Synapse 1.36.0

Deleted borg/Dockerfile, borg/Makefile, borg/version, dendrite/Dockerfile, dendrite/Makefile, dendrite/entrypoint.sh, dendrite/version, minio/Dockerfile, minio/Makefile, minio/version, restic/Dockerfile, restic/Makefile, restic/version, watchdog/Dockerfile, watchdog/Makefile, watchdog/version files

.gitlab-ci.yml

@@ -6,39 +6,57 @@ variables:
   DOCKER_CLI_EXPERIMENTAL: enabled
   DOCKER_BUILDKIT: 1
 
-
-dev-minio:
+dovecot:
   stage: build
   tags:
    - docker
   script:
-    - cd minio
-    - make nopush
-  only:
-    variables:
-      - $CI_COMMIT_REF_PROTECTED == "false"
-
-minio:
-  stage: build
-  tags:
-   - docker
-  script:
-    - cd minio
+    - cd dovecot
     - make push
   only:
     variables:
       - $CI_COMMIT_REF_PROTECTED == "true"
+    changes:
+      - dovecot/*
 
-dev-watchdog:
+element:
   stage: build
   tags:
    - docker
   script:
-    - cd watchdog
-    - make nopush
+    - cd element
+    - make push
   only:
     variables:
-      - $CI_COMMIT_REF_PROTECTED == "false"
+      - $CI_COMMIT_REF_PROTECTED == "true"
+    changes:
+      - element/*
+
+matrix-webhook:
+  stage: build
+  tags:
+   - docker
+  script:
+    - cd matrix-webhook
+    - make push
+  only:
+    variables:
+      - $CI_COMMIT_REF_PROTECTED == "true"
+    changes:
+      - matrix-webhook/*
+
+hugo:
+  stage: build
+  tags:
+   - docker
+  script:
+    - cd hugo
+    - make push
+  only:
+    variables:
+      - $CI_COMMIT_REF_PROTECTED == "true"
+    changes:
+      - hugo/*
 
 watchdog:
   stage: build
@@ -50,17 +68,8 @@ watchdog:
   only:
     variables:
       - $CI_COMMIT_REF_PROTECTED == "true"
-
-dev-unifi:
-  stage: build
-  tags:
-   - docker
-  script:
-    - cd unifi
-    - make nopush
-  only:
-    variables:
-      - $CI_COMMIT_REF_PROTECTED == "false"
+    changes:
+      - watchdog/*
 
 unifi:
   stage: build
@@ -72,17 +81,8 @@ unifi:
   only:
     variables:
       - $CI_COMMIT_REF_PROTECTED == "true"
-
-dev-keycloak:
-  stage: build
-  tags:
-   - docker
-  script:
-    - cd keycloak
-    - make nopush
-  only:
-    variables:
-      - $CI_COMMIT_REF_PROTECTED == "false"
+    changes:
+      - unifi/*
 
 keycloak:
   stage: build
@@ -94,28 +94,60 @@ keycloak:
   only:
     variables:
       - $CI_COMMIT_REF_PROTECTED == "true"
+    changes:
+      - keycloak/*
 
-dev-restic:
+pleroma:
   stage: build
   tags:
    - docker
   script:
-    - cd restic
-    - make nopush
-  only:
-    variables:
-      - $CI_COMMIT_REF_PROTECTED == "false"
-
-restic:
-  stage: build
-  tags:
-   - docker
-  script:
-    - cd restic
+    - cd pleroma
     - make push
   only:
     variables:
       - $CI_COMMIT_REF_PROTECTED == "true"
+    changes:
+      - pleroma/*
+
+roundcubemail:
+  stage: build
+  tags:
+   - docker
+  script:
+    - cd roundcubemail
+    - make push
+  only:
+    variables:
+      - $CI_COMMIT_REF_PROTECTED == "true"
+    changes:
+      - roundcubemail/*
+
+shields:
+  stage: build
+  tags:
+   - docker
+  script:
+    - cd shields
+    - make push
+  only:
+    variables:
+      - $CI_COMMIT_REF_PROTECTED == "true"
+    changes:
+      - shields/*
+
+synapse:
+  stage: build
+  tags:
+   - docker
+  script:
+    - cd synapse
+    - make push
+  only:
+    variables:
+      - $CI_COMMIT_REF_PROTECTED == "true"
+    changes:
+      - synapse/*
 
