[cgit] Add build and partial / non-working config

alpine/cgit/build.sh

@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+NAME=cgit
+IMAGE=/tmp/$NAME.raw
+
+[ -z $ROOTFS         ] && ROOTFS=$(mktemp -d $NAME.XXX -t)
+[ -z $ALPINE_VERSION ] && ALPINE_VERSION=3.10
+[ -z $ALPINE_RELEASE ] && ALPINE_RELEASE=0
+
+ALPINE_TARBALL=alpine-minirootfs-$ALPINE_VERSION.$ALPINE_RELEASE-x86_64.tar.gz
+
+[ -f $NAME.raw     ] && rm $NAME.raw
+[ -f $ALPINE_TARBALL ] || wget http://dl-cdn.alpinelinux.org/alpine/v$ALPINE_VERSION/releases/x86_64/$ALPINE_TARBALL
+
+(sudo systemctl stop $NAME.service && sudo portablectl detach $NAME) || echo "Image not attached."
+
+tar xf $ALPINE_TARBALL -C $ROOTFS/
+
+chmod 755 $ROOTFS
+
+mkdir -p \
+    $ROOTFS/etc/systemd/system \
+    $ROOTFS/etc/$NAME \
+    $ROOTFS/var/lib/$NAME \
+    $ROOTFS/run/$NAME \
+    $ROOTFS/root/.ssh
+
+touch $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf
+cp systemd/* $ROOTFS/etc/systemd/system/
+
+sudo systemd-nspawn --directory $ROOTFS/ /sbin/apk update
+sudo systemd-nspawn --directory $ROOTFS/ /sbin/apk add cgit uwsgi-cgi
+sudo systemd-nspawn --directory $ROOTFS/ /bin/rm -rf /etc/apk/* /var/cache/*
+
+mksquashfs $ROOTFS/ $IMAGE -all-root -noappend
+sudo portablectl attach $IMAGE
+sudo systemctl restart $NAME.service

alpine/cgit/systemd/cgit.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=cgit uwsgi service
+After=network.target
+Before=nginx.service
+Requires=cgit.socket
+
+[Service]
+User=cgit
+Group=cgit
+
+ConfigurationDirectory=cgit
+StateDirectory=cgit

alpine/cgit/systemd/cgit.socket

@@ -0,0 +1,10 @@
+[Unit]
+Description=cgit socket
+
+[Socket]
+ListenStream=/run/git/cgit.sock
+SocketMode=0660
+SocketGroup=http
+
+[Install]
+WantedBy=sockets.target

alpine/gitea/README.md

@@ -38,5 +38,5 @@ through the web UI, but here goes.
 ## TODO
 
 * Instructions for setting up SSH with Gitea's built-in SSH server and the SSH
-  server running on the host. https://docs.gitea.io/en-us/install-with-docker/
+  server running on the host.
 * Real world configuration.

alpine/matrix/README.md

@@ -1,9 +1,11 @@
-# Matrix synapse service with a TURN server and riot-web frontend
+Matrix synapse service with IRC and Telegram gateways
+=====================================================
 
-A collection of systemd services that run synapse, riot-web and a TURN server
-as systemd portable services.
+A collection of systemd services that run synapse and the IRC gateway
+(matrix-appservice-irc) in an isolated read-only alpine squashfs image.
 
-## Building the squashfs image
+Building the squashfs image
+---------------------------
 
 Run:
 
@@ -12,24 +14,62 @@ $ sh build.sh
 ```
 
 It will create a rootfs/ folder with an alpine filesystem, install synapse,
-compress it into a squashfs image that will be used as a root filesystem for
-the container.
+matrix-appservice-irc and compress it into a squashfs image that will be used
+as a root filesystem for the container.
 
-If the script finished successfully, you should get an \~25M matrix.raw
+If the script finished successfully, you should get an \~45M matrix.raw
 image.
 
-## Running the portable services
+Running the portable services
+-----------------------------
 
 Attach the container with `sudo portablectl attach ./matrix.raw`.
+
+The output should look something like this:
+
+``` {.sourceCode .shell}
+$ sudo portablectl attach ./matrix.raw
+
+Created directory /etc/systemd/system.attached.
+Created directory /etc/systemd/system.attached/matrix.service.d.
+Written /etc/systemd/system.attached/matrix.service.d/20-portable.conf.
+Created symlink /etc/systemd/system.attached/matrix.service.d/10-profile.conf → /usr/lib/systemd/portable/profile/default/service.conf.
+Copied /etc/systemd/system.attached/matrix.service.
+Created directory /etc/systemd/system.attached/matrix-appservice-irc.service.d.
+Written /etc/systemd/system.attached/matrix-appservice-irc.service.d/20-portable.conf.
+Created symlink /etc/systemd/system.attached/matrix-appservice-irc.service.d/10-profile.conf → /usr/lib/systemd/portable/profile/default/service.conf.
+Copied /etc/systemd/system.attached/matrix-appservice-irc.service.
+Created symlink /etc/portables/matrix.raw → /tmp/matrix.raw.
+
+
 Start/Stop as any other systemd service, e.g:
 
