Update the readme to the current state

... will be updated soon again

alpine/gitea/README.md

@@ -38,5 +38,5 @@ through the web UI, but here goes.
 ## TODO
 
 * Instructions for setting up SSH with Gitea's built-in SSH server and the SSH
-  server running on the host.
+  server running on the host. https://docs.gitea.io/en-us/install-with-docker/
 * Real world configuration.

alpine/matrix/README.md

@@ -1,11 +1,9 @@
-Matrix synapse service with IRC and Telegram gateways
-=====================================================
+# Matrix synapse service with a TURN server and riot-web frontend
 
-A collection of systemd services that run synapse and the IRC gateway
-(matrix-appservice-irc) in an isolated read-only alpine squashfs image.
+A collection of systemd services that run synapse, riot-web and a TURN server
+as systemd portable services.
 
-Building the squashfs image
----------------------------
+## Building the squashfs image
 
 Run:
 
@@ -14,62 +12,24 @@ $ sh build.sh
 ```
 
 It will create a rootfs/ folder with an alpine filesystem, install synapse,
-matrix-appservice-irc and compress it into a squashfs image that will be used
-as a root filesystem for the container.
+compress it into a squashfs image that will be used as a root filesystem for
+the container.
 
-If the script finished successfully, you should get an \~45M matrix.raw
+If the script finished successfully, you should get an \~25M matrix.raw
 image.
 
-Running the portable services
------------------------------
+## Running the portable services
 
 Attach the container with `sudo portablectl attach ./matrix.raw`.
-
-The output should look something like this:
-
-``` {.sourceCode .shell}
-$ sudo portablectl attach ./matrix.raw
-
-Created directory /etc/systemd/system.attached.
-Created directory /etc/systemd/system.attached/matrix.service.d.
-Written /etc/systemd/system.attached/matrix.service.d/20-portable.conf.
-Created symlink /etc/systemd/system.attached/matrix.service.d/10-profile.conf → /usr/lib/systemd/portable/profile/default/service.conf.
-Copied /etc/systemd/system.attached/matrix.service.
-Created directory /etc/systemd/system.attached/matrix-appservice-irc.service.d.
-Written /etc/systemd/system.attached/matrix-appservice-irc.service.d/20-portable.conf.
-Created symlink /etc/systemd/system.attached/matrix-appservice-irc.service.d/10-profile.conf → /usr/lib/systemd/portable/profile/default/service.conf.
-Copied /etc/systemd/system.attached/matrix-appservice-irc.service.
-Created symlink /etc/portables/matrix.raw → /tmp/matrix.raw.
-
-
 Start/Stop as any other systemd service, e.g:
 