 .docker_init: &docker_init |
   if ! docker info &>/dev/null; then
@@ -132,8 +164,8 @@ restic:
   fi
 
   mkdir -p /root/.docker/cli-plugins
-  wget https://github.com/docker/buildx/releases/download/v0.4.2/buildx-v0.4.2.linux-amd64
-  mv buildx-v0.4.2.linux-amd64 /root/.docker/cli-plugins/docker-buildx
+  wget https://github.com/docker/buildx/releases/download/v0.5.1/buildx-v0.5.1.linux-amd64
+  mv buildx-v0.5.1.linux-amd64 /root/.docker/cli-plugins/docker-buildx
   chmod +x /root/.docker/cli-plugins/docker-buildx
   
 before_script:

dovecot/Dockerfile

@@ -0,0 +1,29 @@
+ARG DEBIAN_VERSION=20210408
+FROM docker.io/debian:bullseye-${DEBIAN_VERSION}-slim
+
+ENV container=docker
+ENV LC_ALL=C
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get -y update && apt-get -y install \
+    tini \
+    dovecot-core \
+    dovecot-imapd \
+    dovecot-lmtpd \
+    dovecot-ldap \
+    dovecot-managesieved \
+    dovecot-mysql \
+    dovecot-pgsql \
+    dovecot-sqlite \
+    dovecot-pop3d \
+    dovecot-sieve \
+    dovecot-solr \
+    dovecot-submissiond \
+    ca-certificates \
+    ssl-cert \
+    && rm -rf /etc/dovecot \
+    && mkdir /srv/mail && chown dovecot:dovecot /srv/mail \
+    && rm -rf /var/lib/apt/lists/*
+
+VOLUME [/etc/dovecot /srv/mail /var/mail]
+ENTRYPOINT ["/sbin/tini" "--"]
+CMD ["/usr/sbin/dovecot" "-F"]

dovecot/Makefile

@@ -0,0 +1,17 @@
+NAMESPACE=alemairebe
+VERSION=2.3.13
+IMAGE=dovecot
+
+push:
+	docker buildx build --platform linux/amd64,linux/arm64,linux/arm --push \
+      --cache-from=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
+      --cache-to=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
+      --tag ${CI_REGISTRY_IMAGE}/${IMAGE}:$(VERSION) \
+      --tag ${NAMESPACE}/${IMAGE}:$(VERSION) \
+      -f Dockerfile .
+
+dev:
+	docker buildx build --platform linux/amd64,linux/arm64,linux/arm \
+	--output type=tar,dest=synapse.tar \
+      --tag ${NAMESPACE}/${IMAGE}:$(VERSION) \
+      -f Dockerfile ${IMAGE}-${VERSION}

element/Dockerfile

@@ -0,0 +1,8 @@
+FROM nginx:1.20.0-alpine
+
+COPY ./element /app
+
+# Insert wasm type into Nginx mime.types file so they load correctly.
+RUN sed -i '3i\ \ \ \ application/wasm wasm\;' /etc/nginx/mime.types \
+ && rm -rf /usr/share/nginx/html \
+ && ln -s /app /usr/share/nginx/html

element/Makefile

@@ -0,0 +1,20 @@
+NAMESPACE=alemairebe
+IMAGE=element
+VERSION=v1.7.28
+
+push: get decompress build
+
+get:
+	wget https://github.com/vector-im/element-web/releases/download/${VERSION}/element-${VERSION}.tar.gz
+
+decompress:
+	tar -xf element-$(VERSION).tar.gz
+	mv element-$(VERSION) element
+	mv element/config.sample.json element/config.json
+
+build:
+	docker buildx build --platform linux/amd64,linux/arm64,linux/arm --push \
+	  --cache-from=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
+	  --cache-to=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
+	  --tag ${NAMESPACE}/${IMAGE}:$(VERSION) \
+	  --tag ${CI_REGISTRY_IMAGE}/${IMAGE}:$(VERSION) .

hugo/Dockerfile

@@ -0,0 +1,4 @@
+ARG ALPINE_VERSION=3.13.5
+
+FROM docker.io/alpine:${ALPINE_VERSION}
+RUN apk add --no-cache hugo rsync openssh-client

hugo/Makefile

@@ -0,0 +1,14 @@
+NAMESPACE=alemairebe
+IMAGE=hugo
+VERSION=0.83.1
+
+push: build
+
+
+build:
+	docker buildx build --platform linux/amd64,linux/arm64,linux/arm --push \
+	  --build-arg HUGO_VERSION=${VERSION} \
+	  --cache-from=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
+	  --cache-to=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
+	  --tag ${NAMESPACE}/${IMAGE}:$(VERSION) \
+	  --tag ${CI_REGISTRY_IMAGE}/${IMAGE}:$(VERSION) .