 ``` {.sourceCode .shell}
+sudo systemctl start matrix-appservice-irc.service
 sudo systemctl stop matrix.service
 ```
 
-## Install another existing service
+Existing matrix installations
+-----------------------------
 
-``` {.sourceCode .shell}
-NAME=riot sh build.sh
-sudo systemctl start riot.service
-```
+1.  Stop your current services.
+2.  Copy all configuration files to `/etc/matrix`.
+3.  Run all portable services, so that they create all directories in
+    `/var/lib`.
+4.  Copy all data files, e.g. homeserver.db if you\'re using sqlite,
+    media and upload folders for synapse, rooms.db for the irc gateway,
+    etc. to `/var/lib/matrix-{synapse,appservice-irc}`.
+
+Warning
+-------
+
+You should set up all logging to stdout.
+
+Any configuration that has something to do with the filesystem should be
+configured to write files to `/var/lib/matrix-{synapse,appservice-irc}`.
+
+TODO
+----
+
+-   Use a Makefile to build the image. Add attach, detach and clean
+    targets.

alpine/matrix/build.sh

@@ -1,43 +1,24 @@
 #!/bin/sh
 
-set -e
+ROOTFS=/tmp/matrix
+ALPINE_TARBALL=alpine-minirootfs-3.9.2-x86_64.tar.gz
 
-[ -z $NAME ] && NAME=matrix
-IMAGE=/tmp/$NAME.raw
-
-[ -z $ROOTFS         ] && ROOTFS=$(mktemp -d $NAME.XXX -t)
-[ -z $ALPINE_VERSION ] && ALPINE_VERSION=3.13
-[ -z $ALPINE_RELEASE ] && ALPINE_RELEASE=1
-
-ALPINE_TARBALL=alpine-minirootfs-$ALPINE_VERSION.$ALPINE_RELEASE-x86_64.tar.gz
-
-[ -f $IMAGE.raw      ] && rm $IMAGE.raw
-[ -f $ALPINE_TARBALL ] || wget http://dl-cdn.alpinelinux.org/alpine/v$ALPINE_VERSION/releases/x86_64/$ALPINE_TARBALL
+wget http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/$ALPINE_TARBALL
 
 mkdir -p $ROOTFS
 tar xf $ALPINE_TARBALL -C $ROOTFS/ \
-    ./etc ./usr ./lib ./bin ./sbin ./var
-
-chmod 755 $ROOTFS
+    ./etc/apk ./etc/os-release ./usr ./lib ./bin ./sbin ./var
 
 mkdir -p \
     $ROOTFS/etc/systemd/system \
     $ROOTFS/var/{lib,run,tmp} \
     $ROOTFS/{dev,tmp,proc,root,run,sys} \
-    $ROOTFS/etc/$NAME \
-    $ROOTFS/var/lib/$NAME \
-    $ROOTFS/run/systemd/unit-root/var/tmp
+    $ROOTFS/etc/matrix \
+    $ROOTFS/var/lib/matrix-{synapse,appservice-irc}
 
 touch $ROOTFS/etc/machine-id $ROOTFS/etc/resolv.conf
-cp -a systemd/${NAME}* $ROOTFS/etc/systemd/system/
-cp conf/os-release $ROOTFS/etc/os-release
 
-sudo systemd-nspawn --directory $ROOTFS/ \
-                    --bind=$PWD/scripts/install-$NAME.sh:/root/install.sh \
-                    /bin/sh /root/install.sh
+cp systemd/* $ROOTFS/etc/systemd/system/
 
-sudo mksquashfs $ROOTFS/ $IMAGE -all-root -noappend
-sudo systemctl stop $IMAGE || true
-sudo portablectl detach $IMAGE || true
-sudo portablectl attach $IMAGE
-sudo systemctl restart $NAME.service
+sudo systemd-nspawn --bind=$PWD/scripts/install.sh:/root/install.sh -D $ROOTFS/ /bin/sh /root/install.sh
+mksquashfs $ROOTFS/ /tmp/matrix.raw

alpine/matrix/conf/homeserver.jenga.yaml

@@ -0,0 +1,143 @@
+no_tls: False
+tls_certificate_path: "/etc/synapse/jenga.local.tls.crt"
+tls_private_key_path: "/etc/synapse/jenga.local.tls.key"
+tls_dh_params_path: "/etc/synapse/jenga.local.tls.dh"
+tls_fingerprints: []
+# tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
+
+
+## Server ##
+server_name: "jenga.local"
+pid_file: /var/lib/synapse/homeserver.pid
+
+
+soft_file_limit: 0
+use_presence: true
+
+
+listeners:
+  -
+    port: 8448
+    bind_addresses:
+      - '::'
+      - '0.0.0.0'
+    type: http
+    tls: true
+    x_forwarded: false
+    resources:
+      -
