From 62218af0bd98de46869cb958e6dc1e5d07bc5150 Mon Sep 17 00:00:00 2001
From: c0mmando <c0mmando@pm.me>
Date: Fri, 26 May 2023 21:33:50 +0000
Subject: [PATCH] add docker files

---
 images/matrix-dimension/Dockerfile      |  53 +++++++++
 images/mjolnir/Dockerfile               |  18 +++
 images/pantalaimon/Dockerfile           |  27 +++++
 images/synapse-captcha/Dockerfile       |  31 +++++
 images/synapse-captcha/config.yaml      |  46 ++++++++
 images/synapse-docker/Dockerfile        |  86 ++++++++++++++
 images/synapse-worker-docker/Dockerfile | 150 ++++++++++++++++++++++++
 7 files changed, 411 insertions(+)
 create mode 100644 images/matrix-dimension/Dockerfile
 create mode 100644 images/mjolnir/Dockerfile
 create mode 100644 images/pantalaimon/Dockerfile
 create mode 100644 images/synapse-captcha/Dockerfile
 create mode 100644 images/synapse-captcha/config.yaml
 create mode 100644 images/synapse-docker/Dockerfile
 create mode 100644 images/synapse-worker-docker/Dockerfile

diff --git a/images/matrix-dimension/Dockerfile b/images/matrix-dimension/Dockerfile
new file mode 100644
index 0000000..4bfcfc8
--- /dev/null
+++ b/images/matrix-dimension/Dockerfile
@@ -0,0 +1,53 @@
+FROM node:14.17.5-alpine AS builder
+
+LABEL maintainer="Andreas Peters <support@aventer.biz>"
+#Upstream URL: https://git.aventer.biz/AVENTER/docker-matrix-dimension
+
+WORKDIR /home/node/matrix-dimension
+
+RUN mkdir -p /home/node/matrix-dimension
+
+RUN apk --no-cache add python2 glib-dev make g++ vips-dev libc-dev
+
+COPY . /home/node/matrix-dimension
+
+RUN chown -R node /home/node/matrix-dimension
+
+USER node
+
+ENV CPATH=/usr/include/glib-2.0:/usr/lib/glib-2.0/include/
+
+RUN npm clean-install && \
+    node /home/node/matrix-dimension/scripts/convert-newlines.js /home/node/matrix-dimension/docker-entrypoint.sh  && \
+    NODE_ENV=production npm run-script build
+
+FROM node:14.17.5-alpine
+
+WORKDIR /home/node/matrix-dimension
+
+COPY --from=builder /home/node/matrix-dimension/docker-entrypoint.sh /
+
+COPY --from=builder /home/node/matrix-dimension/build /home/node/matrix-dimension/build
+COPY --from=builder /home/node/matrix-dimension/package* /home/node/matrix-dimension/
+COPY --from=builder /home/node/matrix-dimension/config /home/node/matrix-dimension/config
+
+RUN chown -R node /home/node/matrix-dimension
+
+RUN mkdir /data && chown -R node /data
+
+RUN apk --no-cache add python2 glib-dev make g++ vips-dev libc-dev
+
+ENV CPATH=/usr/include/glib-2.0:/usr/lib/glib-2.0/include/
+
+USER node
+
+RUN npm clean-install --production
+
+VOLUME ["/data"]
+
+# Ensure the database doesn't get lost to the container
+ENV DIMENSION_DB_PATH=/data/dimension.db
+
+EXPOSE 8184
+# CMD ["/bin/sh"]
+ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/images/mjolnir/Dockerfile b/images/mjolnir/Dockerfile
new file mode 100644
index 0000000..d0891b0
--- /dev/null
+++ b/images/mjolnir/Dockerfile
@@ -0,0 +1,18 @@
+# We can't use alpine anymore because crypto has rust deps.