hugo/hugo.sh

@@ -0,0 +1,49 @@
+#!/bin/sh
+
+# This file is triggered inside the _base/Dockerfile-base file.
+
+set -e
+set -u
+
+# Variables
+# HUGO_VERSION is edited in Dockerfile.
+
+# Architecture
+TARGETPLATFORM=${TARGETPLATFORM:-linux/amd64}
+
+if [ "$TARGETPLATFORM" = "linux/amd64" ]; then
+    HUGO_ARCH="64bit"
+elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then
+    HUGO_ARCH="ARM64"
+elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then
+    HUGO_ARCH="ARM"
+else
+    echo "Unknown build architecture: $TARGETPLATFORM"
+    exit 2
+fi
+
+# Download binaries from release
+wget https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_${HUGO_VERSION}_Linux-${HUGO_ARCH}.tar.gz
+wget https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_${HUGO_VERSION}_checksums.txt
+
+# Verify checksums
+grep hugo_${HUGO_VERSION}_Linux-${HUGO_ARCH}.tar.gz hugo_${HUGO_VERSION}_checksums.txt | sha256sum -c
+
+# Prepare folders
+mkdir -p /usr/local/bin/
+
+# Unpack downloaded content
+tar -zxf hugo_${HUGO_VERSION}_Linux-${HUGO_ARCH}.tar.gz -C /usr/local/bin
+
+# Verify executable
+/usr/local/bin/hugo version
+
+# Create autocompletion script
+mkdir -p /etc/bash_completion.d
+/usr/local/bin/hugo gen autocomplete > /etc/bash_completion.d/hugo.sh
+
+# Create version file
+echo -n "${HUGO_VERSION}" > /etc/hugo-release
+
+# Remove binaries
+rm hugo_${HUGO_VERSION}_Linux-${HUGO_ARCH}.tar.gz hugo_${HUGO_VERSION}_checksums.txt

keycloak/Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:buster-20201209-slim
+FROM debian:buster-20210408-slim
 ADD https://curl.haxx.se/ca/cacert.pem /etc/ssl/certs/cacert.pem
 ENV CURL_CA_BUNDLE=/etc/ssl/certs/cacert.pem
 

keycloak/version

@@ -1 +1 @@
-VERSION=12.0.1
+VERSION=13.0.0

matrix-webhook/Dockerfile

@@ -0,0 +1,25 @@
+FROM node:10-alpine
+
+COPY . /
+WORKDIR /
+ENV NODE_ENV=development
+
+RUN npm install -g npm-check-updates
+RUN ncu -u matrix-appservice-bridge
+RUN apk add --no-cache -t build-deps make gcc g++ python libc-dev wget git dos2unix \
+    && apk add --no-cache ca-certificates \
+    && dos2unix docker-start.sh \
+    && chmod +x docker-start.sh \
+    && npm install \
+    && apk del build-deps
+
+ENV NODE_ENV=production
+ENV WEBHOOKS_USER_STORE_PATH=/data/user-store.db
+ENV WEBHOOKS_ROOM_STORE_PATH=/data/room-store.db
+ENV WEBHOOKS_DB_CONFIG_PATH=/data/database.json
+ENV WEBHOOKS_ENV=docker
+
+CMD /docker-start.sh
+
+EXPOSE 9000
+VOLUME ["/data"]

matrix-webhook/Makefile

@@ -0,0 +1,20 @@
+NAMESPACE=alemairebe
+VERSION=0.0.3
+
+IMAGE=matrix-webhook
+
+push: get decompress build
+
+get:
+	wget https://github.com/turt2live/matrix-appservice-webhooks/archive/refs/heads/master.zip
+
+decompress:
+	unzip master.zip
+
+build:
+	docker buildx build --platform linux/amd64,linux/arm64 --push \
+    	  --cache-from=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
+	  --cache-to=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
+	  --tag ${NAMESPACE}/${IMAGE}:$(VERSION) \
+	  --tag ${CI_REGISTRY_IMAGE}/${IMAGE}:$(VERSION) \
+	  -f Dockerfile matrix-appservice-webhooks-master

minio/Dockerfile

@@ -1,28 +0,0 @@
-FROM alpine:3.12.3
-
-ENV MINIO_ACCESS_KEY_FILE=access_key \
-    MINIO_SECRET_KEY_FILE=secret_key \
-    MINIO_KMS_MASTER_KEY_FILE=kms_master_key \
-    MINIO_SSE_MASTER_KEY_FILE=sse_master_key \
-    MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"
-
-EXPOSE 9000
-
-COPY entrypoint.sh /usr/bin/docker-entrypoint.sh
-
-RUN  \
-     apk add --no-cache ca-certificates 'curl>7.61.0' 'su-exec>=0.2' && \
-     echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf
-
-ARG VERSION
-ARG TARGETARCH
-ENV VERSION $VERSION
-ADD https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${VERSION} /usr/bin/minio
-
-RUN chmod +x /usr/bin/minio
-
-ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
-
-VOLUME ["/data"]
-
-CMD ["minio"]