+        names:
+          - client       # The client-server APIs, both v1 and v2
+          # - webclient  # A web client. Requires web_client_location to be set.
+        compress: true
+
+      - names: [federation]  # Federation APIs
+        compress: false
+
+
+# Database configuration
+database:
+  name: "sqlite3"
+  args:
+    database: "/var/lib/synapse/homeserver.db"
+
+event_cache_size: "10K"
+
+log_config: "/etc/synapse/log.config"
+
+
+## Ratelimiting ##
+rc_messages_per_second: 0.2
+rc_message_burst_count: 10.0
+federation_rc_window_size: 1000
+federation_rc_sleep_limit: 10
+federation_rc_sleep_delay: 500
+federation_rc_reject_limit: 50
+federation_rc_concurrent: 3
+
+# Directory where uploaded images and attachments are stored.
+media_store_path: "/var/lib/synapse/media_store"
+uploads_path: "/var/lib/synapse/uploads"
+max_upload_size: "10M"
+max_image_pixels: "32M"
+
+dynamic_thumbnails: false
+thumbnail_sizes:
+- width: 32
+  height: 32
+  method: crop
+- width: 96
+  height: 96
+  method: crop
+- width: 320
+  height: 240
+  method: scale
+- width: 640
+  height: 480
+  method: scale
+- width: 800
+  height: 600
+  method: scale
+
+url_preview_enabled: False
+max_spider_size: "10M"
+
+
+## Captcha ##
+recaptcha_public_key: "YOUR_PUBLIC_KEY"
+recaptcha_private_key: "YOUR_PRIVATE_KEY"
+enable_registration_captcha: False
+recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
+
+turn_user_lifetime: "1h"
+turn_allow_guests: True
+
+
+## Registration ##
+enable_registration: False
+registration_shared_secret: ",@MxAOPr0kkpC-Gzzk1=Ea-HKH@S-utf:Uf0fiz;xAo~I2Y9Fk"
+bcrypt_rounds: 12
+allow_guest_access: False
+trusted_third_party_id_servers:
+    - matrix.org
+    - vector.im
+
+autocreate_auto_join_rooms: true
+
+
+## Metrics ###
+enable_metrics: False
+report_stats: false
+
+
+## API Configuration ##
+room_invite_state_types:
+    - "m.room.join_rules"
+    - "m.room.canonical_alias"
+    - "m.room.avatar"
+    - "m.room.name"
+app_service_config_files: []
+track_appservice_user_ips: False
+macaroon_secret_key: "mL9+dY892cIh&=L6kdZV.SU;i_N=-*DBkA,p^Jp8eQ_v7-DXz4"
+expire_access_token: False
+form_secret: "&+O&4t2BKp=E++pPrc:Y=Uxi50yM,Z5XxX^VFQ7Fad^0y,#bOc"
+
+## Signing Keys ##
+
+signing_key_path: "/etc/synapse/jenga.local.signing.key"
+old_signing_keys: {}
+key_refresh_interval: "1d" # 1 Day.
+
+
+# Enable password for login.
+password_config:
+   enabled: true
+   # Uncomment and change to a secret random string for extra security.
+   # DO NOT CHANGE THIS AFTER INITIAL SETUP!
+   #pepper: ""
+
+enable_group_creation: false
+alias_creation_rules:
+    - user_id: "*"
+      alias: "*"
+      action: allow

alpine/matrix/conf/os-release

@@ -1,4 +0,0 @@
-PORTABLE_PRETTY_NAME="Synapse: A matrix homeserver"
-PORTABLE_ID=synapse
-PRETTY_NAME=Alpine
-ID=alpine

alpine/matrix/scripts/install-matrix.sh

@@ -1,13 +0,0 @@
-#!/bin/sh
-
-apk --no-cache add --no-scripts --no-commit-hooks synapse
-
-find /usr -name "__pycache__" -exec rm -rf {} +
-find /usr -name "*.pyc" -exec rm {} +
-
-apk del alpine-keys
-
-rm -rf /etc/apk \
-       /root/.cache \
-       /root/.config \
-       /var/cache/*

alpine/matrix/scripts/install-riot.sh

@@ -1,10 +0,0 @@
-#!/bin/sh
-
-apk --no-cache add --no-scripts --no-commit-hooks riot-web nginx
-
-apk del alpine-keys
-
-rm -rf /etc/apk \
-       /root/.cache \
-       /root/.config \
-       /var/cache/*

alpine/matrix/scripts/install-turn.sh

@@ -1,15 +0,0 @@
-#!/bin/sh
-
