path: root/images
diff options
authorSystem administrator2017-05-29 13:26:10 +0200
committerSystem administrator2017-05-29 13:26:10 +0200
commitbc5c44dd049bad3b007be48b3f8d90886d63c105 (patch)
treea381d989db2295f228f9bc95a774f0cc9aef4c40 /images
Initial commit
Diffstat (limited to 'images')
59 files changed, 2767 insertions, 0 deletions
diff --git a/images/git/Dockerfile b/images/git/Dockerfile
new file mode 100644
index 0000000..bd8589e
--- /dev/null
+++ b/images/git/Dockerfile
@@ -0,0 +1,35 @@
+FROM alpine:3.5 AS builder
+RUN apk add --no-cache sassc
+ADD cgit/cgit.sass /app/
+RUN sassc -t compressed /app/cgit.sass /app/cgit.css
+FROM server_runit AS final
+RUN apk add --no-cache sudo shadow \
+ git gitolite git-daemon \
+ openssh openssh-client \
+ cgit highlight markdown \
+ nginx spawn-fcgi fcgiwrap
+# gitolite
+RUN mkdir -p /data /data/log
+RUN echo 'git:*' | chpasswd
+RUN usermod --home /data/git --move-home git
+ADD gitolite/ /app/
+RUN ln -s /app/gitolite.rc /data/git/.gitolite.rc
+RUN chown -R git:git /app/gitolite.rc /data/log /data/git
+RUN sudo -u git GL_LOGFILE=/data/log/gitolite gitolite setup -pk /app/
+ADD gitolite/sshd_config /etc/ssh/
+ADD gitolite/ /app/
+# cgit
+ADD cgit/cgitrc /etc/
+ADD cgit/ /app/
+ADD cgit/ /app/
+COPY --from=builder /app/cgit.css /usr/share/webapps/cgit/cgit.css
+ADD nginx/nginx.conf /etc/nginx/nginx.conf
diff --git a/images/git/cgit/ b/images/git/cgit/
new file mode 100755
index 0000000..2b55866
--- /dev/null
+++ b/images/git/cgit/
@@ -0,0 +1,3 @@
+exec markdown
diff --git a/images/git/cgit/cgit.sass b/images/git/cgit/cgit.sass
new file mode 100644
index 0000000..02337b5
--- /dev/null
+++ b/images/git/cgit/cgit.sass
@@ -0,0 +1,663 @@
+$base03: #002b36;
+$base02: #073642;
+$base01: #586e75;
+$base00: #657b83;
+$base0: #839496;
+$base1: #93a1a1;
+$base2: #eee8d5;
+$base3: #fdf6e3;
+$yellow: #b58900;
+$orange: #cb4b16;
+$red: #dc322f;
+$magenta: #d33682;
+$violet: #6c71c4;
+$blue: #268bd2;
+$cyan: #2aa198;
+$green: #859900;
+// highlighting
+// &.highlight
+// background-color: $base03
+// span
+// &.k
+// color: $green
+// &.nf
+// color: $blue
+// &.p
+// color: $base1
+// &.s
+// color: $red
+// background-color: $base03
+ &.highlight
+ background-color: #002b36
+ color: #93a1a1
+ .c
+ color: #586e75
+ .err, .g
+ color: #93a1a1
+ .k
+ color: #859900
+ .l, .n
+ color: #93a1a1
+ .o
+ color: #859900
+ .x
+ color: #cb4b16
+ .p
+ color: #93a1a1
+ .cm
+ color: #586e75
+ .cp
+ color: #859900
+ .c1
+ color: #586e75
+ .cs
+ color: #859900
+ .gd
+ color: #2aa198
+ .ge
+ color: #93a1a1
+ font-style: italic
+ .gr
+ color: #dc322f
+ .gh
+ color: #cb4b16
+ .gi
+ color: #859900
+ .go, .gp
+ color: #93a1a1
+ .gs
+ color: #93a1a1
+ font-weight: bold
+ .gu
+ color: #cb4b16
+ .gt
+ color: #93a1a1
+ .kc
+ color: #cb4b16
+ .kd
+ color: #268bd2
+ .kn, .kp
+ color: #859900
+ .kr
+ color: #268bd2
+ .kt
+ color: #dc322f
+ .ld
+ color: #93a1a1
+ .m, .s
+ color: #2aa198
+ background-color: $base03
+ .na
+ color: #93a1a1
+ .nb
+ color: #B58900
+ .nc
+ color: #268bd2
+ .no
+ color: #cb4b16
+ .nd
+ color: #268bd2
+ .ni, .ne
+ color: #cb4b16
+ .nf
+ color: #268bd2
+ .nl, .nn, .nx, .py
+ color: #93a1a1
+ .nt, .nv
+ color: #268bd2
+ .ow
+ color: #859900
+ .w
+ color: #93a1a1
+ .mf, .mh, .mi, .mo
+ color: #2aa198
+ .sb
+ color: #586e75
+ .sc
+ color: #2aa198
+ .sd
+ color: #93a1a1
+ .s2
+ color: #2aa198
+ .se
+ color: #cb4b16
+ .sh
+ color: #93a1a1
+ .si, .sx
+ color: #2aa198
+ .sr
+ color: #dc322f
+ .s1, .ss
+ color: #2aa198
+ .bp, .vc, .vg, .vi
+ color: #268bd2
+ .il
+ color: #2aa198
+// end highlighting
+ background-color: $base03
+ &#cgit
+ padding: 0em
+ margin: 0em
+ font-family: sans-serif
+ font-size: 10pt
+ color: $base0
+ background: $base03
+ padding: 4px
+ a
+ color: lightblue
+ text-decoration: none
+ &:hover
+ text-decoration: underline
+ table
+ border-collapse: collapse
+ &#header
+ width: 100%
+ margin-bottom: 1em
+ td
+ &.logo
+ width: 96px
+ vertical-align: top
+ &.main
+ font-size: 250%
+ padding-left: 10px
+ white-space: nowrap
+ a
+ color: $base1
+ &.form
+ text-align: right
+ vertical-align: bottom
+ padding-right: 1em
+ padding-bottom: 2px
+ white-space: nowrap
+ form, input, select
+ font-size: 90%
+ &.sub
+ color: #777
+ border-top: solid 1px $base02
+ padding-left: 10px
+ &.tabs
+ border-bottom: solid 3px $base02
+ border-collapse: collapse
+ margin-top: 2em
+ margin-bottom: 0px
+ width: 100%
+ td
+ padding: 0px 1em
+ vertical-align: bottom
+ a
+ padding: 2px 0.75em
+ color: #d3d3d3
+ font-size: 110%
+ &.active
+ color: #d3d3d3
+ background-color: $base02
+ &.form
+ text-align: right
+ form
+ padding-bottom: 2px
+ font-size: 90%
+ white-space: nowrap
+ input, select
+ font-size: 90%
+ div
+ &.path
+ margin: 0px
+ padding: 5px 2em 2px 2em
+ color: $base1
+ background-color: $base03
+ &.content
+ margin: 0px
+ padding: 2em
+ border-bottom: solid 3px $base02
+ table.list
+ width: 100%
+ border: none
+ border-collapse: collapse
+ tr
+ background: $base03
+ &.logheader
+ background: $base03
+ &:hover, &.nohover:hover
+ background: $base02
+ th
+ font-weight: bold
+ /* color: #888;
+ *border-top: dashed 1px #888;
+ *border-bottom: dashed 1px #888;
+ padding: 0.1em 0.5em 0.05em 0.5em
+ vertical-align: baseline
+ td
+ border: none
+ padding: 0.1em 0.5em 0.1em 0.5em
+ &.commitgraph
+ font-family: monospace
+ white-space: pre
+ .column1
+ color: #a00
+ .column2
+ color: #0a0
+ .column3
+ color: #aa0
+ .column4
+ color: #00a
+ .column5
+ color: #a0a
+ .column6
+ color: #0aa
+ &.logsubject
+ font-family: monospace
+ font-weight: bold
+ &.logmsg
+ font-family: monospace
+ white-space: pre
+ padding: 0 0.5em
+ a
+ color: #d3d3d3
+ &.ls-dir
+ font-weight: bold
+ color: #00f
+ &:hover
+ color: lightblue
+ img
+ border: none
+ input#switch-btn
+ margin: 2px 0px 0px 0px
+ td#sidebar input.txt
+ width: 100%
+ margin: 2px 0px 0px 0px
+ table#grid
+ margin: 0px
+ td#content
+ vertical-align: top
+ padding: 1em 2em 1em 1em
+ border: none
+ div#summary
+ vertical-align: top
+ margin-bottom: 1em
+ table#downloads
+ float: right
+ border-collapse: collapse
+ border: solid 1px #777
+ margin-left: 0.5em
+ margin-bottom: 0.5em
+ th
+ background-color: #ccc
+ div
+ &#blob
+ border: solid 1px black
+ &.error
+ color: red
+ font-weight: bold
+ margin: 1em 2em
+ a
+ &.ls-blob, &.ls-dir, &.ls-mod
+ font-family: monospace
+ td
+ &.ls-size
+ text-align: right
+ font-family: monospace
+ width: 10em
+ &.ls-mode
+ font-family: monospace
+ width: 10em
+ table
+ &.blob
+ margin-top: 0.5em
+ td
+ &.lines
+ margin: 0
+ padding: 0 0 0 0.5em
+ vertical-align: top
+ color: $base1
+ &.linenumbers
+ margin: 0
+ padding: 0 0.5em 0 0.5em
+ vertical-align: top
+ text-align: right
+ border-right: 1px solid $base01
+ pre
+ padding: 0
+ margin: 0
+ td.linenumbers a
+ color: gray
+ text-align: right
+ text-decoration: none
+ &.ssdiff td.lineno a
+ color: gray
+ text-align: right
+ text-decoration: none
+ &.blob td.linenumbers a:hover, &.ssdiff td.lineno a:hover
+ color: black
+ &.bin-blob
+ margin-top: 0.5em
+ border: solid 1px black
+ th
+ font-family: monospace
+ white-space: pre
+ border: solid 1px #777
+ padding: 0.5em 1em
+ td
+ font-family: monospace
+ white-space: pre
+ border-left: solid 1px #777
+ padding: 0em 1em
+ &.nowrap td
+ white-space: nowrap
+ &.commit-info
+ border-collapse: collapse
+ margin-top: 1.5em
+ div.cgit-panel
+ float: right
+ margin-top: 1.5em
+ table
+ border-collapse: collapse
+ background-color: $base02
+ th
+ text-align: center
+ td
+ padding: 0.25em 0.5em
+ &.label
+ padding-right: 0.5em
+ &.ctrl
+ padding-left: 0.5em
+ table.commit-info
+ th
+ text-align: left
+ font-weight: normal
+ padding: 0.1em 1em 0.1em 0.1em
+ vertical-align: top
+ td
+ font-weight: normal
+ padding: 0.1em 1em 0.1em 0.1em
+ div
+ &.commit-subject
+ font-weight: bold
+ font-size: 125%
+ margin: 1.5em 0em 0.5em 0em
+ padding: 0em
+ &.commit-msg
+ white-space: pre
+ font-family: monospace
+ &.notes-header
+ font-weight: bold
+ padding-top: 1.5em
+ &.notes
+ white-space: pre
+ font-family: monospace
+ border: solid 1px #ee9
+ background-color: #ffd
+ padding: 0.3em 2em 0.3em 1em
+ float: left
+ &.notes-footer
+ clear: left
+ &.diffstat-header
+ font-weight: bold
+ padding-top: 1.5em
+ table.diffstat
+ border-collapse: collapse
+ background-color: $base02
+ th
+ font-weight: normal
+ text-align: left
+ text-decoration: underline
+ padding: 0.1em 1em 0.1em 0.1em
+ font-size: 100%
+ td
+ padding: 0.2em 0.2em 0.1em 0.1em
+ font-size: 100%
+ border: none
+ &.mode
+ white-space: nowrap
+ span.modechange
+ padding-left: 1em
+ color: $red
+ &.add a