+FROM node:16-slim
+COPY . /tmp/src
+RUN cd /tmp/src \
+    && yarn install \
+    && yarn build \
+    && mv lib/ /mjolnir/ \
+    && mv node_modules / \
+    && mv mjolnir-entrypoint.sh / \
+    && cd / \
+    && rm -rf /tmp/*
+
+ENV NODE_ENV=production
+ENV NODE_CONFIG_DIR=/data/config
+
+CMD ["bot"]
+ENTRYPOINT ["./mjolnir-entrypoint.sh"]
+VOLUME ["/data"]
diff --git a/images/pantalaimon/Dockerfile b/images/pantalaimon/Dockerfile
new file mode 100644
index 0000000..fb6ce80
--- /dev/null
+++ b/images/pantalaimon/Dockerfile
@@ -0,0 +1,27 @@
+FROM python:3.8-slim-buster AS builder
+
+RUN mkdir -p /app
+RUN apt-get update && apt-get install -y git gcc clang cmake g++ pkg-config python3-dev wget
+
+WORKDIR /app
+RUN wget https://gitlab.matrix.org/matrix-org/olm/-/archive/master/olm-master.tar.bz2 \
+    && tar -xvf olm-master.tar.bz2 \
+    && cd olm-master && make && make PREFIX="/usr" install
+
+RUN pip --no-cache-dir install --upgrade pip setuptools wheel
+
+COPY . /app
+
+RUN pip wheel . --wheel-dir /wheels --find-links /wheels
+
+FROM python:3.8-slim-buster AS run
+
+COPY --from=builder /usr/lib/libolm* /usr/lib/
+COPY --from=builder /wheels /wheels
+WORKDIR /app
+
+RUN pip --no-cache-dir install --find-links /wheels --no-index pantalaimon
+
+VOLUME /data
+ENTRYPOINT ["pantalaimon"]
+CMD ["-c", "/data/pantalaimon.conf", "--data-path", "/data"]
\ No newline at end of file
diff --git a/images/synapse-captcha/Dockerfile b/images/synapse-captcha/Dockerfile
new file mode 100644
index 0000000..8647fec
--- /dev/null
+++ b/images/synapse-captcha/Dockerfile
@@ -0,0 +1,31 @@
+ARG PYTHON_VERSION=3.8
+
+FROM docker.io/python:${PYTHON_VERSION} as base
+
+WORKDIR /app
+
+FROM base as builder
+
+ENV POETRY_VERSION=1.2.2
+
+RUN pip install "poetry==$POETRY_VERSION"
+RUN python -m venv /venv
+COPY pyproject.toml poetry.lock config.sample.yaml matrix_registration ./
+RUN . /venv/bin/activate && poetry install --no-dev --no-root
+
+COPY . .
+RUN . /venv/bin/activate && poetry build
+
+# Runtime
+FROM base as final
+
+COPY --from=builder /venv /venv
+COPY --from=builder /app/dist .
+
+RUN . /venv/bin/activate && pip install *.whl
+
+VOLUME ["/data"]
+
+EXPOSE 5000/tcp
+
+ENTRYPOINT ["/venv/bin/matrix-registration", "--config-path=/data/config.yaml"]
diff --git a/images/synapse-captcha/config.yaml b/images/synapse-captcha/config.yaml
new file mode 100644
index 0000000..510367a
--- /dev/null
+++ b/images/synapse-captcha/config.yaml
@@ -0,0 +1,46 @@
+server_location: 'http://synapse:8008'
+server_name: 'hackliberty.org'
+shared_secret: 'REDACTED'
+admin_api_shared_secret: 'REDACTED' # to generate tokens via the web api
+base_url: '' # e.g. '/element' for https://example.tld/element/register
+client_redirect: 'https://element.hackliberty.org'
+riot_instace: 'https://element.hackliberty.org'
+#riot_instance: 'https://riot.im/app/'
+db: 'sqlite:////data/db.sqlite3'
+host: '0.0.0.0'
+port: 5000
+rate_limit: ["10000 per day", "100 per minute"]
+allow_cors: false
+ip_logging: false
+logging:
+  disable_existing_loggers: False
+  version: 1
+  root:
+    level: DEBUG
+    handlers: [console, file]
+  formatters:
+    brief:
+      format: '%(name)s - %(levelname)s - %(message)s'
+    precise:
+      format: '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
+  handlers:
+    console:
+      class: logging.StreamHandler
+      level: INFO
+      formatter: brief
+      stream: ext://sys.stdout
+    file:
+      class: logging.handlers.RotatingFileHandler
+      formatter: precise
+      level: INFO
