[matrix] redoit

alpine/matrix/build.sh

@@ -1,24 +1,43 @@
 #!/bin/sh
 
-ROOTFS=/tmp/matrix
+set -e
-ALPINE_TARBALL=alpine-minirootfs-3.9.2-x86_64.tar.gz
 
-wget http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/$ALPINE_TARBALL
+[ -z $NAME ] && NAME=matrix
+IMAGE=/tmp/$NAME.raw
+
+[ -z $ROOTFS         ] && ROOTFS=$(mktemp -d $NAME.XXX -t)
+[ -z $ALPINE_VERSION ] && ALPINE_VERSION=3.12
+[ -z $ALPINE_RELEASE ] && ALPINE_RELEASE=0
+
+ALPINE_TARBALL=alpine-minirootfs-$ALPINE_VERSION.$ALPINE_RELEASE-x86_64.tar.gz
+
+[ -f $IMAGE.raw      ] && rm $IMAGE.raw
+[ -f $ALPINE_TARBALL ] || wget http://dl-cdn.alpinelinux.org/alpine/v$ALPINE_VERSION/releases/x86_64/$ALPINE_TARBALL
 
 mkdir -p $ROOTFS
 tar xf $ALPINE_TARBALL -C $ROOTFS/ \
-    ./etc/apk ./etc/os-release ./usr ./lib ./bin ./sbin ./var
+    ./etc/apk ./usr ./lib ./bin ./sbin ./var
+
+chmod 755 $ROOTFS
 
 mkdir -p \
     $ROOTFS/etc/systemd/system \
     $ROOTFS/var/{lib,run,tmp} \
     $ROOTFS/{dev,tmp,proc,root,run,sys} \
     $ROOTFS/etc/matrix \
-    $ROOTFS/var/lib/matrix-{synapse,appservice-irc}
+    $ROOTFS/var/lib/matrix-synapse \
+    $ROOTFS/run/systemd/unit-root/var/tmp
 
 touch $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf
+cp systemd/matrix.service $ROOTFS/etc/systemd/system/$NAME.service
+cp conf/os-release $ROOTFS/etc/os-release
 
-cp systemd/* $ROOTFS/etc/systemd/system/
+sudo systemd-nspawn --directory $ROOTFS/ \
+                    --bind $HOME/dev/python/pyopenssl:/tmp/pyopenssl \
+                    --bind=$PWD/scripts/install.sh:/root/install.sh \
+                    /bin/sh /root/install.sh
 
-sudo systemd-nspawn --bind=$PWD/scripts/install.sh:/root/install.sh -D $ROOTFS/ /bin/sh /root/install.sh
+mksquashfs $ROOTFS/ $IMAGE -all-root -noappend
-mksquashfs $ROOTFS/ /tmp/matrix.raw
+sudo portablectl detach $IMAGE || true
+sudo portablectl attach $IMAGE
+sudo systemctl restart $NAME.service

alpine/matrix/conf/homeserver.jenga.yaml

@@ -1,143 +0,0 @@
-no_tls: False
-tls_certificate_path: "/etc/synapse/jenga.local.tls.crt"
-tls_private_key_path: "/etc/synapse/jenga.local.tls.key"
-tls_dh_params_path: "/etc/synapse/jenga.local.tls.dh"
-tls_fingerprints: []
-# tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
-
-
-## Server ##
-server_name: "jenga.local"
-pid_file: /var/lib/synapse/homeserver.pid
-
-
-soft_file_limit: 0
-use_presence: true
-
-
-listeners:
-  -
-    port: 8448
-    bind_addresses:
-      - '::'
-      - '0.0.0.0'
-    type: http
-    tls: true
-    x_forwarded: false
-    resources:
-      -
-        names:
-          - client       # The client-server APIs, both v1 and v2
-          # - webclient  # A web client. Requires web_client_location to be set.
-        compress: true
-
-      - names: [federation]  # Federation APIs
-        compress: false
-
-
-# Database configuration
-database:
-  name: "sqlite3"
-  args:
-    database: "/var/lib/synapse/homeserver.db"
-
-event_cache_size: "10K"
-
-log_config: "/etc/synapse/log.config"
-
-
-## Ratelimiting ##
-rc_messages_per_second: 0.2
-rc_message_burst_count: 10.0
-federation_rc_window_size: 1000
-federation_rc_sleep_limit: 10
-federation_rc_sleep_delay: 500
-federation_rc_reject_limit: 50
-federation_rc_concurrent: 3
-
-# Directory where uploaded images and attachments are stored.
-media_store_path: "/var/lib/synapse/media_store"
-uploads_path: "/var/lib/synapse/uploads"
-max_upload_size: "10M"
-max_image_pixels: "32M"
-
-dynamic_thumbnails: false
-thumbnail_sizes:
-- width: 32
-  height: 32
-  method: crop
-- width: 96
-  height: 96
-  method: crop
-- width: 320
-  height: 240
-  method: scale
-- width: 640
-  height: 480
-  method: scale
-- width: 800
-  height: 600
-  method: scale
-
-url_preview_enabled: False
-max_spider_size: "10M"
-
-
-## Captcha ##
-recaptcha_public_key: "YOUR_PUBLIC_KEY"
-recaptcha_private_key: "YOUR_PRIVATE_KEY"
-enable_registration_captcha: False
-recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
-
-turn_user_lifetime: "1h"
-turn_allow_guests: True
-
-
-## Registration ##
-enable_registration: False
-registration_shared_secret: ",@MxAOPr0kkpC-Gzzk1=Ea-HKH@S-utf:Uf0fiz;xAo~I2Y9Fk"
-bcrypt_rounds: 12
-allow_guest_access: False
-trusted_third_party_id_servers:
-    - matrix.org
-    - vector.im
-
-autocreate_auto_join_rooms: true
-
-
-## Metrics ###
-enable_metrics: False
-report_stats: false
-
-
-## API Configuration ##
-room_invite_state_types:
-    - "m.room.join_rules"
-    - "m.room.canonical_alias"
-    - "m.room.avatar"
-    - "m.room.name"
-app_service_config_files: []
-track_appservice_user_ips: False
-macaroon_secret_key: "mL9+dY892cIh&=L6kdZV.SU;i_N=-*DBkA,p^Jp8eQ_v7-DXz4"
-expire_access_token: False
-form_secret: "&+O&4t2BKp=E++pPrc:Y=Uxi50yM,Z5XxX^VFQ7Fad^0y,#bOc"
-
-## Signing Keys ##
-
-signing_key_path: "/etc/synapse/jenga.local.signing.key"
-old_signing_keys: {}
-key_refresh_interval: "1d" # 1 Day.
-
-
-# Enable password for login.
-password_config:
-   enabled: true
-   # Uncomment and change to a secret random string for extra security.
-   # DO NOT CHANGE THIS AFTER INITIAL SETUP!
-   #pepper: ""
-
-enable_group_creation: false
-alias_creation_rules:
-    - user_id: "*"
-      alias: "*"
-      action: allow