+ color: $green
+ &.del a
+ color: $red
+ &.upd a
+ color: $blue
+ &.graph
+ width: 500px
+ vertical-align: middle
+ table
+ border: none
+ td
+ padding: 0px
+ border: 0px
+ height: 7pt
+ &.add
+ background-color: $green
+ &.rem
+ background-color: $red
+ div.diffstat-summary
+ color: $base0
+ padding-top: 0.5em
+ table.diff
+ width: 100%
+ td
+ font-family: monospace
+ white-space: pre
+ div
+ &.head
+ font-weight: bold
+ margin-top: 1em
+ color: $base0
+ &.hunk
+ color: $base0
+ &.add
+ color: $green
+ &.del
+ color: $red
+ .sha1
+ font-family: monospace
+ font-size: 90%
+ .left
+ text-align: left
+ .right
+ text-align: right
+ table.list td.reposection
+ font-style: italic
+ color: #888
+ a
+ &.button
+ font-size: 80%
+ padding: 0em 0.5em
+ &.primary
+ font-size: 100%
+ &.secondary
+ font-size: 90%
+ td.toplevel-repo
+ table.list td.sublevel-repo
+ padding-left: 1.5em
+ ul.pager
+ list-style-type: none
+ text-align: center
+ margin: 1em 0em 0em 0em
+ padding: 0
+ li
+ display: inline-block
+ margin: 0.25em 0.5em
+ a
+ color: #777
+ .current
+ font-weight: bold
+ span
+ &.age-mins
+ font-weight: bold
+ color: $green
+ &.age-hours
+ color: $green
+ &.age-days
+ color: $green
+ &.age-weeks
+ color: $base0
+ &.age-months
+ color: $base0
+ &.age-years
+ color: $base00
+ div.footer
+ margin-top: 0.5em
+ text-align: center
+ font-size: 80%
+ color: $base01
+ a
+ &.branch-deco
+ color: $green !important
+ margin: 0px 0.5em
+ padding: 0px 0.25em
+ background-color: $base02
+ // border: solid 1px #007700
+ &.tag-deco
+ // color: #000 !important
+ margin: 0px 0.5em
+ padding: 0px 0.25em
+ background-color: $base02
+ // border: solid 1px #777700
+ &.remote-deco
+ color: #000 !important
+ margin: 0px 0.5em
+ padding: 0px 0.25em
+ background-color: #ccccff
+ border: solid 1px #000077
+ &.deco
+ color: $red !important
+ margin: 0px 0.5em
+ padding: 0px 0.25em
+ background-color: $base02
+ // border: solid 1px #770000
+ div.commit-subject a
+ &.branch-deco, &.tag-deco, &.remote-deco, &.deco
+ margin-left: 1em
+ font-size: 75%
+ table
+ &.stats
+ border: solid 1px black
+ border-collapse: collapse
+ th
+ text-align: left
+ padding: 1px 0.5em
+ background-color: #eee
+ border: solid 1px black
+ td
+ text-align: right
+ padding: 1px 0.5em
+ border: solid 1px black
+ &.total
+ font-weight: bold
+ text-align: left
+ &.sum
+ color: #c00
+ font-weight: bold
+ /* background-color: #eee;
+ &.left
+ text-align: left
+ &.vgraph
+ border-collapse: separate
+ border: solid 1px black
+ height: 200px
+ th
+ background-color: #eee
+ font-weight: bold
+ border: solid 1px white
+ padding: 1px 0.5em
+ td
+ vertical-align: bottom
+ padding: 0px 10px
+ background-color: #eee
+ &.hgraph
+ border: solid 1px black
+ width: 800px
+ th
+ background-color: #eee
+ font-weight: bold
+ border: solid 1px black
+ padding: 1px 0.5em
+ td
+ vertical-align: middle
+ padding: 2px 2px
+ background-color: #eee
+ height: 1em
+ &.ssdiff
+ width: 100%
+ td
+ font-size: 75%
+ font-family: monospace
+ white-space: pre
+ padding: 1px 4px 1px 4px
+ border-left: solid 1px #aaa
+ border-right: solid 1px #aaa
+ &.add
+ color: black
+ background: #cfc
+ min-width: 50%
+ &.add_dark
+ color: black
+ background: #aca
+ min-width: 50%
+ span.add
+ background: #cfc
+ font-weight: bold
+ td
+ &.del
+ color: black
+ background: #fcc
+ min-width: 50%
+ &.del_dark
+ color: black
+ background: #caa
+ min-width: 50%
+ span.del
+ background: #fcc
+ font-weight: bold
+ td
+ &.changed
+ color: black
+ background: #ffc
+ min-width: 50%
+ &.changed_dark
+ color: black
+ background: #cca
+ min-width: 50%
+ &.lineno
+ color: black
+ background: #eee
+ text-align: right
+ width: 3em
+ min-width: 3em
+ &.hunk
+ color: black
+ background: #ccf
+ border-top: solid 1px #aaa
+ border-bottom: solid 1px #aaa
+ &.head
+ border-top: solid 1px #aaa
+ border-bottom: solid 1px #aaa
+ div.head
+ font-weight: bold
+ color: black
+ &.foot
+ border-top: solid 1px #aaa
+ border-left: none
+ border-right: none
+ border-bottom: none
+ &.space
+ border: none
+ div
+ min-height: 3em
+ &.linenodiv
+ background-color: inherit !important
+ color: lightgray
diff --git a/images/git/cgit/cgitrc b/images/git/cgit/cgitrc
new file mode 100644
index 0000000..0afc48d
--- /dev/null
+++ b/images/git/cgit/cgitrc
@@ -0,0 +1,46 @@
+snapshots=tar.gz tar.xz tar.bz2 zip
+# if you do not want that webcrawler (like google) index your site
+robots=noindex, nofollow
+# if cgit messes up links, use a virtual-root. For example has this value:
diff --git a/images/git/cgit/ b/images/git/cgit/
new file mode 100755
index 0000000..c22337b
--- /dev/null
+++ b/images/git/cgit/
@@ -0,0 +1,121 @@
+# This script can be used to implement syntax highlighting in the cgit
+# tree-view by refering to this file with the source-filter or repo.source-
+# filter options in cgitrc.
+# This script requires a shell supporting the ${var##pattern} syntax.
+# It is supported by at least dash and bash, however busybox environments
+# might have to use an external call to sed instead.
+# Note: the highlight command ( uses css for syntax
+# highlighting, so you'll probably want something like the following included
+# in your css file:
+# Style definition file generated by highlight 2.4.8,
+# table.blob .num { color:#2928ff; }
+# table.blob .esc { color:#ff00ff; }
+# table.blob .str { color:#ff0000; }
+# table.blob .dstr { color:#818100; }
+# table.blob .slc { color:#838183; font-style:italic; }
+# table.blob .com { color:#838183; font-style:italic; }
+# table.blob .dir { color:#008200; }
+# table.blob .sym { color:#000000; }
+# table.blob .kwa { color:#000000; font-weight:bold; }
+# table.blob .kwb { color:#830000; }
+# table.blob .kwc { color:#000000; font-weight:bold; }
+# table.blob .kwd { color:#010181; }
+# Style definition file generated by highlight 2.6.14,
+# body.hl { background-color:#ffffff; }
+# pre.hl { color:#000000; background-color:#ffffff; font-size:10pt; font-family:'Courier New';}
+# .hl.num { color:#2928ff; }
+# .hl.esc { color:#ff00ff; }
+# .hl.str { color:#ff0000; }
+# .hl.dstr { color:#818100; }
+# .hl.slc { color:#838183; font-style:italic; }
+# { color:#838183; font-style:italic; }
+# .hl.dir { color:#008200; }
+# .hl.sym { color:#000000; }
+# .hl.line { color:#555555; }
+# .hl.mark { background-color:#ffffbb;}
+# .hl.kwa { color:#000000; font-weight:bold; }
+# .hl.kwb { color:#830000; }
+# .hl.kwc { color:#000000; font-weight:bold; }
+# .hl.kwd { color:#010181; }
+# Style definition file generated by highlight 3.8,
+# body.hl { background-color:#e0eaee; }
+# pre.hl { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New';}
+# .hl.num { color:#b07e00; }
+# .hl.esc { color:#ff00ff; }
+# .hl.str { color:#bf0303; }
+# .hl.pps { color:#818100; }
+# .hl.slc { color:#838183; font-style:italic; }
+# { color:#838183; font-style:italic; }
+# .hl.ppc { color:#008200; }
+# .hl.opt { color:#000000; }
+# .hl.lin { color:#555555; }
+# .hl.kwa { color:#000000; font-weight:bold; }
+# .hl.kwb { color:#0057ae; }
+# .hl.kwc { color:#000000; font-weight:bold; }
+# .hl.kwd { color:#010181; }
+# Style definition file generated by highlight 3.13,
+# body.hl { background-color:#e0eaee; }
+# pre.hl { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New',monospace;}
+# .hl.num { color:#b07e00; }
+# .hl.esc { color:#ff00ff; }
+# .hl.str { color:#bf0303; }
+# .hl.pps { color:#818100; }
+# .hl.slc { color:#838183; font-style:italic; }
+# { color:#838183; font-style:italic; }
+# .hl.ppc { color:#008200; }
+# .hl.opt { color:#000000; }
+# .hl.ipl { color:#0057ae; }
+# .hl.lin { color:#555555; }
+# .hl.kwa { color:#000000; font-weight:bold; }
+# .hl.kwb { color:#0057ae; }
+# .hl.kwc { color:#000000; font-weight:bold; }
+# .hl.kwd { color:#010181; }
+# The following environment variables can be used to retrieve the configuration
+# of the repository for which this script is called:
+# CGIT_REPO_URL ( = repo.url setting )
+# CGIT_REPO_NAME ( = setting )
+# CGIT_REPO_PATH ( = repo.path setting )
+# CGIT_REPO_OWNER ( = repo.owner setting )
+# CGIT_REPO_DEFBRANCH ( = repo.defbranch setting )
+# CGIT_REPO_SECTION ( = section setting )
+# CGIT_REPO_CLONE_URL ( = repo.clone-url setting )
+# store filename and extension in local vars
+[ "${BASENAME}" = "${EXTENSION}" ] && EXTENSION=txt
+[ -z "${EXTENSION}" ] && EXTENSION=txt
+# map Makefile and Makefile.* to .mk
+[ "${BASENAME%%.*}" = "Makefile" ] && EXTENSION=mk
+# highlight versions 2 and 3 have different commandline options. Specifically,
+# the -X option that is used for version 2 is replaced by the -O xhtml option
+# for version 3.