+      filename: m_reg.log
+      maxBytes: 10485760 # 10MB
+      backupCount: 3
+      encoding: utf8
+# password requirements
+password:
+  min_length: 14
+# username requirements
+username:
+  validation_regex: [ '[a-zA-Z0-9]' ] 
+  invalidation_regex: [ '(info|admin|null|123456|mail|fuck|webmaster|root|test|guest|adm|mysql|user|administrator|oracle|ftp|pi|puppet|ansible|ec2-user|vagrant|azureuse|mod|moderator|host|postgres|synapse|support)' ] 
\ No newline at end of file
diff --git a/images/synapse-docker/Dockerfile b/images/synapse-docker/Dockerfile
new file mode 100644
index 0000000..4cd6079
--- /dev/null
+++ b/images/synapse-docker/Dockerfile
@@ -0,0 +1,86 @@
+ARG SYNAPSE_VERSION=1.83
+ARG HARDENED_MALLOC_VERSION=11
+ARG UID=991
+ARG GID=991
+
+
+### Build Hardened Malloc
+FROM alpine:latest as build-malloc
+
+ARG HARDENED_MALLOC_VERSION
+ARG CONFIG_NATIVE=false
+ARG VARIANT=default
+
+RUN apk --no-cache add build-base git gnupg && cd /tmp \
+ && wget -q https://github.com/thestinger.gpg && gpg --import thestinger.gpg \
+ && git clone --depth 1 --branch ${HARDENED_MALLOC_VERSION} https://github.com/GrapheneOS/hardened_malloc \
+ && cd hardened_malloc && git verify-tag $(git describe --tags) \
+ && make CONFIG_NATIVE=${CONFIG_NATIVE} VARIANT=${VARIANT}
+
+
+### Build Synapse
+FROM python:alpine as builder
+
+ARG SYNAPSE_VERSION
+
+RUN apk -U upgrade \
+ && apk --force-overwrite add -t build-deps \
+        build-base \
+        libffi-dev \
+        libjpeg-turbo-dev \
+        libxslt-dev \
+        linux-headers \
+        postgresql-dev \
+        rustup \
+        zlib-dev \
+	libressl-dev \
+ && rustup-init -y && source $HOME/.cargo/env \
+ && pip install --upgrade pip \
+ && pip install --prefix="/install" --no-warn-script-location \
+        matrix-synapse[all]==${SYNAPSE_VERSION}
+
+
+### Build Production
+
+FROM python:alpine
+
+ARG UID
+ARG GID
+
+RUN apk -U upgrade \
+ && apk add -t run-deps \
+        libffi \
+        libgcc \
+        libjpeg-turbo \
+        libressl \
+        libstdc++ \
+        libxslt \
+        libpq \
+        zlib \
+        tzdata \
+        xmlsec \
+        git \
+        curl \
+        icu-libs \
+ && adduser -g ${GID} -u ${UID} --disabled-password --gecos "" synapse \
+ && rm -rf /var/cache/apk/*
+
+RUN pip install --upgrade pip \
+ && pip install -e "git+https://github.com/matrix-org/mjolnir.git#egg=mjolnir&subdirectory=synapse_antispam"
+
+COPY --from=build-malloc /tmp/hardened_malloc/out/libhardened_malloc.so /usr/local/lib/
+COPY --from=builder /install /usr/local
+COPY --chown=synapse:synapse rootfs /
+
+ENV LD_PRELOAD="/usr/local/lib/libhardened_malloc.so"
+
+USER synapse
+
+VOLUME /data
+
+EXPOSE 8008/tcp 8009/tcp 8448/tcp
+
+ENTRYPOINT ["python3", "start.py"]
+
+HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \
+    CMD curl -fSs http://localhost:8008/health || exit 1
diff --git a/images/synapse-worker-docker/Dockerfile b/images/synapse-worker-docker/Dockerfile
new file mode 100644
index 0000000..ff5d986
--- /dev/null
+++ b/images/synapse-worker-docker/Dockerfile
@@ -0,0 +1,150 @@
+ARG SYNAPSE_VERSION=1.83
+ARG HARDENED_MALLOC_VERSION=11
+ARG UID=991
+ARG GID=991
+
+
+### Build Hardened Malloc
+FROM alpine:latest as build-malloc
+
+ARG HARDENED_MALLOC_VERSION
+ARG CONFIG_NATIVE=false
+ARG VARIANT=default
+
+RUN apk --no-cache add build-base git gnupg && cd /tmp \
+ && wget -q https://github.com/thestinger.gpg && gpg --import thestinger.gpg \
+ && git clone --depth 1 --branch ${HARDENED_MALLOC_VERSION} https://github.com/GrapheneOS/hardened_malloc \