 ``` {.sourceCode .shell}
-sudo systemctl start matrix-appservice-irc.service
 sudo systemctl stop matrix.service
 ```
 
-Existing matrix installations
------------------------------
+## Install another existing service
 
-1.  Stop your current services.
-2.  Copy all configuration files to `/etc/matrix`.
-3.  Run all portable services, so that they create all directories in
-    `/var/lib`.
-4.  Copy all data files, e.g. homeserver.db if you\'re using sqlite,
-    media and upload folders for synapse, rooms.db for the irc gateway,
-    etc. to `/var/lib/matrix-{synapse,appservice-irc}`.
-
-Warning
--------
-
-You should set up all logging to stdout.
-
-Any configuration that has something to do with the filesystem should be
-configured to write files to `/var/lib/matrix-{synapse,appservice-irc}`.
-
-TODO
-----
-
--   Use a Makefile to build the image. Add attach, detach and clean
-    targets.
+``` {.sourceCode .shell}
+NAME=riot sh build.sh
+sudo systemctl start riot.service
+```

alpine/matrix/build.sh

@@ -1,24 +1,43 @@
 #!/bin/sh
 
-ROOTFS=/tmp/matrix
-ALPINE_TARBALL=alpine-minirootfs-3.9.2-x86_64.tar.gz
+set -e
 
-wget http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/$ALPINE_TARBALL
+[ -z $NAME ] && NAME=matrix
+IMAGE=/tmp/$NAME.raw
+
+[ -z $ROOTFS         ] && ROOTFS=$(mktemp -d $NAME.XXX -t)
+[ -z $ALPINE_VERSION ] && ALPINE_VERSION=3.13
+[ -z $ALPINE_RELEASE ] && ALPINE_RELEASE=1
+
+ALPINE_TARBALL=alpine-minirootfs-$ALPINE_VERSION.$ALPINE_RELEASE-x86_64.tar.gz
+
+[ -f $IMAGE.raw      ] && rm $IMAGE.raw
+[ -f $ALPINE_TARBALL ] || wget http://dl-cdn.alpinelinux.org/alpine/v$ALPINE_VERSION/releases/x86_64/$ALPINE_TARBALL
 
 mkdir -p $ROOTFS
 tar xf $ALPINE_TARBALL -C $ROOTFS/ \
-    ./etc/apk ./etc/os-release ./usr ./lib ./bin ./sbin ./var
+    ./etc ./usr ./lib ./bin ./sbin ./var
+
+chmod 755 $ROOTFS
 
 mkdir -p \
     $ROOTFS/etc/systemd/system \
     $ROOTFS/var/{lib,run,tmp} \
     $ROOTFS/{dev,tmp,proc,root,run,sys} \
-    $ROOTFS/etc/matrix \
-    $ROOTFS/var/lib/matrix-{synapse,appservice-irc}
+    $ROOTFS/etc/$NAME \
+    $ROOTFS/var/lib/$NAME \
+    $ROOTFS/run/systemd/unit-root/var/tmp
 
 touch $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf
+cp -a systemd/${NAME}* $ROOTFS/etc/systemd/system/
+cp conf/os-release $ROOTFS/etc/os-release
 
-cp systemd/* $ROOTFS/etc/systemd/system/
+sudo systemd-nspawn --directory $ROOTFS/ \
+                    --bind=$PWD/scripts/install-$NAME.sh:/root/install.sh \
+                    /bin/sh /root/install.sh
 
-sudo systemd-nspawn --bind=$PWD/scripts/install.sh:/root/install.sh -D $ROOTFS/ /bin/sh /root/install.sh
-mksquashfs $ROOTFS/ /tmp/matrix.raw
+sudo mksquashfs $ROOTFS/ $IMAGE -all-root -noappend
+sudo systemctl stop $IMAGE || true
+sudo portablectl detach $IMAGE || true
+sudo portablectl attach $IMAGE
+sudo systemctl restart $NAME.service

alpine/matrix/conf/homeserver.jenga.yaml

@@ -1,143 +0,0 @@
-no_tls: False
-tls_certificate_path: "/etc/synapse/jenga.local.tls.crt"
-tls_private_key_path: "/etc/synapse/jenga.local.tls.key"
-tls_dh_params_path: "/etc/synapse/jenga.local.tls.dh"
-tls_fingerprints: []
-# tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
-
-
-## Server ##
-server_name: "jenga.local"
-pid_file: /var/lib/synapse/homeserver.pid
-
-
-soft_file_limit: 0
-use_presence: true
-
-
-listeners:
-  -
-    port: 8448
-    bind_addresses:
-      - '::'
-      - '0.0.0.0'
-    type: http
-    tls: true
-    x_forwarded: false
-    resources:
-      -
-        names:
-          - client       # The client-server APIs, both v1 and v2
-          # - webclient  # A web client. Requires web_client_location to be set.
-        compress: true
-
-      - names: [federation]  # Federation APIs
-        compress: false
-
-
-# Database configuration
-database:
-  name: "sqlite3"
-  args:
-    database: "/var/lib/synapse/homeserver.db"
-
-event_cache_size: "10K"
-
-log_config: "/etc/synapse/log.config"
-
-
-## Ratelimiting ##
-rc_messages_per_second: 0.2
-rc_message_burst_count: 10.0
-federation_rc_window_size: 1000
-federation_rc_sleep_limit: 10
-federation_rc_sleep_delay: 500
-federation_rc_reject_limit: 50
-federation_rc_concurrent: 3
-
-# Directory where uploaded images and attachments are stored.
-media_store_path: "/var/lib/synapse/media_store"
-uploads_path: "/var/lib/synapse/uploads"
-max_upload_size: "10M"
-max_image_pixels: "32M"
-
-dynamic_thumbnails: false
-thumbnail_sizes:
-- width: 32
-  height: 32
-  method: crop
-- width: 96
-  height: 96
-  method: crop
-- width: 320
-  height: 240
-  method: scale
-- width: 640
-  height: 480
-  method: scale
-- width: 800
-  height: 600
-  method: scale
-
-url_preview_enabled: False
-max_spider_size: "10M"
-
-
-## Captcha ##
-recaptcha_public_key: "YOUR_PUBLIC_KEY"
-recaptcha_private_key: "YOUR_PRIVATE_KEY"
-enable_registration_captcha: False
-recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
-
-turn_user_lifetime: "1h"
-turn_allow_guests: True
-
-
-## Registration ##
-enable_registration: False
-registration_shared_secret: ",@MxAOPr0kkpC-Gzzk1=Ea-HKH@S-utf:Uf0fiz;xAo~I2Y9Fk"
-bcrypt_rounds: 12
-allow_guest_access: False
-trusted_third_party_id_servers:
-    - matrix.org
-    - vector.im
-
-autocreate_auto_join_rooms: true
-
-
-## Metrics ###
-enable_metrics: False
-report_stats: false
-
-
-## API Configuration ##
-room_invite_state_types:
-    - "m.room.join_rules"
-    - "m.room.canonical_alias"
-    - "m.room.avatar"
-    - "m.room.name"
-app_service_config_files: []
-track_appservice_user_ips: False
-macaroon_secret_key: "mL9+dY892cIh&=L6kdZV.SU;i_N=-*DBkA,p^Jp8eQ_v7-DXz4"
-expire_access_token: False
-form_secret: "&+O&4t2BKp=E++pPrc:Y=Uxi50yM,Z5XxX^VFQ7Fad^0y,#bOc"
-
-## Signing Keys ##
-
-signing_key_path: "/etc/synapse/jenga.local.signing.key"
-old_signing_keys: {}
-key_refresh_interval: "1d" # 1 Day.
-
-
-# Enable password for login.
-password_config:
-   enabled: true
-   # Uncomment and change to a secret random string for extra security.
-   # DO NOT CHANGE THIS AFTER INITIAL SETUP!
-   #pepper: ""
-
-enable_group_creation: false
-alias_creation_rules:
-    - user_id: "*"
-      alias: "*"
-      action: allow

alpine/matrix/conf/os-release

@@ -0,0 +1,4 @@
+PORTABLE_PRETTY_NAME="Synapse: A matrix homeserver"
+PORTABLE_ID=synapse
+PRETTY_NAME=Alpine
+ID=alpine

alpine/matrix/scripts/install-matrix.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+apk --no-cache add --no-scripts --no-commit-hooks synapse
+
+find /usr -name "__pycache__" -exec rm -rf {} +
+find /usr -name "*.pyc" -exec rm {} +
+
+apk del alpine-keys
+
+rm -rf /etc/apk \
+       /root/.cache \
+       /root/.config \
+       /var/cache/*

alpine/matrix/scripts/install-pip.sh

@@ -10,37 +10,27 @@ apk --no-cache add --virtual .synapse-build \
     libxslt-dev \
     linux-headers \
     python3-dev \
-    yarn \
+    py3-pip \
     zlib-dev
 
-pip3 install --upgrade pip setuptools
+pip3 install --upgrade --force pip setuptools
 pip3 install https://github.com/matrix-org/synapse/tarball/master
 