+# Version 2 can be found (for example) on EPEL 5, while version 3 can be
+# found (for example) on EPEL 6.
+# This is for version 2
+#exec highlight --force -f -I -X -S "$EXTENSION" 2>/dev/null
+# This is for version 3
+exec highlight --force --inline-css --style=solarized-dark -f -I -O xhtml -S "$EXTENSION" 2>/dev/null
diff --git a/images/git/gitolite/ b/images/git/gitolite/
new file mode 100644
index 0000000..cd1e155
--- /dev/null
+++ b/images/git/gitolite/
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDuNResYJNUNlReRIxPMMnI3hAaW5dNs3E2qoeqHsU/nwnL+czVKOkHnG8gQaKSN7q0wVP3o3ozSsGHdYBJ0YrAYMccOPGkPJ6Aua/7LBkxTc1bVbGrPAEVDYfvNKTU0KjbOfUt6bAbtx1KzbzttBHRR14AxHSUH3ELja6a1foATQWyArLmykmo8aFp75n9+b8XVkmtVtSB0VFibMGwLekNgTD1zOZfzqjxD2EQop279Y8s9kfadpxznONLBNgNUZEzkk++MTh2a6OXW4WA2+dH8WaG2hwjghYbqSDlYe9yjyxhRS0ZtUuVlxlMlTsn0MIt/fYlYNSJts4I11ehBQFkzWUv/i/BgKFKX2M1A5fZTI9emlKJ/Iz3EyXNg1VNc/8iCVaWMpKUbT8Hao8qvwihoZegyVZRmCbUDyxVpjy2Qyl3/dl8mjsYbzYK6CyLo198rCeSrYlF7c81KikPmNuibzSL0UHvA94HK7hVWfu+iZKPZOYVdIle25+hZcL+s7GROy5iGWA9qwgaqXShbqhyyg/lXCY8MdyDBdomWrdk9SvQ0hbNLwSrNlcHAoO3H8/HRcoW4/faiFsm8SFF4RnsIYfVNKCUYlf4kspbHUxUWuEMtOxpo/uu3Zs7hI+TQL9FKwrLRgnu72sx0Y1o4PIGHUldSgzoYAxL+EaF3qgYhoOyiVFa5IRioaG9FRFJ1hboq+0XxQXYzJ8z9CrRa/Gxrp/Etqdevm8IjuOWelDAR4UPgeQsvjHvZVxLOGay8wBtA0/My9meouPDn7jzPjfFUcmdB99PM/PfrqJBC+WdldEfURrAeax6b2LidFl3bN4BLGwK0BlPybjgj7jm1THMnnM4F7BmhzA8MN1tmcEIiZSbW3lRjMxTikGkhvq1NbMp/k6ZmMkwJcwORSJRVdji3wYOuQxl2/u+Ey2NtBXyA5TomPvkWR/h9us+2/8WOxVlpjs6PtYEguehLbuqPWANM1FG9ngAMc1yGMp9YXPKQn+xVvOssOK6VoAu57q9zHJ5GQe8Pm6+2Qpq7hWRDkxIfnDGAeLDIlHa4JunX+okSCH14fx2PpwRfQ1UUhp5wnDtcAfkWGmq82HQknAigNWih5LqPthfjMuhUUcgYsciWYFKZbum4/yecfXUUx9SlcAwVrEZ+kwvNw1UsjrRtITsCBaBlSDpioyXYmJ6ldxUOKZiqAvAKeB0zRF3xpALWZuADh22BzWaNeLL8Gw5uR9TV7PGQ9wpd07SRsdabqLtYqg2P0/t+zPlKHNkL80vZjmuYJeHZ6Zmv3K4PsKEsHG3nXcA8PUI09IfvBbUnzlUb46V5K2O6E3iiSeQBRv7jWEkwGZy9/lBMUM7Qxw3a9Hv
diff --git a/images/git/gitolite/ b/images/git/gitolite/
new file mode 100644
index 0000000..3b75a9d
--- /dev/null
+++ b/images/git/gitolite/
@@ -0,0 +1,7 @@
+if [ ! -e /data/ssh/host_rsa_key ]; then
+ echo "Generating host keys"
+ ssh-keygen -t rsa -f /data/ssh/host_rsa_key
+ ssh-keygen -t dsa -f /data/ssh/host_dsa_key
+ ssh-keygen -t ecdsa -f /data/ssh/host_ecdsa_key
+ ssh-keygen -t ed25519 -f /data/ssh/host_ed25519_key
diff --git a/images/git/gitolite/gitolite.rc b/images/git/gitolite/gitolite.rc
new file mode 100644
index 0000000..2ab1369
--- /dev/null
+++ b/images/git/gitolite/gitolite.rc
@@ -0,0 +1,204 @@
+# configuration variables for gitolite
+# This file is in perl syntax. But you do NOT need to know perl to edit it --
+# just mind the commas, use single quotes unless you know what you're doing,
+# and make sure the brackets and braces stay matched up!
+# (Tip: perl allows a comma after the last item in a list also!)
+# HELP for commands can be had by running the command with "-h".
+# HELP for all the other FEATURES can be found in the documentation (look for
+# "list of non-core programs shipped with gitolite" in the master index) or
+# directly in the corresponding source file.
+%RC = (
+ #GL_REPO_BASE => '/data/projects/',
+ #GL_ADMIN_BASE => '/data/',
+ # ------------------------------------------------------------------
+ # default umask gives you perms of '0700'; see the rc file docs for
+ # how/why you might change this
+ UMASK => 0002,
+ # look for "git-config" in the documentation
+ GIT_CONFIG_KEYS => 'hooks\.readme url.*insteadOf',
+ # comment out if you don't need all the extra detail in the logfile
+ LOG_EXTRA => 1,
+ # logging options
+ # 1. leave this section as is for 'normal' gitolite logging (default)
+ # 2. uncomment this line to log ONLY to syslog:
+ # LOG_DEST => 'syslog',
+ # 3. uncomment this line to log to syslog and the normal gitolite log:
+ # LOG_DEST => 'syslog,normal',
+ # 4. prefixing "repo-log," to any of the above will **also** log just the
+ # update records to "gl-log" in the bare repo directory:
+ # LOG_DEST => 'repo-log,normal',
+ # LOG_DEST => 'repo-log,syslog',
+ # LOG_DEST => 'repo-log,syslog,normal',
+ # roles. add more roles (like MANAGER, TESTER, ...) here.
+ # WARNING: if you make changes to this hash, you MUST run 'gitolite
+ # compile' afterward, and possibly also 'gitolite trigger POST_COMPILE'
+ ROLES => {
+ READERS => 1,
+ WRITERS => 1,
+ },
+ # enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!!
+ # CACHE => 'Redis',
+ # ------------------------------------------------------------------
+ # rc variables used by various features
+ # the 'info' command prints this as additional info, if it is set
+ # SITE_INFO => 'Please see http://blahblah/gitolite for more help',
+ # the CpuTime feature uses these
+ # display user, system, and elapsed times to user after each git operation
+ # display a warning if total CPU times (u, s, cu, cs) crosses this limit
+ # the Mirroring feature needs this
+ # HOSTNAME => "foo",
+ # CACHE_TTL => 600,
+ # ------------------------------------------------------------------
+ # suggested locations for site-local gitolite code (see cust.html)
+ # this one is managed directly on the server
+ # LOCAL_CODE => "$ENV{HOME}/local",
+ # or you can use this, which lets you put everything in a subdirectory
+ # called "local" in your gitolite-admin repo. For a SECURITY WARNING
+ # on this, see
+ # LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local",
+ # ------------------------------------------------------------------
+ # List of commands and features to enable
+ ENABLE => [
+ # These are the commands enabled by default
+ 'help',
+ 'desc',
+ 'info',
+ 'perms',
+ 'writable',
+ # Uncomment or add new commands here.
+ 'create',
+ # 'fork',
+ # 'mirror',
+ # 'readme',
+ # 'sskm',
+ 'D',
+ # These FEATURES are enabled by default.
+ # essential (unless you're using smart-http mode)
+ 'ssh-authkeys',
+ # creates git-config entries from gitolite.conf file entries like 'config = baz'
+ 'git-config',
+ # creates git-daemon-export-ok files; if you don't use git-daemon, comment this out
+ 'daemon',
+ # creates projects.list file; if you don't use gitweb, comment this out
+ 'gitweb',
+ # These FEATURES are disabled by default; uncomment to enable. If you
+ # need to add new ones, ask on the mailing list :-)
+ # user-visible behaviour
+ # prevent wild repos auto-create on fetch/clone
+ # 'no-create-on-read',
+ # no auto-create at all (don't forget to enable the 'create' command!)
+ # 'no-auto-create',
+ # access a repo by another (possibly legacy) name
+ # 'Alias',
+ # give some users direct shell access. See documentation in
+ # sts.html for details on the following two choices.
+ # "Shell $ENV{HOME}/",
+ # 'Shell alice bob',
+ # set default roles from lines like 'option default.roles-1 = ...', etc.
+ # 'set-default-roles',
+ # show more detailed messages on deny
+ # 'expand-deny-messages',
+ # show a message of the day
+ # 'Motd',
+ # system admin stuff
+ # enable mirroring (don't forget to set the HOSTNAME too!)
+ # 'Mirroring',
+ # allow people to submit pub files with more than one key in them
+ # 'ssh-authkeys-split',
+ # selective read control hack
+ # 'partial-copy',
+ # manage local, gitolite-controlled, copies of read-only upstream repos
+ 'upstream',
+ # updates 'description' file instead of 'gitweb.description' config item
+ 'cgit',
+ # allow repo-specific hooks to be added
+ # 'repo-specific-hooks',
+ # performance, logging, monitoring...