-apk add --no-cache --purge -uU \
-    --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-    coturn sqlite-libs
-
-find /usr -name "__pycache__" -exec rm -rf {} +
-find /usr -name "*.pyc" -exec rm {} +
-
-apk del alpine-keys
-
-rm -rf /etc/apk \
-       /root/.cache \
-       /root/.config \
-       /var/cache/*

alpine/matrix/scripts/install.sh

@@ -10,27 +10,37 @@ apk --no-cache add --virtual .synapse-build \
     libxslt-dev \
     linux-headers \
     python3-dev \
-    py3-pip \
+    yarn \
     zlib-dev
 
-pip3 install --upgrade --force pip setuptools
+pip3 install --upgrade pip setuptools
 pip3 install https://github.com/matrix-org/synapse/tarball/master
 
+IRC_DIR=/usr/lib/matrix-appservice-irc/
+mkdir ${IRC_DIR}
+cd ${IRC_DIR}
+yarn add matrix-appservice-irc
+ln -s ${IRC_DIR}/node_modules/matrix-appservice-irc/bin/matrix-appservice-irc /usr/local/bin/matrix-appservice-irc
+
 apk del .synapse-build
 
-# Runtime packages
+# Runtime packages.
 apk --no-cache add \
     libjpeg-turbo \
     libmagic \
-    libressl \
+    libressl2.7-libssl \
+    nodejs \
     python3
 
 find /usr -name "__pycache__" -exec rm -rf {} +
 find /usr -name "*.pyc" -exec rm {} +
+find /usr -name "*yarn*" -exec rm -rf {} +
+find / -name "*node-gyp*" -exec rm -rf {} +
 
 apk del alpine-keys
 
 rm -rf /etc/apk \
        /root/.cache \
        /root/.config \
+       /root/.npm \
        /var/cache/*

alpine/matrix/systemd/30-synapse-override.conf

@@ -1,2 +0,0 @@
-[Service]
-MemoryDenyWriteExecute=no

alpine/matrix/systemd/matrix-appservice-irc.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Matrix IRC gateway
+After=matrix.service
+Requires=matrix.service
+
+[Service]
+Type=exec
+ExecStart=/usr/local/bin/matrix-appservice-irc -c /etc/matrix/irc-config.yaml -f /etc/matrix/irc-registration.yaml -p 7881
+StateDirectory=matrix-appservice-irc
+ConfigurationDirectory=matrix

alpine/matrix/systemd/matrix.service

@@ -1,16 +1,17 @@
 [Unit]
 Description=Synapse - Matrix homeserver
+After=network-online.target
 Requires=network-online.target
 
 [Service]
+MemoryDenyWriteExecute=no
+
 Environment=LANG=en_US.UTF-8
 Environment=SYNAPSE_LOG_LEVEL=DEBUG
 Environment=PYTHONDONTWRITEBYTECODE=1
 
-ExecStart=/usr/bin/synctl start /etc/matrix/homeserver.yaml --no-daemonize
+ExecStart=/usr/bin/python3 -m synapse.app.homeserver -c /etc/matrix/homeserver.yaml
 ExecStop=/usr/bin/synctl stop /etc/matrix/homeserver.yaml
-ExecReload=/opt/synapse/bin/synctl restart /etc/matrix/homeserver.yaml
 
-StateDirectory=matrix
-RuntimeDirectory=matrix
+StateDirectory=matrix-synapse
 ConfigurationDirectory=matrix

alpine/matrix/systemd/riot.service

@@ -1,16 +0,0 @@
-[Unit]
-Description=Synapse - Matrix homeserver
-Requires=network-online.target
-
-[Service]
-Environment=LANG=en_US.UTF-8
-Environment=SYNAPSE_LOG_LEVEL=DEBUG
-Environment=PYTHONDONTWRITEBYTECODE=1
-
-ExecStart=/usr/bin/synctl start /etc/matrix/homeserver.yaml --no-daemonize
-ExecStop=/usr/bin/synctl stop /etc/matrix/homeserver.yaml
-ExecReload=/opt/synapse/bin/synctl restart /etc/matrix/homeserver.yaml
-
-StateDirectory=matrix
-RuntimeDirectory=matrix
-ConfigurationDirectory=matrix

alpine/matrix/systemd/turn.service

@@ -1,13 +0,0 @@
-[Unit]
-Description=Coturn - TURN/STUN server
-Requires=network-online.target
-
-[Service]
-Environment=LANG=en_US.UTF-8
-
-ExecStart=/usr/bin/turnserver -c /etc/coturn/turnserver.conf
-Restart=on-failure
-
-StateDirectory=turn
-RuntimeDirectory=turn
-ConfigurationDirectory=turn