+ && cd hardened_malloc && git verify-tag $(git describe --tags) \
+ && make CONFIG_NATIVE=${CONFIG_NATIVE} VARIANT=${VARIANT}
+
+### Nginx & Redis
+FROM alpine:latest as deps_base
+
+RUN apk --no-cache add nginx redis
+
+### Redis Base
+FROM redis:6-alpine AS redis_base
+
+### Build Synapse
+FROM python:alpine as builder
+
+ARG SYNAPSE_VERSION
+
+RUN apk -U upgrade \
+ && apk --force-overwrite add -t build-deps \
+        build-base \
+        libffi-dev \
+        libjpeg-turbo-dev \
+        libxslt-dev \
+        linux-headers \
+        postgresql-dev \
+        rustup \
+        zlib-dev \
+        libressl-dev \
+	pcre-dev \
+	pcre \
+	jemalloc-dev \
+ && rustup-init -y && source $HOME/.cargo/env \
+ && pip install --upgrade pip \
+ && pip install --prefix="/install" --no-warn-script-location \
+        matrix-synapse[all]==${SYNAPSE_VERSION}
+
+### Build Production
+
+FROM python:alpine
+
+ARG UID
+ARG GID
+
+RUN apk -U upgrade \
+ && apk add -t run-deps \
+        libffi \
+        libgcc \
+        libjpeg-turbo \
+        libressl \
+        libstdc++ \
+        libxslt \
+        libpq \
+        zlib \
+        tzdata \
+        xmlsec \
+        git \
+        curl \
+        icu-libs \
+	pcre-dev \
+	pcre \
+	jemalloc-dev \
+ && adduser -g ${GID} -u ${UID} --disabled-password --gecos "" synapse \
+ && rm -rf /var/cache/apk/*
+ 
+RUN set -x ; \
+  addgroup -g 82 -S www-data ; \
+  adduser -u 82 -D -S -G www-data www-data && exit 0 ; exit 1
+
+RUN pip install --upgrade pip \
+ && pip install -e "git+https://github.com/matrix-org/mjolnir.git#egg=mjolnir&subdirectory=synapse_antispam"
+
+RUN --mount=type=cache,target=/root/.cache/pip \
+        pip install supervisor~=4.2
+
+#RUN mkdir -p /etc/supervisor/conf.d
+
+RUN pip install Jinja2
+
+RUN mkdir /var/log/nginx /var/lib/nginx
+
+
+COPY --from=deps_base /usr/sbin/nginx /usr/sbin
+COPY --from=deps_base /usr/share/nginx /usr/share/nginx
+COPY --from=deps_base /usr/lib/nginx /usr/lib/nginx
+COPY --from=deps_base /etc/nginx /etc/nginx
+
+RUN chown -R 991:www-data /var/lib/nginx
+RUN mkdir /var/lib/nginx/logs/
+RUN chown 991:www-data /var/lib/nginx/logs/
+RUN ln -sf /dev/stdout /var/log/nginx/access.log
+RUN ln -sf /dev/stderr /var/log/nginx/error.log
+
+COPY --from=build-malloc /tmp/hardened_malloc/out/libhardened_malloc.so /usr/local/lib/
+COPY --from=builder /install /usr/local
+COPY --chown=synapse:synapse ./rootfs /
+COPY --from=redis_base /usr/local/bin/redis-server /usr/local/bin
+
+COPY --chown=synapse:synapse ./rootfs/start.py /start.py
+COPY --chown=synapse:synapse ./rootfs/conf-workers/* /conf/
+COPY --chown=synapse:synapse ./rootfs/configure_workers_and_start.py /configure_workers_and_start.py
+COPY ./prefix-log /usr/local/bin/
+
+RUN chown -R synapse:synapse /conf/
+RUN chown -R synapse:www-data /etc/nginx
+RUN chown synapse:synapse /usr/local/lib/libhardened_malloc.so
+
+RUN mkdir -p /etc/supervisor/conf.d
+RUN mkdir -p /etc/nginx/conf.d
+RUN chown -R synapse:www-data /etc/nginx
+
+RUN mkdir -p /health/
+RUN chown -R synapse:synapse /health/
+
+RUN chown -R synapse:synapse /etc/supervisor
+
+RUN chmod +x /usr/local/bin/prefix-log
+
+RUN chmod 755 /start.py
+
+RUN chown synapse:synapse /
+
+ENV LD_PRELOAD="/usr/local/lib/libhardened_malloc.so"
+
+USER synapse
+
+VOLUME /data
+
+EXPOSE 8008/tcp
+
+ENTRYPOINT ["/configure_workers_and_start.py"]
+
+#CMD ["python3", "/configure_workers_and_start.py"]
+
+HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \
+    CMD /bin/sh /healthcheck.sh