+O&4t2BKp=E++pPrc:Y=Uxi50yM,Z5XxX^VFQ7Fad^0y,#bOc"
+
+## Signing Keys ##
+
+signing_key_path: "/etc/synapse/jenga.local.signing.key"
+old_signing_keys: {}
+key_refresh_interval: "1d" # 1 Day.
+
+
+# Enable password for login.
+password_config:
+   enabled: true
+   # Uncomment and change to a secret random string for extra security.
+   # DO NOT CHANGE THIS AFTER INITIAL SETUP!
+   #pepper: ""
+
+enable_group_creation: false
+alias_creation_rules:
+    - user_id: "*"
+      alias: "*"
+      action: allow
diff --git a/alpine-matrix/scripts/install.sh b/alpine/matrix/scripts/install.sh
similarity index 100%
rename from alpine-matrix/scripts/install.sh
rename to alpine/matrix/scripts/install.sh
diff --git a/alpine-matrix/systemd/matrix-appservice-irc.service b/alpine/matrix/systemd/matrix-appservice-irc.service
similarity index 100%
rename from alpine-matrix/systemd/matrix-appservice-irc.service
rename to alpine/matrix/systemd/matrix-appservice-irc.service
diff --git a/alpine-matrix/systemd/matrix.service b/alpine/matrix/systemd/matrix.service
similarity index 100%
rename from alpine-matrix/systemd/matrix.service
rename to alpine/matrix/systemd/matrix.service
diff --git a/alpine/rust/build.sh b/alpine/rust/build.sh
new file mode 100644
index 0000000..212fc6a
--- /dev/null
+++ b/alpine/rust/build.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+ROOTFS=/tmp/cgit
+ALPINE_TARBALL=alpine-minirootfs-3.9.2-x86_64.tar.gz
+
+# wget http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/$ALPINE_TARBALL
+
+mkdir -p $ROOTFS
+tar xf $ALPINE_TARBALL -C $ROOTFS/ \
+    ./etc/apk ./etc/os-release ./usr ./lib ./bin ./sbin ./var
+
+mkdir -p $ROOTFS/etc/systemd/system \
+         $ROOTFS/var/{lib,run,tmp} \
+         $ROOTFS/{dev,tmp,proc,root,run,sys} \
+         $ROOTFS/etc/git \
+         $ROOTFS/var/lib/git
+touch    $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf
+
+sudo systemd-nspawn --directory $ROOTFS/ /sbin/apk update
+sudo systemd-nspawn --directory $ROOTFS/ /sbin/apk add cgit uwsgi-cgi
+cp systemd/* $ROOTFS/etc/systemd/system/
+
+mksquashfs $ROOTFS/ $ROOTFS.raw
diff --git a/alpine/rust/systemd/cgit.service b/alpine/rust/systemd/cgit.service
new file mode 100644
index 0000000..6944182
--- /dev/null
+++ b/alpine/rust/systemd/cgit.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=cgit uwsgi service
+After=network.target
+Before=nginx.service
+Requires=cgit.socket
+
+[Service]
+DynamicUser=yes
+User=git
+Group=git
+RuntimeDirectory=git
+ConfigurationDirectory=git
diff --git a/alpine/rust/systemd/cgit.socket b/alpine/rust/systemd/cgit.socket
new file mode 100644
index 0000000..a861d5a
--- /dev/null
+++ b/alpine/rust/systemd/cgit.socket
@@ -0,0 +1,10 @@
+[Unit]
+Description=cgit socket
+
+[Socket]
+ListenStream=/run/git/cgit.sock
+SocketMode=0660
+SocketGroup=http
+
+[Install]
+WantedBy=sockets.target
diff --git a/alpine/simple/build.sh b/alpine/simple/build.sh
new file mode 100644
index 0000000..c9d87ae
--- /dev/null
+++ b/alpine/simple/build.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+ROOTFS=`mktemp -d rootfs.XXX -t`
+TMPDIR=/tmp
+TARBALL=alpine-minirootfs-3.9.0-x86_64.tar.gz
+URL=http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/$TARBALL
+
+[ "$URL" ] && wget -c $URL
+
+mkdir $ROOTFS
+
+# 1. create rootfs
+tar xf $TARBALL -C $ROOTFS/ \
+    ./etc/os-release ./usr ./lib ./bin ./sbin
+
+# 2. create mount points
+mkdir -p $ROOTFS/etc/systemd/system $ROOTFS/var/{lib,run,tmp} $ROOTFS/{dev,proc,sys,tmp,run,root}
+touch $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf
+
+# 3. simple service unit
+cat <<EOF > $ROOTFS/etc/systemd/system/simple.service
+[Unit]
+Description=Simple portable test service
+
+[Service]
+Type=exec
+ExecStart=/bin/sh -c 'while /bin/sleep 5; do echo ping; done'
+EOF
+
+# 4. create a read-only squashfs rootfs image
+mksquashfs $ROOTFS $TMPDIR/simple.raw -all-root -noappend
+
+# 5. attach and start the service
+sudo portablectl attach $TMPDIR/simple.raw
+sudo systemctl start simple-test
+
+# 6. undo
+#sudo systemctl stop simple-test
+#sudo portablectl detach $TMPDIR/simple.raw