+ # be nice
+ # 'renice 10',
+ # log CPU times (user, system, cumulative user, cumulative system)
+ # 'CpuTime',
+ # syntactic_sugar for gitolite.conf and included files
+ # allow backslash-escaped continuation lines in gitolite.conf
+ # 'continuation-lines',
+ # create implicit user groups from directory names in keydir/
+ # 'keysubdirs-as-groups',
+ # allow simple line-oriented macros
+ # 'macros',
+ # Kindergarten mode
+ # disallow various things that sensible people shouldn't be doing anyway
+ # 'Kindergarten',
+ ],
+# ------------------------------------------------------------------------------
+# per perl rules, this should be the last line in such a file:
+# Local variables:
+# mode: perl
+# End:
+# vim: set syn=perl:
diff --git a/images/git/gitolite/sshd_config b/images/git/gitolite/sshd_config
new file mode 100644
index 0000000..15b448f
--- /dev/null
+++ b/images/git/gitolite/sshd_config
@@ -0,0 +1,55 @@
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+# What ports, IPs and protocols we listen for
+Port 22
+# Use these options to restrict which interfaces/protocols sshd will bind to
+#ListenAddress ::
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /data/ssh/host_rsa_key
+HostKey /data/ssh/host_dsa_key
+HostKey /data/ssh/host_ecdsa_key
+HostKey /data/ssh/host_ed25519_key
+#Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+# Logging
+SyslogFacility AUTH
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin no
+StrictModes yes
+PubkeyAuthentication yes
+AuthorizedKeysFile /data/git/.ssh/authorized_keys
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+# Change to no to disable tunnelled clear text passwords
+PasswordAuthentication no
+X11Forwarding no
+PrintMotd no
+TCPKeepAlive yes
+#UseLogin no
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+# Subsystem sftp /usr/lib/openssh/sftp-server
diff --git a/images/git/nginx/nginx.conf b/images/git/nginx/nginx.conf
new file mode 100644
index 0000000..9528692
--- /dev/null
+++ b/images/git/nginx/nginx.conf
@@ -0,0 +1,51 @@
+worker_processes 1;
+user root;
+pid /run/;
+events {
+ worker_connections 1024;
+http {
+ include mime.types;
+ default_type application/octet-stream;
+ sendfile on;
+ keepalive_timeout 65;
+ gzip on;
+ access_log /dev/stdout;
+ error_log /dev/stderr;
+ # Cgit
+ server {
+ listen 80;
+ root /usr/share/webapps/cgit;
+ server_name;
+ try_files $uri @cgit;
+ location ~ /git(/.*) {
+ # Set chunks to unlimited, as the body's can be huge
+ client_max_body_size 0;
+ # Forward REMOTE_USER as we want to know when we are authenticated
+ fastcgi_param REMOTE_USER $remote_user;
+ fastcgi_pass unix:/run/fcgiwrap.sock;
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
+ # fastcgi_param GIT_HTTP_EXPORT_ALL "";
+ fastcgi_param GIT_PROJECT_ROOT /data/git/repositories;
+ fastcgi_param PATH_INFO $1;
+ }
+ location @cgit {
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi;
+ fastcgi_param PATH_INFO $uri;
+ fastcgi_param QUERY_STRING $args;
+ fastcgi_param HTTP_HOST $server_name;
+ fastcgi_pass unix:/run/fcgiwrap.sock;
+ }
+ }
diff --git a/images/git/service/daemon/run b/images/git/service/daemon/run
new file mode 100644
index 0000000..485e706
--- /dev/null
+++ b/images/git/service/daemon/run
@@ -0,0 +1,2 @@
+exec chpst -ugit git daemon --base-path=/data/git/repositories
diff --git a/images/git/service/fcgiwrap/run b/images/git/service/fcgiwrap/run
new file mode 100644
index 0000000..4c7efcb
--- /dev/null
+++ b/images/git/service/fcgiwrap/run
@@ -0,0 +1,2 @@
+exec spawn-fcgi -n -s /run/fcgiwrap.sock /usr/bin/fcgiwrap 2>&1
diff --git a/images/git/service/nginx/run b/images/git/service/nginx/run
new file mode 100644
index 0000000..ef7f976
--- /dev/null
+++ b/images/git/service/nginx/run
@@ -0,0 +1,2 @@
+exec nginx -g 'daemon off;' 2>&1
diff --git a/images/git/service/sshd/run b/images/git/service/sshd/run
new file mode 100644
index 0000000..91abb22
--- /dev/null
+++ b/images/git/service/sshd/run
@@ -0,0 +1,4 @@
+mkdir -p /data/ssh
+chmod +x /app/
+/app/ && exec /usr/sbin/sshd -D 2>&1
diff --git a/images/matrix/.gitignore b/images/matrix/.gitignore
new file mode 100644
index 0000000..fb801ef
--- /dev/null
+++ b/images/matrix/.gitignore
@@ -0,0 +1,3 @@
diff --git a/images/matrix/Dockerfile b/images/matrix/Dockerfile
new file mode 100644
index 0000000..5569475
--- /dev/null
+++ b/images/matrix/Dockerfile
@@ -0,0 +1,15 @@
+FROM alpine:3.5 AS builder
+RUN apk add --no-cache build-base ca-certificates python2-dev py2-pip su-exec \
+ py2-psycopg2 py2-msgpack py2-psutil py2-openssl py2-yaml py-twisted py2-netaddr \
+ py2-cffi py2-asn1 py2-asn1-modules py2-cryptography py2-pillow py2-decorator py2-jinja2 \
+ py2-requests py2-simplejson py2-tz py2-crypto py2-dateutil py2-service_identity
+RUN pip install
+ADD synapse /app/synapse
+ENTRYPOINT python -m \
+ --server-name \
+ --config-path /app/synapse/homeserver.yaml \
+ --report-stats=no
diff --git a/images/matrix/synapse/homeserver.yaml b/images/matrix/synapse/homeserver.yaml
new file mode 100644
index 0000000..69ffa8e
--- /dev/null
+++ b/images/matrix/synapse/homeserver.yaml
@@ -0,0 +1,480 @@
+# vim:ft=yaml
+# PEM encoded X509 certificate for TLS.
+# You can replace the self-signed certificate that synapse
+# autogenerates on launch with your own SSL certificate + key pair
+# if you like. Any required intermediary certificates can be
+# appended after the primary certificate in hierarchical order.
+tls_certificate_path: "/app/synapse/"
+# PEM encoded private key for TLS
+tls_private_key_path: "/app/synapse/"
+# PEM dh parameters for ephemeral keys
+tls_dh_params_path: "/app/synapse/"
+# Don't bind to the https port
+no_tls: False
+# List of allowed TLS fingerprints for this server to publish along
+# with the signing keys for this server. Other matrix servers that
+# make HTTPS requests to this server will check that the TLS
+# certificates returned by this server match one of the fingerprints.
+# Synapse automatically adds the fingerprint of its own certificate
+# to the list. So if federation traffic is handle directly by synapse
+# then no modification to the list is required.
+# If synapse is run behind a load balancer that handles the TLS then it
+# will be necessary to add the fingerprints of the certificates used by
+# the loadbalancers to this list if they are different to the one
+# synapse is using.
+# Homeservers are permitted to cache the list of TLS fingerprints
+# returned in the key responses up to the "valid_until_ts" returned in
+# key. It may be necessary to publish the fingerprints of a new
+# certificate and wait until the "valid_until_ts" of the previous key
+# responses have passed before deploying it.
+tls_fingerprints: []
+# tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
+## Server ##
+# The domain name of the server, with optional explicit port.
+# This is used by remote servers to connect to this server,
+# e.g., localhost:8080, etc.
+# This is also the last part of your UserID.
+server_name: ""
+# When running as a daemon, the file to store the pid in
+pid_file: /app/synapse/
+# Whether to serve a web client from the HTTP/HTTPS root resource.
+web_client: True
+# The public-facing base URL for the client API (not including _matrix/...)
+# public_baseurl:
+# Set the soft limit on the number of file descriptors synapse can use
+# Zero is used to indicate synapse should set the soft limit to the
+# hard limit.
+soft_file_limit: 0
+# The GC threshold parameters to pass to `gc.set_threshold`, if defined
+# gc_thresholds: [700, 10, 10]
+# List of ports that Synapse should listen on, their purpose and their
+# configuration.
+ # Main HTTPS listener
+ # For when matrix traffic is sent directly to synapse.
+ -
+ # The port to listen for HTTPS requests on.
+ port: 8448
+ # Local addresses to listen on.
+ # This will listen on all IPv4 addresses by default.
+ bind_addresses:
+ - ''
+ # Uncomment to listen on all IPv6 interfaces
+ # N.B: On at least Linux this will also listen on all IPv4
+ # addresses, so you will need to comment out the line above.
+ # - '::'
+ # This is a 'http' listener, allows us to specify 'resources'.
+ type: http
+ tls: true
+ # Use the X-Forwarded-For (XFF) header as the client IP and not the
+ # actual client IP.
+ x_forwarded: false
+ # List of HTTP resources to serve on this listener.
+ resources:
+ -
+ # List of resources to host on this listener.
+ names:
+ - client # The client-server APIs, both v1 and v2
+ - webclient # The bundled webclient.
+ # Should synapse compress HTTP responses to clients that support it?
+ # This should be disabled if running synapse behind a load balancer
+ # that can do automatic compression.
+ compress: true
+ - names: [federation] # Federation APIs
+ compress: false
+ # Unsecure HTTP listener,
+ # For when matrix traffic passes through loadbalancer that unwraps TLS.
+ - port: 8008
+ tls: false
+ bind_addresses: ['']
+ type: http
+ x_forwarded: true
+ resources:
+ - names: [client, webclient]
+ compress: true
+ - names: [federation]
+ compress: false
+ # Turn on the twisted ssh manhole service on localhost on the given
+ # port.
+ # - port: 9000
+ # bind_address:
+ # type: manhole
+# Database configuration
+ # The database engine name
+ name: "sqlite3"
+ # Arguments to pass to the engine
+ args:
+ # Path to the database
+ database: "/app/synapse/homeserver.db"
+# Number of events to cache in memory.
+event_cache_size: "10K"
+# Logging verbosity level. Ignored if log_config is specified.
+verbose: 0
+# File to write logging to. Ignored if log_config is specified.
+log_file: "/app/synapse/homeserver.log"
+# A yaml python logging config file
+log_config: "/app/synapse/"
+## Ratelimiting ##
+# Number of messages a client can send per second
+rc_messages_per_second: 0.2
+# Number of message a client can send before being throttled
+rc_message_burst_count: 10.0
+# The federation window size in milliseconds
+federation_rc_window_size: 1000
+# The number of federation requests from a single server in a window
+# before the server will delay processing the request.
+federation_rc_sleep_limit: 10
+# The duration in milliseconds to delay processing events from
+# remote servers by if they go over the sleep limit.
+federation_rc_sleep_delay: 500
+# The maximum number of concurrent federation requests allowed
+# from a single server
+federation_rc_reject_limit: 50
+# The number of federation requests to concurrently process from a
+# single server
+federation_rc_concurrent: 3
+# Directory where uploaded images and attachments are stored.
+media_store_path: "/app/synapse/media_store"
+# Directory where in-progress uploads are stored.
+uploads_path: "/app/synapse/uploads"
+# The largest allowed upload size in bytes
+max_upload_size: "10M"
+# Maximum number of pixels that will be thumbnailed
+max_image_pixels: "32M"
+# Whether to generate new thumbnails on the fly to precisely match
+# the resolution requested by the client. If true then whenever
+# a new resolution is requested by the client the server will
+# generate a new thumbnail. If false the server will pick a thumbnail
+# from a precalculated list.
+dynamic_thumbnails: false
+# List of thumbnail to precalculate when an image is uploaded.
+- width: 32
+ height: 32
+ method: crop
+- width: 96
+ height: 96
+ method: crop
+- width: 320
+ height: 240
+ method: scale
+- width: 640
+ height: 480
+ method: scale
+- width: 800
+ height: 600
+ method: scale
+# Is the preview URL API enabled? If enabled, you *must* specify
+# an explicit url_preview_ip_range_blacklist of IPs that the spider is
+# denied from accessing.
+url_preview_enabled: False
+# List of IP address CIDR ranges that the URL preview spider is denied
+# from accessing. There are no defaults: you must explicitly
+# specify a list for URL previewing to work. You should specify any
+# internal services in your network that you do not want synapse to try
+# to connect to, otherwise anyone in any Matrix room could cause your
+# synapse to issue arbitrary GET requests to your internal services,
+# causing serious security issues.
+# url_preview_ip_range_blacklist:
+# - ''
+# - ''
+# - ''
+# - ''
+# - ''
+# - ''
+# List of IP address CIDR ranges that the URL preview spider is allowed
+# to access even if they are specified in url_preview_ip_range_blacklist.
