diff --git a/alpine/matrix/build.sh b/alpine/matrix/build.sh index 0682477..fb8db74 100644 --- a/alpine/matrix/build.sh +++ b/alpine/matrix/build.sh @@ -1,24 +1,43 @@ #!/bin/sh -ROOTFS=/tmp/matrix -ALPINE_TARBALL=alpine-minirootfs-3.9.2-x86_64.tar.gz +set -e -wget http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/$ALPINE_TARBALL +[ -z $NAME ] && NAME=matrix +IMAGE=/tmp/$NAME.raw + +[ -z $ROOTFS ] && ROOTFS=$(mktemp -d $NAME.XXX -t) +[ -z $ALPINE_VERSION ] && ALPINE_VERSION=3.12 +[ -z $ALPINE_RELEASE ] && ALPINE_RELEASE=0 + +ALPINE_TARBALL=alpine-minirootfs-$ALPINE_VERSION.$ALPINE_RELEASE-x86_64.tar.gz + +[ -f $IMAGE.raw ] && rm $IMAGE.raw +[ -f $ALPINE_TARBALL ] || wget http://dl-cdn.alpinelinux.org/alpine/v$ALPINE_VERSION/releases/x86_64/$ALPINE_TARBALL mkdir -p $ROOTFS tar xf $ALPINE_TARBALL -C $ROOTFS/ \ - ./etc/apk ./etc/os-release ./usr ./lib ./bin ./sbin ./var + ./etc/apk ./usr ./lib ./bin ./sbin ./var + +chmod 755 $ROOTFS mkdir -p \ $ROOTFS/etc/systemd/system \ $ROOTFS/var/{lib,run,tmp} \ $ROOTFS/{dev,tmp,proc,root,run,sys} \ $ROOTFS/etc/matrix \ - $ROOTFS/var/lib/matrix-{synapse,appservice-irc} + $ROOTFS/var/lib/matrix-synapse \ + $ROOTFS/run/systemd/unit-root/var/tmp touch $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf +cp systemd/matrix.service $ROOTFS/etc/systemd/system/$NAME.service +cp conf/os-release $ROOTFS/etc/os-release -cp systemd/* $ROOTFS/etc/systemd/system/ +sudo systemd-nspawn --directory $ROOTFS/ \ + --bind $HOME/dev/python/pyopenssl:/tmp/pyopenssl \ + --bind=$PWD/scripts/install.sh:/root/install.sh \ + /bin/sh /root/install.sh -sudo systemd-nspawn --bind=$PWD/scripts/install.sh:/root/install.sh -D $ROOTFS/ /bin/sh /root/install.sh -mksquashfs $ROOTFS/ /tmp/matrix.raw +mksquashfs $ROOTFS/ $IMAGE -all-root -noappend +sudo portablectl detach $IMAGE || true +sudo portablectl attach $IMAGE +sudo systemctl restart $NAME.service diff --git a/alpine/matrix/conf/homeserver.jenga.yaml b/alpine/matrix/conf/homeserver.jenga.yaml deleted file mode 100644 index 009d965..0000000 --- a/alpine/matrix/conf/homeserver.jenga.yaml +++ /dev/null @@ -1,143 +0,0 @@ -no_tls: False -tls_certificate_path: "/etc/synapse/jenga.local.tls.crt" -tls_private_key_path: "/etc/synapse/jenga.local.tls.key" -tls_dh_params_path: "/etc/synapse/jenga.local.tls.dh" -tls_fingerprints: [] -# tls_fingerprints: [{"sha256": ""}] - - -## Server ## -server_name: "jenga.local" -pid_file: /var/lib/synapse/homeserver.pid - - -soft_file_limit: 0 -use_presence: true - - -listeners: - - - port: 8448 - bind_addresses: - - '::' - - '0.0.0.0' - type: http - tls: true - x_forwarded: false - resources: - - - names: - - client # The client-server APIs, both v1 and v2 - # - webclient # A web client. Requires web_client_location to be set. - compress: true - - - names: [federation] # Federation APIs - compress: false - - -# Database configuration -database: - name: "sqlite3" - args: - database: "/var/lib/synapse/homeserver.db" - -event_cache_size: "10K" - -log_config: "/etc/synapse/log.config" - - -## Ratelimiting ## -rc_messages_per_second: 0.2 -rc_message_burst_count: 10.0 -federation_rc_window_size: 1000 -federation_rc_sleep_limit: 10 -federation_rc_sleep_delay: 500 -federation_rc_reject_limit: 50 -federation_rc_concurrent: 3 - -# Directory where uploaded images and attachments are stored. -media_store_path: "/var/lib/synapse/media_store" -uploads_path: "/var/lib/synapse/uploads" -max_upload_size: "10M" -max_image_pixels: "32M" - -dynamic_thumbnails: false -thumbnail_sizes: -- width: 32 - height: 32 - method: crop -- width: 96 - height: 96 - method: crop -- width: 320 - height: 240 - method: scale -- width: 640 - height: 480 - method: scale -- width: 800 - height: 600 - method: scale - -url_preview_enabled: False -max_spider_size: "10M" - - -## Captcha ## -recaptcha_public_key: "YOUR_PUBLIC_KEY" -recaptcha_private_key: "YOUR_PRIVATE_KEY" -enable_registration_captcha: False -recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" - -turn_user_lifetime: "1h" -turn_allow_guests: True - - -## Registration ## -enable_registration: False -registration_shared_secret: ",@MxAOPr0kkpC-Gzzk1=Ea-HKH@S-utf:Uf0fiz;xAo~I2Y9Fk" -bcrypt_rounds: 12 -allow_guest_access: False -trusted_third_party_id_servers: - - matrix.org - - vector.im - -autocreate_auto_join_rooms: true - - -## Metrics ### -enable_metrics: False -report_stats: false - - -## API Configuration ## -room_invite_state_types: - - "m.room.join_rules" - - "m.room.canonical_alias" - - "m.room.avatar" - - "m.room.name" -app_service_config_files: [] -track_appservice_user_ips: False -macaroon_secret_key: "mL9+dY892cIh&=L6kdZV.SU;i_N=-*DBkA,p^Jp8eQ_v7-DXz4" -expire_access_token: False -form_secret: "&+O&4t2BKp=E++pPrc:Y=Uxi50yM,Z5XxX^VFQ7Fad^0y,#bOc" - -## Signing Keys ## - -signing_key_path: "/etc/synapse/jenga.local.signing.key" -old_signing_keys: {} -key_refresh_interval: "1d" # 1 Day. - - -# Enable password for login. -password_config: - enabled: true - # Uncomment and change to a secret random string for extra security. - # DO NOT CHANGE THIS AFTER INITIAL SETUP! - #pepper: "" - -enable_group_creation: false -alias_creation_rules: - - user_id: "*" - alias: "*" - action: allow diff --git a/alpine/matrix/conf/os-release b/alpine/matrix/conf/os-release new file mode 100644 index 0000000..a6a2844 --- /dev/null +++ b/alpine/matrix/conf/os-release @@ -0,0 +1,4 @@ +PORTABLE_PRETTY_NAME="Synapse: A matrix homeserver" +PORTABLE_ID=synapse +PRETTY_NAME=Alpine +ID=alpine diff --git a/alpine/matrix/scripts/install-pip.sh b/alpine/matrix/scripts/install-pip.sh new file mode 100644 index 0000000..9f1819a --- /dev/null +++ b/alpine/matrix/scripts/install-pip.sh @@ -0,0 +1,37 @@ +#!/bin/sh + +apk --no-cache add --virtual .synapse-build \ + build-base \ + git \ + libevent-dev \ + libffi-dev \ + libjpeg-turbo-dev \ + libressl-dev \ + libxslt-dev \ + linux-headers \ + python3-dev \ + py3-pip \ + zlib-dev + +pip3 install --upgrade pip setuptools +pip3 install https://github.com/matrix-org/synapse/tarball/master + +apk del .synapse-build + +# Runtime packages. +apk --no-cache add \ + libjpeg-turbo \ + libmagic \ + libressl2.7-libssl \ + python3 + +find /usr -name "__pycache__" -exec rm -rf {} + +find /usr -name "*.pyc" -exec rm {} + +find /usr -name "*yarn*" -exec rm -rf {} + + +apk del alpine-keys + +rm -rf /etc/apk \ + /root/.cache \ + /root/.config \ + /var/cache/* diff --git a/alpine/matrix/scripts/install.sh b/alpine/matrix/scripts/install.sh index fd6407a..185fd5f 100644 --- a/alpine/matrix/scripts/install.sh +++ b/alpine/matrix/scripts/install.sh @@ -1,46 +1,16 @@ #!/bin/sh -apk --no-cache add --virtual .synapse-build \ - build-base \ - git \ - libevent-dev \ - libffi-dev \ - libjpeg-turbo-dev \ - libressl-dev \ - libxslt-dev \ - linux-headers \ - python3-dev \ - yarn \ - zlib-dev - -pip3 install --upgrade pip setuptools -pip3 install https://github.com/matrix-org/synapse/tarball/master - -IRC_DIR=/usr/lib/matrix-appservice-irc/ -mkdir ${IRC_DIR} -cd ${IRC_DIR} -yarn add matrix-appservice-irc -ln -s ${IRC_DIR}/node_modules/matrix-appservice-irc/bin/matrix-appservice-irc /usr/local/bin/matrix-appservice-irc - -apk del .synapse-build - -# Runtime packages. -apk --no-cache add \ - libjpeg-turbo \ - libmagic \ - libressl2.7-libssl \ - nodejs \ - python3 +apk --no-cache add --no-scripts --no-commit-hooks --initramfs-diskless-boot synapse find /usr -name "__pycache__" -exec rm -rf {} + find /usr -name "*.pyc" -exec rm {} + -find /usr -name "*yarn*" -exec rm -rf {} + -find / -name "*node-gyp*" -exec rm -rf {} + -apk del alpine-keys +apk del alpine-keys alpine-baselayout rm -rf /etc/apk \ + /etc/ssl \ + /etc/terminfo \ + /etc/synapse \ /root/.cache \ /root/.config \ - /root/.npm \ /var/cache/* diff --git a/alpine/matrix/systemd/matrix.service b/alpine/matrix/systemd/matrix.service index ac6d51f..8f2e9d7 100644 --- a/alpine/matrix/systemd/matrix.service +++ b/alpine/matrix/systemd/matrix.service @@ -4,14 +4,13 @@ After=network-online.target Requires=network-online.target [Service] -MemoryDenyWriteExecute=no - Environment=LANG=en_US.UTF-8 Environment=SYNAPSE_LOG_LEVEL=DEBUG Environment=PYTHONDONTWRITEBYTECODE=1 -ExecStart=/usr/bin/python3 -m synapse.app.homeserver -c /etc/matrix/homeserver.yaml +ExecStart=/usr/bin/synctl start /etc/matrix/homeserver.yaml --no-daemonize ExecStop=/usr/bin/synctl stop /etc/matrix/homeserver.yaml StateDirectory=matrix-synapse ConfigurationDirectory=matrix +RuntimeDirectory=matrix