alpine/matrix/conf/os-release

@@ -0,0 +1,4 @@
+PORTABLE_PRETTY_NAME="Synapse: A matrix homeserver"
+PORTABLE_ID=synapse
+PRETTY_NAME=Alpine
+ID=alpine

alpine/matrix/scripts/install-pip.sh

@@ -0,0 +1,37 @@
+#!/bin/sh
+
+apk --no-cache add --virtual .synapse-build \
+    build-base \
+    git \
+    libevent-dev \
+    libffi-dev \
+    libjpeg-turbo-dev \
+    libressl-dev \
+    libxslt-dev \
+    linux-headers \
+    python3-dev \
+    py3-pip \
+    zlib-dev
+
+pip3 install --upgrade pip setuptools
+pip3 install https://github.com/matrix-org/synapse/tarball/master
+
+apk del .synapse-build
+
+# Runtime packages.
+apk --no-cache add \
+    libjpeg-turbo \
+    libmagic \
+    libressl2.7-libssl \
+    python3
+
+find /usr -name "__pycache__" -exec rm -rf {} +
+find /usr -name "*.pyc" -exec rm {} +
+find /usr -name "*yarn*" -exec rm -rf {} +
+
+apk del alpine-keys
+
+rm -rf /etc/apk \
+       /root/.cache \
+       /root/.config \
+       /var/cache/*

alpine/matrix/scripts/install.sh

@@ -1,46 +1,16 @@
 #!/bin/sh
 
-apk --no-cache add --virtual .synapse-build \
+apk --no-cache add --no-scripts --no-commit-hooks --initramfs-diskless-boot synapse
-    build-base \
-    git \
-    libevent-dev \
-    libffi-dev \
-    libjpeg-turbo-dev \
-    libressl-dev \
-    libxslt-dev \
-    linux-headers \
-    python3-dev \
-    yarn \
-    zlib-dev
-
-pip3 install --upgrade pip setuptools
-pip3 install https://github.com/matrix-org/synapse/tarball/master
-
-IRC_DIR=/usr/lib/matrix-appservice-irc/
-mkdir ${IRC_DIR}
-cd ${IRC_DIR}
-yarn add matrix-appservice-irc
-ln -s ${IRC_DIR}/node_modules/matrix-appservice-irc/bin/matrix-appservice-irc /usr/local/bin/matrix-appservice-irc
-
-apk del .synapse-build
-
-# Runtime packages.
-apk --no-cache add \
-    libjpeg-turbo \
-    libmagic \
-    libressl2.7-libssl \
-    nodejs \
-    python3
 
 find /usr -name "__pycache__" -exec rm -rf {} +
 find /usr -name "*.pyc" -exec rm {} +
-find /usr -name "*yarn*" -exec rm -rf {} +
-find / -name "*node-gyp*" -exec rm -rf {} +
 
-apk del alpine-keys
+apk del alpine-keys alpine-baselayout
 
 rm -rf /etc/apk \
+       /etc/ssl \
+       /etc/terminfo \
+       /etc/synapse \
        /root/.cache \
        /root/.config \
-       /root/.npm \
        /var/cache/*

alpine/matrix/systemd/matrix.service

@@ -4,14 +4,13 @@ After=network-online.target
 Requires=network-online.target
 
 [Service]
-MemoryDenyWriteExecute=no
-
 Environment=LANG=en_US.UTF-8
 Environment=SYNAPSE_LOG_LEVEL=DEBUG
 Environment=PYTHONDONTWRITEBYTECODE=1
 
-ExecStart=/usr/bin/python3 -m synapse.app.homeserver -c /etc/matrix/homeserver.yaml
+ExecStart=/usr/bin/synctl start /etc/matrix/homeserver.yaml --no-daemonize
 ExecStop=/usr/bin/synctl stop /etc/matrix/homeserver.yaml
 
 StateDirectory=matrix-synapse
 ConfigurationDirectory=matrix
+RuntimeDirectory=matrix