+# This is useful for specifying exceptions to wide-ranging blacklisted
+# target IP ranges - e.g. for enabling URL previews for a specific private
+# website only visible in your network.
+# url_preview_ip_range_whitelist:
+# - ''
+# Optional list of URL matches that the URL preview spider is
+# denied from accessing. You should use url_preview_ip_range_blacklist
+# in preference to this, otherwise someone could define a public DNS
+# entry that points to a private IP address and circumvent the blacklist.
+# This is more useful if you know there is an entire shape of URL that
+# you know that will never want synapse to try to spider.
+# Each list entry is a dictionary of url component attributes as returned
+# by urlparse.urlsplit as applied to the absolute form of the URL. See
+# The values of the dictionary are treated as an filename match pattern
+# applied to that component of URLs, unless they start with a ^ in which
+# case they are treated as a regular expression match. If all the
+# specified component matches for a given list item succeed, the URL is
+# blacklisted.
+# url_preview_url_blacklist:
+# # blacklist any URL with a username in its URI
+# - username: '*'
+# # blacklist all * URLs
+# - netloc: ''
+# - netloc: '*'
+# # blacklist all plain HTTP URLs
+# - scheme: 'http'
+# # blacklist http(s)://
+# - netloc: ''
+# path: '/foo'
+# # blacklist any URL with a literal IPv4 address
+# - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
+# The largest allowed URL preview spidering size in bytes
+max_spider_size: "10M"
+## Captcha ##
+# See docs/CAPTCHA_SETUP for full details of configuring this.
+# This Home Server's ReCAPTCHA public key.
+recaptcha_public_key: "YOUR_PUBLIC_KEY"
+# This Home Server's ReCAPTCHA private key.
+recaptcha_private_key: "YOUR_PRIVATE_KEY"
+# Enables ReCaptcha checks when registering, preventing signup
+# unless a captcha is answered. Requires a valid ReCaptcha
+# public/private key.
+enable_registration_captcha: False
+# A secret key used to bypass the captcha test entirely.
+#captcha_bypass_secret: "YOUR_SECRET_HERE"
+# The API endpoint to use for verifying m.login.recaptcha responses.
+recaptcha_siteverify_api: ""
+## Turn ##
+# The public URIs of the TURN server to give to clients
+turn_uris: []
+# The shared secret used to compute passwords for the TURN server
+turn_shared_secret: "YOUR_SHARED_SECRET"
+# The Username and password if the TURN server needs them and
+# does not use a token
+#turn_username: "TURNSERVER_USERNAME"
+#turn_password: "TURNSERVER_PASSWORD"
+# How long generated TURN credentials last
+turn_user_lifetime: "1h"
+## Registration ##
+# Enable registration for new users.
+enable_registration: False
+# If set, allows registration by anyone who also has the shared
+# secret, even if registration is otherwise disabled.
+registration_shared_secret: "vb8CLE^i;WW@g7KDdhcIJqUdFTNVp&7.w4l1xWeICoOz~;cYv="
+# Set the number of bcrypt rounds used to generate password hash.
+# Larger numbers increase the work factor needed to generate the hash.
+# The default number of rounds is 12.
+bcrypt_rounds: 12
+# Allows users to register as guests without a password/email/etc, and
+# participate in rooms hosted on this server which have been made
+# accessible to anonymous users.
+allow_guest_access: False
+# The list of identity servers trusted to verify third party
+# identifiers by this server.
+ -
+ -
+## Metrics ###
+# Enable collection and rendering of performance metrics
+enable_metrics: False
+report_stats: False
+## API Configuration ##
+# A list of event types that will be included in the room_invite_state
+ - ""
+ - ""
+ - ""
+ - ""
+# A list of application service config file to use
+app_service_config_files: []
+macaroon_secret_key: "HO.JIQfbn_&lUMdP:28LO13i62M~T&VcuabW,I3PBCYGPA+fSk"
+# Used to enable access token expiration.
+expire_access_token: False
+## Signing Keys ##
+# Path to the signing key to sign messages with
+signing_key_path: "/app/synapse/"
+# The keys that the server used to sign messages with but won't use
+# to sign new messages. E.g. it has lost its private key
+old_signing_keys: {}
+# "ed25519:auto":
+# # Base64 encoded public key
+# key: "The public part of your old signing key."
+# # Millisecond POSIX timestamp when the key expired.
+# expired_ts: 123456789123
+# How long key response published by this server is valid for.
+# Used to set the valid_until_ts in /key/v2 APIs.
+# Determines how quickly servers will query to check which keys
+# are still valid.
+key_refresh_interval: "1d" # 1 Day.
+# The trusted servers to download signing keys from.
+ servers:
+ "":
+ verify_keys:
+ "ed25519:auto":
+ key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
+# Enable SAML2 for registration and login. Uses pysaml2
+# config_path: Path to the configuration file
+# idp_redirect_url: Identity provider URL which will redirect
+# the user back to /login/saml2 with proper info.
+# See pysaml2 docs for format of config.
+# enabled: true
+# config_path: "/app/synapse/"
+# idp_redirect_url: ""
+# Enable CAS for registration and login.
+# enabled: true
+# server_url: ""
+# service_url: ""
+# #required_attributes:
+# # name: value
+# The JWT needs to contain a globally unique "sub" (subject) claim.
+# jwt_config:
+# enabled: true
+# secret: "a secret"
+# algorithm: "HS256"
+# Enable password for login.
+ enabled: true
+ # Uncomment and change to a secret random string for extra security.
+ #pepper: ""
+# Enable sending emails for notification events
+# Defining a custom URL for Riot is only needed if email notifications
+# should contain links to a self-hosted installation of Riot; when set
+# the "app_name" setting is ignored.
+# enable_notifs: false
+# smtp_host: "localhost"
+# smtp_port: 25
+# notif_from: "Your Friendly %(app)s Home Server <>"
+# app_name: Matrix
+# template_dir: res/templates
+# notif_template_html: notif_mail.html
+# notif_template_text: notif_mail.txt
+# notif_for_new_users: True
+# riot_base_url: "http://localhost/riot"
+# password_providers:
+# - module: "ldap_auth_provider.LdapAuthProvider"
+# config:
+# enabled: true
+# uri: "ldap://"
+# start_tls: true
+# base: "ou=users,dc=example,dc=com"
+# attributes:
+# uid: "cn"
+# mail: "email"
+# name: "givenName"
+# #bind_dn:
+# #bind_password:
+# #filter: "(objectClass=posixAccount)"
diff --git a/images/matrix/synapse/ b/images/matrix/synapse/
new file mode 100644
index 0000000..5c86bcc
--- /dev/null
+++ b/images/matrix/synapse/
@@ -0,0 +1,37 @@
+version: 1
+ precise:
+ format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
+ context:
+ (): synapse.util.logcontext.LoggingContextFilter
+ request: ""
+ file:
+ class: logging.handlers.RotatingFileHandler
+ formatter: precise
+ filename: /app/synapse/homeserver.log
+ maxBytes: 104857600
+ backupCount: 10
+ filters: [context]
+ console:
+ class: logging.StreamHandler
+ formatter: precise
+ filters: [context]
+ synapse:
+ level: INFO
+ # beware: increasing this to DEBUG will make synapse log sensitive
+ # information such as access tokens.
+ level: INFO
+ level: INFO
+ handlers: [file, console]
diff --git a/images/paste/Dockerfile b/images/paste/Dockerfile
new file mode 100644
index 0000000..9eedd40
--- /dev/null
+++ b/images/paste/Dockerfile
@@ -0,0 +1,24 @@
+# Currently uses edge instead of 3.5 because it needs
+# the mongodb package only available on edge
+FROM alpine:edge AS builder
+RUN apk add --no-cache git python3 py3-pip nodejs nodejs-npm graphicsmagick
+RUN git clone --single-branch --depth=1 --recursive /app/pb
+RUN cd /app/pb \
+ && npm install -g grunt-cli \
+ && npm install && (cd node_modules/pbs; npm install) \
+ && grunt
+RUN cd /app/pb \
+ && pip3 install --user -r requirements.txt
+FROM server_runit-edge
+RUN apk add --no-cache python3 uwsgi-python3 mongodb
+COPY --from=builder /app/pb /app/pb
+COPY --from=builder /root/.local /root/.local
+ADD pb/config.yaml /root/.config/pb/config.yaml
+ADD uwsgi/pb.ini /app/pb.ini
diff --git a/images/paste/pb/config.yaml b/images/paste/pb/config.yaml
new file mode 100644
index 0000000..ebf8837
--- /dev/null
+++ b/images/paste/pb/config.yaml
@@ -0,0 +1,7 @@
+DEBUG: false
+ host: localhost
+ port: 27017
diff --git a/images/paste/service/mongo/run b/images/paste/service/mongo/run
new file mode 100644
index 0000000..996df8b
--- /dev/null
+++ b/images/paste/service/mongo/run
@@ -0,0 +1,3 @@
+mkdir -p /data/db
diff --git a/images/paste/service/uwsgi/run b/images/paste/service/uwsgi/run
new file mode 100644
index 0000000..2900244
--- /dev/null
+++ b/images/paste/service/uwsgi/run
@@ -0,0 +1,4 @@
+exec uwsgi --ini /app/pb.ini
diff --git a/images/paste/uwsgi/pb.ini b/images/paste/uwsgi/pb.ini
new file mode 100644
index 0000000..b035e38
--- /dev/null
+++ b/images/paste/uwsgi/pb.ini
@@ -0,0 +1,7 @@
+socket = [::]:10002
+mountpoint = /app/pb
+module =
+plugins = python3
+processes = 4
+threads = 4
diff --git a/images/router/.gitignore b/images/router/.gitignore
new file mode 100644
index 0000000..5224f03
--- /dev/null
+++ b/images/router/.gitignore
@@ -0,0 +1 @@
diff --git a/images/router/Dockerfile b/images/router/Dockerfile
new file mode 100644
index 0000000..f7717fe
--- /dev/null
+++ b/images/router/Dockerfile
@@ -0,0 +1,11 @@
+FROM server_runit
+RUN apk add --no-cache nginx nginx-mod-stream bash curl git openssl
+RUN git clone --single-branch --depth=1 \
+ /app/dehydrated
+ADD letsencrypt /app/letsencrypt/
+RUN rm -rf /etc/nginx/conf.d
+ADD nginx /etc/nginx/
+ADD auth /app/auth
+ADD dhparams.pem /app/
diff --git a/images/router/dhparams.pem b/images/router/dhparams.pem
new file mode 100644
index 0000000..3530d79
--- /dev/null
+++ b/images/router/dhparams.pem
@@ -0,0 +1,13 @@
diff --git a/images/router/letsencrypt/config b/images/router/letsencrypt/config
new file mode 100644
index 0000000..e641f19
--- /dev/null
+++ b/images/router/letsencrypt/config
@@ -0,0 +1,95 @@
+# This is the main config file for dehydrated #
+# #
+# This file is looked for in the following locations: #
+# $SCRIPTDIR/config (next to this script) #
+# /usr/local/etc/dehydrated/config #
+# /etc/dehydrated/config #
+# ${PWD}/config (in current working-directory) #
+# #
+# Default values of this config are in comments #
+# Resolve names to addresses of IP version only. (curl)
+# supported values: 4, 6
+# default: <unset>
+# Path to certificate authority (default:
+# Path to certificate authority license terms redirect (default:
+# Path to license agreement (default: <unset>)
+# Which challenge should be used? Currently http-01 and dns-01 are supported
+# Path to a directory containing additional config files, allowing to override
+# the defaults found in the main configuration file. Additional config files
+# in this directory needs to be named with a '.sh' ending.