-IRC_DIR=/usr/lib/matrix-appservice-irc/
-mkdir ${IRC_DIR}
-cd ${IRC_DIR}
-yarn add matrix-appservice-irc
-ln -s ${IRC_DIR}/node_modules/matrix-appservice-irc/bin/matrix-appservice-irc /usr/local/bin/matrix-appservice-irc
-
 apk del .synapse-build
 
-# Runtime packages.
+# Runtime packages
 apk --no-cache add \
     libjpeg-turbo \
     libmagic \
-    libressl2.7-libssl \
-    nodejs \
+    libressl \
     python3
 
 find /usr -name "__pycache__" -exec rm -rf {} +
 find /usr -name "*.pyc" -exec rm {} +
-find /usr -name "*yarn*" -exec rm -rf {} +
-find / -name "*node-gyp*" -exec rm -rf {} +
 
 apk del alpine-keys
 
 rm -rf /etc/apk \
        /root/.cache \
        /root/.config \
-       /root/.npm \
        /var/cache/*

alpine/matrix/scripts/install-riot.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+apk --no-cache add --no-scripts --no-commit-hooks riot-web nginx
+
+apk del alpine-keys
+
+rm -rf /etc/apk \
+       /root/.cache \
+       /root/.config \
+       /var/cache/*

alpine/matrix/scripts/install-turn.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+apk add --no-cache --purge -uU \
+    --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+    coturn sqlite-libs
+
+find /usr -name "__pycache__" -exec rm -rf {} +
+find /usr -name "*.pyc" -exec rm {} +
+
+apk del alpine-keys
+
+rm -rf /etc/apk \
+       /root/.cache \
+       /root/.config \
+       /var/cache/*

alpine/matrix/systemd/30-synapse-override.conf

@@ -0,0 +1,2 @@
+[Service]
+MemoryDenyWriteExecute=no

alpine/matrix/systemd/matrix-appservice-irc.service

@@ -1,10 +0,0 @@
-[Unit]
-Description=Matrix IRC gateway
-After=matrix.service
-Requires=matrix.service
-
-[Service]
-Type=exec
-ExecStart=/usr/local/bin/matrix-appservice-irc -c /etc/matrix/irc-config.yaml -f /etc/matrix/irc-registration.yaml -p 7881
-StateDirectory=matrix-appservice-irc
-ConfigurationDirectory=matrix

alpine/matrix/systemd/matrix.service

@@ -1,17 +1,16 @@
 [Unit]
 Description=Synapse - Matrix homeserver
-After=network-online.target
 Requires=network-online.target
 
 [Service]
-MemoryDenyWriteExecute=no
-
 Environment=LANG=en_US.UTF-8
 Environment=SYNAPSE_LOG_LEVEL=DEBUG
 Environment=PYTHONDONTWRITEBYTECODE=1
 
-ExecStart=/usr/bin/python3 -m synapse.app.homeserver -c /etc/matrix/homeserver.yaml
+ExecStart=/usr/bin/synctl start /etc/matrix/homeserver.yaml --no-daemonize
 ExecStop=/usr/bin/synctl stop /etc/matrix/homeserver.yaml
+ExecReload=/opt/synapse/bin/synctl restart /etc/matrix/homeserver.yaml
 
-StateDirectory=matrix-synapse
+StateDirectory=matrix
+RuntimeDirectory=matrix
 ConfigurationDirectory=matrix

alpine/matrix/systemd/riot.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Synapse - Matrix homeserver
+Requires=network-online.target
+
+[Service]
+Environment=LANG=en_US.UTF-8
+Environment=SYNAPSE_LOG_LEVEL=DEBUG
+Environment=PYTHONDONTWRITEBYTECODE=1
+
+ExecStart=/usr/bin/synctl start /etc/matrix/homeserver.yaml --no-daemonize
+ExecStop=/usr/bin/synctl stop /etc/matrix/homeserver.yaml
+ExecReload=/opt/synapse/bin/synctl restart /etc/matrix/homeserver.yaml
+
+StateDirectory=matrix
+RuntimeDirectory=matrix
+ConfigurationDirectory=matrix

alpine/matrix/systemd/turn.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Coturn - TURN/STUN server
+Requires=network-online.target
+
+[Service]
+Environment=LANG=en_US.UTF-8
+
+ExecStart=/usr/bin/turnserver -c /etc/coturn/turnserver.conf
+Restart=on-failure
+
+StateDirectory=turn
+RuntimeDirectory=turn
+ConfigurationDirectory=turn