+# default: <unset>
+# Base directory for account key, generated certificates and list of domains (default: $SCRIPTDIR -- uses config directory if undefined)
+# File containing the list of domains to request certificates for (default: $BASEDIR/domains.txt)
+# Output directory for generated certificates
+# Directory for account keys and registration information
+# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated)
+# Default keysize for private keys (default: 4096)
+# Path to openssl config file (default: <unset> - tries to figure out system default)
+# Program or function called in certain situations
+# After generating the challenge-response, or after failed challenge (in this case altname is empty)
+# Given arguments: clean_challenge|deploy_challenge altname token-filename token-content
+# After successfully signing certificate
+# Given arguments: deploy_cert domain path/to/privkey.pem path/to/cert.pem path/to/fullchain.pem
+# BASEDIR and WELLKNOWN variables are exported and can be used in an external program
+# default: <unset>
+# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no)
+# Minimum days before expiration to automatically renew certificate (default: 30)
+# Regenerate private keys instead of just signing new certificates on renewal (default: yes)
+# Create an extra private key for rollover (default: no)
+# Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
+# E-mail to use during the registration (default: <unset>)
+# Lockfile location, to prevent concurrent access (default: $BASEDIR/lock)
+# Option to add CSR-flag indicating OCSP stapling to be mandatory (default: no)
diff --git a/images/router/letsencrypt/domains.txt b/images/router/letsencrypt/domains.txt
new file mode 100644
index 0000000..d062476
--- /dev/null
+++ b/images/router/letsencrypt/domains.txt
@@ -0,0 +1 @@
diff --git a/images/router/nginx/fastcgi.conf b/images/router/nginx/fastcgi.conf
new file mode 100644
index 0000000..091738c
--- /dev/null
+++ b/images/router/nginx/fastcgi.conf
@@ -0,0 +1,26 @@
+fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param REQUEST_SCHEME $scheme;
+fastcgi_param HTTPS $https if_not_empty;
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param REDIRECT_STATUS 200;
diff --git a/images/router/nginx/ b/images/router/nginx/
new file mode 100644
index 0000000..cedd917
--- /dev/null
+++ b/images/router/nginx/
@@ -0,0 +1,14 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name;
+ include snippets/ssl;
+ include snippets/wellknown;
+ location /_matrix {
+ proxy_pass http://matrix:8008;
+ proxy_set_header X-Forwarded-For $remote_addr;
+ }
diff --git a/images/router/nginx/ b/images/router/nginx/
new file mode 100644
index 0000000..4aa0e2e
--- /dev/null
+++ b/images/router/nginx/
@@ -0,0 +1,15 @@
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ server_name;
+ include snippets/ssl;
+ include snippets/wellknown;
+ location / {
+ auth_basic "pad";
+ auth_basic_user_file pad/passwd;
+ proxy_pass http://etherpad;
+ }
diff --git a/images/router/nginx/ b/images/router/nginx/
new file mode 100644
index 0000000..8548646
--- /dev/null
+++ b/images/router/nginx/
@@ -0,0 +1,10 @@
+server {
+ listen 80 default_server deferred;
+ listen [::]:80 default_server deferred;
+ server_name _;
+ include snippets/wellknown;
+ return 301 https://$server_name$request_uri;
diff --git a/images/router/nginx/http/git b/images/router/nginx/http/git
new file mode 100644
index 0000000..0b14c54
--- /dev/null
+++ b/images/router/nginx/http/git
@@ -0,0 +1,13 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name;
+ include snippets/ssl_http;
+ include snippets/wellknown;
+ location / {
+ proxy_pass http://git;
+ }
diff --git a/images/router/nginx/http/paste b/images/router/nginx/http/paste
new file mode 100644
index 0000000..4e0c75b
--- /dev/null
+++ b/images/router/nginx/http/paste
@@ -0,0 +1,26 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name;
+ include snippets/ssl_http;
+ include snippets/wellknown;
+ location / {
+ limit_except GET HEAD {
+ auth_basic 'Restricted';
+ auth_basic_user_file /app/auth/paste;
+ }
+ include snippets/uwsgi_params;
+ uwsgi_pass paste:10002;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Fowarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $server_name;
+ }
diff --git a/images/router/nginx/http/znc b/images/router/nginx/http/znc
new file mode 100644
index 0000000..6028ca9
--- /dev/null
+++ b/images/router/nginx/http/znc
@@ -0,0 +1,13 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name;
+ include snippets/ssl_http;
+ include snippets/wellknown;
+ location / {
+ proxy_pass http://znc;
+ }
diff --git a/images/router/nginx/koi-utf b/images/router/nginx/koi-utf
new file mode 100644
index 0000000..e7974ff
--- /dev/null
+++ b/images/router/nginx/koi-utf
@@ -0,0 +1,109 @@
+# This map is not a full koi8-r <> utf8 map: it does not contain
+# box-drawing and some other characters. Besides this map contains
+# several koi8-u and Byelorussian letters which are not in koi8-r.
+# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
+# map instead.
+charset_map koi8-r utf-8 {
+ 80 E282AC ; # euro
+ 95 E280A2 ; # bullet
+ 9A C2A0 ; # &nbsp;
+ 9E C2B7 ; # &middot;
+ A3 D191 ; # small yo
+ A4 D194 ; # small Ukrainian ye
+ A6 D196 ; # small Ukrainian i
+ A7 D197 ; # small Ukrainian yi
+ AD D291 ; # small Ukrainian soft g
+ AE D19E ; # small Byelorussian short u
+ B0 C2B0 ; # &deg;
+ B3 D081 ; # capital YO
+ B4 D084 ; # capital Ukrainian YE
+ B6 D086 ; # capital Ukrainian I
+ B7 D087 ; # capital Ukrainian YI
+ B9 E28496 ; # numero sign
+ BD D290 ; # capital Ukrainian soft G
+ BE D18E ; # capital Byelorussian short U
+ BF C2A9 ; # (C)
+ C0 D18E ; # small yu
+ C1 D0B0 ; # small a
+ C2 D0B1 ; # small b
+ C3 D186 ; # small ts
+ C4 D0B4 ; # small d
+ C5 D0B5 ; # small ye
+ C6 D184 ; # small f
+ C7 D0B3 ; # small g
+ C8 D185 ; # small kh
+ C9 D0B8 ; # small i
+ CA D0B9 ; # small j
+ CB D0BA ; # small k
+ CC D0BB ; # small l
+ CD D0BC ; # small m
+ CE D0BD ; # small n
+ CF D0BE ; # small o
+ D0 D0BF ; # small p
+ D1 D18F ; # small ya
+ D2 D180 ; # small r
+ D3 D181 ; # small s
+ D4 D182 ; # small t
+ D5 D183 ; # small u
+ D6 D0B6 ; # small zh
+ D7 D0B2 ; # small v
+ D8 D18C ; # small soft sign
+ D9 D18B ; # small y
+ DA D0B7 ; # small z
+ DB D188 ; # small sh
+ DC D18D ; # small e
+ DD D189 ; # small shch
+ DE D187 ; # small ch
+ DF D18A ; # small hard sign
+ E0 D0AE ; # capital YU
+ E1 D090 ; # capital A
+ E2 D091 ; # capital B
+ E3 D0A6 ; # capital TS
+ E4 D094 ; # capital D
+ E5 D095 ; # capital YE
+ E6 D0A4 ; # capital F
+ E7 D093 ; # capital G
+ E8 D0A5 ; # capital KH
+ E9 D098 ; # capital I
+ EA D099 ; # capital J
+ EB D09A ; # capital K
+ EC D09B ; # capital L
+ ED D09C ; # capital M
+ EE D09D ; # capital N
+ EF D09E ; # capital O
+ F0 D09F ; # capital P
+ F1 D0AF ; # capital YA
+ F2 D0A0 ; # capital R
+ F3 D0A1 ; # capital S
+ F4 D0A2 ; # capital T
+ F5 D0A3 ; # capital U
+ F6 D096 ; # capital ZH
+ F7 D092 ; # capital V
+ F8 D0AC ; # capital soft sign
+ F9 D0AB ; # capital Y
+ FA D097 ; # capital Z
+ FB D0A8 ; # capital SH
+ FC D0AD ; # capital E
+ FD D0A9 ; # capital SHCH
+ FE D0A7 ; # capital CH
+ FF D0AA ; # capital hard sign
diff --git a/images/router/nginx/koi-win b/images/router/nginx/koi-win
new file mode 100644
index 0000000..72afabe
--- /dev/null
+++ b/images/router/nginx/koi-win
@@ -0,0 +1,103 @@
+charset_map koi8-r windows-1251 {
+ 80 88 ; # euro
+ 95 95 ; # bullet
+ 9A A0 ; # &nbsp;
+ 9E B7 ; # &middot;
+ A3 B8 ; # small yo
+ A4 BA ; # small Ukrainian ye
+ A6 B3 ; # small Ukrainian i
+ A7 BF ; # small Ukrainian yi
+ AD B4 ; # small Ukrainian soft g
+ AE A2 ; # small Byelorussian short u
+ B0 B0 ; # &deg;
+ B3 A8 ; # capital YO
+ B4 AA ; # capital Ukrainian YE
+ B6 B2 ; # capital Ukrainian I
+ B7 AF ; # capital Ukrainian YI
+ B9 B9 ; # numero sign
+ BD A5 ; # capital Ukrainian soft G
+ BE A1 ; # capital Byelorussian short U
+ BF A9 ; # (C)
+ C0 FE ; # small yu
+ C1 E0 ; # small a
+ C2 E1 ; # small b
+ C3 F6 ; # small ts
+ C4 E4 ; # small d
+ C5 E5 ; # small ye
+ C6 F4 ; # small f
+ C7 E3 ; # small g
+ C8 F5 ; # small kh
+ C9 E8 ; # small i
+ CA E9 ; # small j
+ CB EA ; # small k
+ CC EB ; # small l
+ CD EC ; # small m
+ CE ED ; # small n
+ CF EE ; # small o
+ D0 EF ; # small p
+ D1 FF ; # small ya
+ D2 F0 ; # small r
+ D3 F1 ; # small s
+ D4 F2 ; # small t
+ D5 F3 ; # small u
+ D6 E6 ; # small zh
+ D7 E2 ; # small v
+ D8 FC ; # small soft sign
+ D9 FB ; # small y
+ DA E7 ; # small z
+ DB F8 ; # small sh
+ DC FD ; # small e
+ DD F9 ; # small shch
+ DE F7 ; # small ch
+ DF FA ; # small hard sign
+ E0 DE ; # capital YU
+ E1 C0 ; # capital A
+ E2 C1 ; # capital B
+ E3 D6 ; # capital TS
+ E4 C4 ; # capital D
+ E5 C5 ; # capital YE
+ E6 D4 ; # capital F
+ E7 C3 ; # capital G
+ E8 D5 ; # capital KH
+ E9 C8 ; # capital I
+ EA C9 ; # capital J
+ EB CA ; # capital K
+ EC CB ; # capital L
+ ED CC ; # capital M
+ EE CD ; # capital N
+ EF CE ; # capital O
+ F0 CF ; # capital P
+ F1 DF ; # capital YA
+ F2 D0 ; # capital R
+ F3 D1 ; # capital S
+ F4 D2 ; # capital T
+ F5 D3 ; # capital U
+ F6 C6 ; # capital ZH
+ F7 C2 ; # capital V
+ F8 DC ; # capital soft sign
+ F9 DB ; # capital Y
+ FA C7 ; # capital Z
+ FB D8 ; # capital SH
+ FC DD ; # capital E
+ FD D9 ; # capital SHCH
+ FE D7 ; # capital CH
+ FF DA ; # capital hard sign
diff --git a/images/router/nginx/mime.types b/images/router/nginx/mime.types
new file mode 100644
index 0000000..89be9a4
--- /dev/null
+++ b/images/router/nginx/mime.types
@@ -0,0 +1,89 @@
+types {
+ text/html html htm shtml;
+ text/css css;
+ text/xml xml;
+ image/gif gif;
+ image/jpeg jpeg jpg;
+ application/javascript js;
+ application/atom+xml atom;
+ application/rss+xml rss;
+ text/mathml mml;
+ text/plain txt;
+ text/ jad;
+ text/vnd.wap.wml wml;
+ text/x-component htc;
+ image/png png;
+ image/tiff tif tiff;
+ image/vnd.wap.wbmp wbmp;
+ image/x-icon ico;
+ image/x-jng jng;
+ image/x-ms-bmp bmp;
+ image/svg+xml svg svgz;
+ image/webp webp;
+ application/font-woff woff;
+ application/java-archive jar war ear;
+ application/json json;
+ application/mac-binhex40 hqx;
+ application/msword doc;
+ application/pdf pdf;
+ application/postscript ps eps ai;
+ application/rtf rtf;
+ application/ m3u8;
+ application/ xls;
+ application/ eot;
+ application/ ppt;
+ application/vnd.wap.wmlc wmlc;
+ application/ kml;
+ application/ kmz;
+ application/x-7z-compressed 7z;
+ application/x-cocoa cco;
+ application/x-java-archive-diff jardiff;
+ application/x-java-jnlp-file jnlp;
+ application/x-makeself run;
+ application/x-perl pl pm;
+ application/x-pilot prc pdb;
+ application/x-rar-compressed rar;
+ application/x-redhat-package-manager rpm;
+ application/x-sea sea;
+ application/x-shockwave-flash swf;
+ application/x-stuffit sit;
+ application/x-tcl tcl tk;
+ application/x-x509-ca-cert der pem crt;
+ application/x-xpinstall xpi;
+ application/xhtml+xml xhtml;
+ application/xspf+xml xspf;
+ application/zip zip;
+ application/octet-stream bin exe dll;
+ application/octet-stream deb;
+ application/octet-stream dmg;
+ application/octet-stream iso img;
+ application/octet-stream msi msp msm;
+ application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
+ application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
+ application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
+ audio/midi mid midi kar;
+ audio/mpeg mp3;
+ audio/ogg ogg;
+ audio/x-m4a m4a;
+ audio/x-realaudio ra;
+ video/3gpp 3gpp 3gp;
+ video/mp2t ts;
+ video/mp4 mp4;
+ video/mpeg mpeg mpg;
+ video/quicktime mov;
+ video/webm webm;
+ video/x-flv flv;
+ video/x-m4v m4v;
+ video/x-mng mng;
+ video/x-ms-asf asx asf;
+ video/x-ms-wmv wmv;
+ video/x-msvideo avi;
diff --git a/images/router/nginx/modules/stream.conf b/images/router/nginx/modules/stream.conf
new file mode 100644
index 0000000..9b0cbc3
--- /dev/null
+++ b/images/router/nginx/modules/stream.conf
@@ -0,0 +1 @@
+load_module "modules/";
diff --git a/images/router/nginx/nginx.conf b/images/router/nginx/nginx.conf
new file mode 100644
index 0000000..cb9b8c8
--- /dev/null
+++ b/images/router/nginx/nginx.conf
@@ -0,0 +1,67 @@
+worker_processes auto;
+pid /run/;
+include modules/stream.conf;
+events {
+ worker_connections 1024;
+http {
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+ #include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+ include snippets/ssl_ciphers;
+ ssl_session_cache shared:SSL:25m;
+ ssl_session_timeout 10m;
+ # Gzip
+ gzip on;
+ gzip_disable "msie6";
+ gzip_vary on;
+ gzip_proxied any;
+ gzip_comp_level 6;
+ gzip_buffers 16 8k;
+ gzip_http_version 1.1;
+ gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javasc$
+ # Logging
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+ server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+ server_name _;
+ return 301 https://$host$request_uri;
+ }
+ server {
+ listen 443 ssl default_server;
+ listen [::]:443 ssl default_server;
+ server_name _;
+ include snippets/ssl_http;
+ return 503;
+ }
+ include /etc/nginx/conf.d/*.conf;
+ include /etc/nginx/http/*;
+stream {
+ include snippets/ssl_ciphers;
+ ssl_session_cache shared:TCP:25m;
+ ssl_session_timeout 10m;
+ include /etc/nginx/stream/*;
diff --git a/images/router/nginx/snippets/fastcgi_params b/images/router/nginx/snippets/fastcgi_params
new file mode 100644
index 0000000..28decb9
--- /dev/null
+++ b/images/router/nginx/snippets/fastcgi_params
@@ -0,0 +1,25 @@
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param REQUEST_SCHEME $scheme;
+fastcgi_param HTTPS $https if_not_empty;
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param REDIRECT_STATUS 200;
diff --git a/images/router/nginx/snippets/scgi_params b/images/router/nginx/snippets/scgi_params
new file mode 100644
index 0000000..6d4ce4f
--- /dev/null
+++ b/images/router/nginx/snippets/scgi_params
@@ -0,0 +1,17 @@
+scgi_param REQUEST_METHOD $request_method;
+scgi_param REQUEST_URI $request_uri;
+scgi_param QUERY_STRING $query_string;
+scgi_param CONTENT_TYPE $content_type;
+scgi_param DOCUMENT_URI $document_uri;
+scgi_param DOCUMENT_ROOT $document_root;
+scgi_param SCGI 1;
+scgi_param SERVER_PROTOCOL $server_protocol;
+scgi_param REQUEST_SCHEME $scheme;
+scgi_param HTTPS $https if_not_empty;
+scgi_param REMOTE_ADDR $remote_addr;
+scgi_param REMOTE_PORT $remote_port;
+scgi_param SERVER_PORT $server_port;
+scgi_param SERVER_NAME $server_name;
diff --git a/images/router/nginx/snippets/ssl_ciphers b/images/router/nginx/snippets/ssl_ciphers
new file mode 100644
index 0000000..6eefe74
--- /dev/null
+++ b/images/router/nginx/snippets/ssl_ciphers
@@ -0,0 +1,4 @@
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+ ssl_prefer_server_ciphers on;
diff --git a/images/router/nginx/snippets/ssl_http b/images/router/nginx/snippets/ssl_http
new file mode 100644
index 0000000..78d171e
--- /dev/null
+++ b/images/router/nginx/snippets/ssl_http
@@ -0,0 +1,6 @@
+ssl_certificate /data/certs/;
+ssl_certificate_key /data/certs/;
+ssl_dhparam /app/dhparams.pem;
+add_header Strict-Transport-Security "max-age=31536000" always;
diff --git a/images/router/nginx/snippets/ssl_tcp b/images/router/nginx/snippets/ssl_tcp
new file mode 100644
index 0000000..b59b7bf
--- /dev/null
+++ b/images/router/nginx/snippets/ssl_tcp
@@ -0,0 +1,4 @@
+ssl_certificate /data/certs/;
+ssl_certificate_key /data/certs/;
+ssl_dhparam /app/dhparams.pem;
diff --git a/images/router/nginx/snippets/uwsgi_params b/images/router/nginx/snippets/uwsgi_params
new file mode 100644
index 0000000..09c732c
--- /dev/null
+++ b/images/router/nginx/snippets/uwsgi_params
@@ -0,0 +1,17 @@
+uwsgi_param QUERY_STRING $query_string;
+uwsgi_param REQUEST_METHOD $request_method;
+uwsgi_param CONTENT_TYPE $content_type;
+uwsgi_param CONTENT_LENGTH $content_length;
+uwsgi_param REQUEST_URI $request_uri;
+uwsgi_param PATH_INFO $document_uri;
+uwsgi_param DOCUMENT_ROOT $document_root;
+uwsgi_param SERVER_PROTOCOL $server_protocol;
+uwsgi_param REQUEST_SCHEME $scheme;
+uwsgi_param HTTPS $https if_not_empty;
+uwsgi_param REMOTE_ADDR $remote_addr;
+uwsgi_param REMOTE_PORT $remote_port;
+uwsgi_param SERVER_PORT $server_port;
+uwsgi_param SERVER_NAME $server_name;
diff --git a/images/router/nginx/snippets/wellknown b/images/router/nginx/snippets/wellknown
new file mode 100644
index 0000000..17aacf7
--- /dev/null
+++ b/images/router/nginx/snippets/wellknown
@@ -0,0 +1,5 @@
+location ^~ /.well-known/ {
+ alias /data/wellknown/;
+ try_files $uri $uri/ =404;
+ break;
diff --git a/images/router/nginx/stream/znc b/images/router/nginx/stream/znc
new file mode 100644
index 0000000..e496af7
--- /dev/null
+++ b/images/router/nginx/stream/znc
@@ -0,0 +1,8 @@
+server {
+ listen 6667 ssl;
+ listen [::]:6667 ssl;
+ include snippets/ssl_tcp;
+ proxy_pass znc:6667;
diff --git a/images/router/nginx/win-utf b/images/router/nginx/win-utf
new file mode 100644
index 0000000..ed8bc00
--- /dev/null
+++ b/images/router/nginx/win-utf
@@ -0,0 +1,126 @@
+# This map is not a full windows-1251 <> utf8 map: it does not
+# contain Serbian and Macedonian letters. If you need a full map,
+# use contrib/unicode2nginx/win-utf map instead.
+charset_map windows-1251 utf-8 {
+ 82 E2809A ; # single low-9 quotation mark
+ 84 E2809E ; # double low-9 quotation mark
+ 85 E280A6 ; # ellipsis
+ 86 E280A0 ; # dagger
+ 87 E280A1 ; # double dagger
+ 88 E282AC ; # euro
+ 89 E280B0 ; # per mille
+ 91 E28098 ; # left single quotation mark
+ 92 E28099 ; # right single quotation mark
+ 93 E2809C ; # left double quotation mark
+ 94 E2809D ; # right double quotation mark
+ 95 E280A2 ; # bullet
+ 96 E28093 ; # en dash
+ 97 E28094 ; # em dash
+ 99 E284A2 ; # trade mark sign
+ A0 C2A0 ; # &nbsp;
+ A1 D18E ; # capital Byelorussian short U
+ A2 D19E ; # small Byelorussian short u
+ A4 C2A4 ; # currency sign
+ A5 D290 ; # capital Ukrainian soft G
+ A6 C2A6 ; # borken bar
+ A7 C2A7 ; # section sign
+ A8 D081 ; # capital YO
+ A9 C2A9 ; # (C)
+ AA D084 ; # capital Ukrainian YE
+ AB C2AB ; # left-pointing double angle quotation mark
+ AC C2AC ; # not sign
+ AD C2AD ; # soft hypen
+ AE C2AE ; # (R)
+ AF D087 ; # capital Ukrainian YI
+ B0 C2B0 ; # &deg;
+ B1 C2B1 ; # plus-minus sign
+ B2 D086 ; # capital Ukrainian I
+ B3 D196 ; # small Ukrainian i
+ B4 D291 ; # small Ukrainian soft g
+ B5 C2B5 ; # micro sign
+ B6 C2B6 ; # pilcrow sign
+ B7 C2B7 ; # &middot;
+ B8 D191 ; # small yo
+ B9 E28496 ; # numero sign
+ BA D194 ; # small Ukrainian ye
+ BB C2BB ; # right-pointing double angle quotation mark
+ BF D197 ; # small Ukrainian yi
+ C0 D090 ; # capital A
+ C1 D091 ; # capital B
+ C2 D092 ; # capital V
+ C3 D093 ; # capital G
+ C4 D094 ; # capital D
+ C5 D095 ; # capital YE
+ C6 D096 ; # capital ZH
+ C7 D097 ; # capital Z
+ C8 D098 ; # capital I
+ C9 D099 ; # capital J
+ CA D09A ; # capital K
+ CB D09B ; # capital L
+ CC D09C ; # capital M
+ CD D09D ; # capital N
+ CE D09E ; # capital O
+ CF D09F ; # capital P
+ D0 D0A0 ; # capital R
+ D1 D0A1 ; # capital S
+ D2 D0A2 ; # capital T
+ D3 D0A3 ; # capital U
+ D4 D0A4 ; # capital F
+ D5 D0A5 ; # capital KH
+ D6 D0A6 ; # capital TS
+ D7 D0A7 ; # capital CH
+ D8 D0A8 ; # capital SH
+ D9 D0A9 ; # capital SHCH
+ DA D0AA ; # capital hard sign
+ DB D0AB ; # capital Y
+ DC D0AC ; # capital soft sign
+ DD D0AD ; # capital E
+ DE D0AE ; # capital YU
+ DF D0AF ; # capital YA
+ E0 D0B0 ; # small a
+ E1 D0B1 ; # small b
+ E2 D0B2 ; # small v
+ E3 D0B3 ; # small g
+ E4 D0B4 ; # small d
+ E5 D0B5 ; # small ye
+ E6 D0B6 ; # small zh
+ E7 D0B7 ; # small z
+ E8 D0B8 ; # small i
+ E9 D0B9 ; # small j
+ EA D0BA ; # small k
+ EB D0BB ; # small l
+ EC D0BC ; # small m
+ ED D0BD ; # small n
+ EE D0BE ; # small o
+ EF D0BF ; # small p
+ F0 D180 ; # small r
+ F1 D181 ; # small s
+ F2 D182 ; # small t
+ F3 D183 ; # small u
+ F4 D184 ; # small f
+ F5 D185 ; # small kh
+ F6 D186 ; # small ts
+ F7 D187 ; # small ch
+ F8 D188 ; # small sh
+ F9 D189 ; # small shch
+ FA D18A ; # small hard sign
+ FB D18B ; # small y
+ FC D18C ; # small soft sign
+ FD D18D ; # small e
+ FE D18E ; # small yu
+ FF D18F ; # small ya
diff --git a/images/router/service/letsencrypt/run b/images/router/service/letsencrypt/run
new file mode 100644
index 0000000..7fcc76d
--- /dev/null
+++ b/images/router/service/letsencrypt/run
@@ -0,0 +1,19 @@
+# wait for nginx to startup, for http challenge
+sv start nginx || exit 1
+sleep 10
+# half a day, 60 * 60 * 12
+mkdir -p /data/wellknown/acme-challenge
+/app/dehydrated/dehydrated --register --accept-terms --config /app/letsencrypt/config
+while true; do
+ echo "Updating certificates"
+ /app/dehydrated/dehydrated --cron --config /app/letsencrypt/config
+ nginx -s reload # certificates might have changed
+ sleep $INTERVAL
diff --git a/images/router/service/nginx/run b/images/router/service/nginx/run
new file mode 100644
index 0000000..bfc6e24
--- /dev/null
+++ b/images/router/service/nginx/run
@@ -0,0 +1,16 @@
+ln -sf /dev/stdout /var/log/nginx/access.log
+ln -sf /dev/stderr /var/log/nginx/error.log
+# nginx doesn't start without certificates,
+# so generate untrusted ones for startup
+if [ ! -d "/data/certs/" ]; then
+ echo "Generating dummy certificates"
+ mkdir -p /data/certs/
+ openssl req -x509 -nodes -batch -newkey rsa:512 -days 0 \
+ -keyout /data/certs/ \
+ -out /data/certs/
+exec nginx -g 'daemon off;'
diff --git a/images/runit-edge/Dockerfile b/images/runit-edge/Dockerfile
new file mode 100644
index 0000000..d0c2040
--- /dev/null
+++ b/images/runit-edge/Dockerfile
@@ -0,0 +1,14 @@
+FROM alpine:edge
+RUN apk add --no-cache sudo shadow runit
+# runit
+ADD runit/run /app/runit/run
+ONBUILD ADD service /etc/service
+# Make sure all service and log files are executable
+ONBUILD RUN find -L /etc/service \( -name run -or -name finish -or -name down \) -exec chmod +x {} \;
+# If supplied as "ENTRYPOINT foo" it will be wrapped in "/bin/sh -c",
+# but that will swallow signals and we rely on those
+ONBUILD RUN chmod +x /app/runit/run
+ONBUILD ENTRYPOINT ["/app/runit/run"]
diff --git a/images/runit-edge/runit/run b/images/runit-edge/runit/run
new file mode 100644
index 0000000..c3861c2
--- /dev/null
+++ b/images/runit-edge/runit/run
@@ -0,0 +1,17 @@
+echo "Found services:"
+find /etc/service -mindepth 1 -maxdepth 1
+/sbin/runsvdir /etc/service &
+echo "Started runit as $runsvdir_pid"
+runit_stop() {
+ echo "Stopping runit"
+ # "If runsvdir receives HUP, it sends TERM to each runsv process"
+ kill -HUP $runsvdir_pid
+trap "runit_stop" SIGTERM
diff --git a/images/runit/Dockerfile b/images/runit/Dockerfile
new file mode 100644
index 0000000..9ec17b7
--- /dev/null
+++ b/images/runit/Dockerfile
@@ -0,0 +1,14 @@
+FROM alpine:3.5
+RUN apk add --no-cache sudo shadow runit
+# runit
+ADD runit/run /app/runit/run
+ONBUILD ADD service /etc/service
+# Make sure all service and log files are executable
+ONBUILD RUN find -L /etc/service \( -name run -or -name finish -or -name down \) -exec chmod +x {} \;
+# If supplied as "ENTRYPOINT foo" it will be wrapped in "/bin/sh -c",
+# but that will swallow signals and we rely on those
+ONBUILD RUN chmod +x /app/runit/run
+ONBUILD ENTRYPOINT ["/app/runit/run"]
diff --git a/images/runit/runit/run b/images/runit/runit/run
new file mode 100644
index 0000000..c3861c2
--- /dev/null
+++ b/images/runit/runit/run
@@ -0,0 +1,17 @@
+echo "Found services:"
+find /etc/service -mindepth 1 -maxdepth 1
+/sbin/runsvdir /etc/service &
+echo "Started runit as $runsvdir_pid"
+runit_stop() {
+ echo "Stopping runit"
+ # "If runsvdir receives HUP, it sends TERM to each runsv process"
+ kill -HUP $runsvdir_pid
+trap "runit_stop" SIGTERM
diff --git a/images/taskwarrior/Dockerfile b/images/taskwarrior/Dockerfile
new file mode 100644
index 0000000..b732c28
--- /dev/null
+++ b/images/taskwarrior/Dockerfile
@@ -0,0 +1,5 @@
+FROM alpine:3.5
+RUN apk add --no-cache taskd
+ENTRYPOINT exec taskd server --data /data/
diff --git a/images/znc/Dockerfile b/images/znc/Dockerfile
new file mode 100644
index 0000000..6dfec6a
--- /dev/null
+++ b/images/znc/Dockerfile
@@ -0,0 +1,25 @@
+FROM alpine:3.5 AS builder
+RUN apk add --no-cache build-base git automake autoconf openssl-dev icu-dev
+RUN git clone --single-branch --depth=1 --recursive /tmp/znc
+RUN mkdir -p /app /data
+RUN cd /tmp/znc \
+ && ./ \
+ && ./configure --prefix="/app/znc" \
+ && make \
+ && make install
+ADD privmsg.cpp /tmp/
+RUN cd /tmp/ \
+ && /app/znc/bin/znc-buildmod /tmp/privmsg.cpp \
+ && mv /app/znc/lib/znc/
+FROM server_runit
+RUN apk add --no-cache sudo libcap openssl icu
+COPY --from=builder /app /app
+# -S: system, -h: home
+RUN adduser -S -h /data znc && chmod a+x /data
diff --git a/images/znc/privmsg.cpp b/images/znc/privmsg.cpp
new file mode 100644
index 0000000..0659f96
--- /dev/null
+++ b/images/znc/privmsg.cpp
@@ -0,0 +1,40 @@
+ * Copyright (C) 2004-2012 See the AUTHORS file for details.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published
+ * by the Free Software Foundation.
+ */
+#include <znc/IRCNetwork.h>
+#include <znc/Modules.h>
+class CPrivMsgMod : public CModule {
+ virtual EModRet OnUserMsg(CString& sTarget, CString& sMessage) {
+ if (m_pNetwork && m_pNetwork->GetIRCSock() && !m_pNetwork->IsChan(sTarget)) {
+ m_pNetwork->PutUser(":" + m_pNetwork->GetIRCNick().GetNickMask() + " PRIVMSG " + sTarget + " :" + sMessage, NULL, m_pClient);
+ }
+ return CONTINUE;
+ }
+ virtual EModRet OnUserAction(CString& sTarget, CString& sMessage) {
+ if (m_pNetwork && m_pNetwork->GetIRCSock() && !m_pNetwork->IsChan(sTarget)) {
+ m_pNetwork->PutUser(":" + m_pNetwork->GetIRCNick().GetNickMask() + " PRIVMSG " + sTarget + " :\x01" + "ACTION " + sMessage + "\x01", NULL, m_pClient);
+ }
+ return CONTINUE;
+ }
+template<> void TModInfo<CPrivMsgMod>(CModInfo& Info) {
+ Info.SetWikiPage("privmsg");
+ Info.AddType(CModInfo::NetworkModule);
+ Info.AddType(CModInfo::GlobalModule);
+USERMODULEDEFS(CPrivMsgMod, "Send outgoing PRIVMSGs and CTCP ACTIONs to other clients")
diff --git a/images/znc/service/znc/run b/images/znc/service/znc/run
new file mode 100644
index 0000000..14814ea
--- /dev/null
+++ b/images/znc/service/znc/run
@@ -0,0 +1,5 @@
+chown -R znc /data
+setcap 'cap_net_bind_service=+ep' /app/znc/bin/znc
+exec sudo -u znc /app/znc/bin/znc --foreground --datadir /data