minio/entrypoint.sh

@@ -1,104 +0,0 @@
-#!/bin/sh
-#
-# MinIO Cloud Storage, (C) 2019 MinIO, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-# If command starts with an option, prepend minio.
-if [ "${1}" != "minio" ]; then
-    if [ -n "${1}" ]; then
-        set -- minio "$@"
-    fi
-fi
-
-## Look for docker secrets at given absolute path or in default documented location.
-docker_secrets_env() {
-    if [ -f "$MINIO_ACCESS_KEY_FILE" ]; then
-        ACCESS_KEY_FILE="$MINIO_ACCESS_KEY_FILE"
-    else
-        ACCESS_KEY_FILE="/run/secrets/$MINIO_ACCESS_KEY_FILE"
-    fi
-    if [ -f "$MINIO_SECRET_KEY_FILE" ]; then
-        SECRET_KEY_FILE="$MINIO_SECRET_KEY_FILE"
-    else
-        SECRET_KEY_FILE="/run/secrets/$MINIO_SECRET_KEY_FILE"
-    fi
-
-    if [ -f "$ACCESS_KEY_FILE" ] && [ -f "$SECRET_KEY_FILE" ]; then
-        if [ -f "$ACCESS_KEY_FILE" ]; then
-            MINIO_ACCESS_KEY="$(cat "$ACCESS_KEY_FILE")"
-            export MINIO_ACCESS_KEY
-        fi
-        if [ -f "$SECRET_KEY_FILE" ]; then
-            MINIO_SECRET_KEY="$(cat "$SECRET_KEY_FILE")"
-            export MINIO_SECRET_KEY
-        fi
-    fi
-}
-
-## Set KMS_MASTER_KEY from docker secrets if provided
-docker_kms_encryption_env() {
-    if [ -f "$MINIO_KMS_MASTER_KEY_FILE" ]; then
-        KMS_MASTER_KEY_FILE="$MINIO_KMS_MASTER_KEY_FILE"
-    else
-        KMS_MASTER_KEY_FILE="/run/secrets/$MINIO_KMS_MASTER_KEY_FILE"
-    fi
-
-    if [ -f "$KMS_MASTER_KEY_FILE" ]; then
-        MINIO_KMS_MASTER_KEY="$(cat "$KMS_MASTER_KEY_FILE")"
-        export MINIO_KMS_MASTER_KEY
-    fi
-}
-
-## Legacy
-## Set SSE_MASTER_KEY from docker secrets if provided
-docker_sse_encryption_env() {
-    SSE_MASTER_KEY_FILE="/run/secrets/$MINIO_SSE_MASTER_KEY_FILE"
-
-    if [ -f "$SSE_MASTER_KEY_FILE" ]; then
-        MINIO_SSE_MASTER_KEY="$(cat "$SSE_MASTER_KEY_FILE")"
-        export MINIO_SSE_MASTER_KEY
-    fi
-}
-
-# su-exec to requested user, if service cannot run exec will fail.
-docker_switch_user() {
-    if [ ! -z "${MINIO_USERNAME}" ] && [ ! -z "${MINIO_GROUPNAME}" ]; then
-
-	if [ ! -z "${MINIO_UID}" ] && [ ! -z "${MINIO_GID}" ]; then
-		addgroup -S -g "$MINIO_GID" "$MINIO_GROUPNAME" && \
-                        adduser -S -u "$MINIO_UID" -G "$MINIO_GROUPNAME" "$MINIO_USERNAME"
-	else
-		addgroup -S "$MINIO_GROUPNAME" && \
-                	adduser -S -G "$MINIO_GROUPNAME" "$MINIO_USERNAME"
-	fi
-
-        exec su-exec "${MINIO_USERNAME}:${MINIO_GROUPNAME}" "$@"
-    else
-        # fallback
-        exec "$@"
-    fi
-}
-
-## Set access env from secrets if necessary.
-docker_secrets_env
-
-## Set kms encryption from secrets if necessary.
-docker_kms_encryption_env
-
-## Set sse encryption from secrets if necessary. Legacy
-docker_sse_encryption_env
-
-## Switch to user if applicable.
-docker_switch_user "$@"

minio/version

@@ -1 +0,0 @@
-VERSION=RELEASE.2021-01-08T21-18-21Z

pleroma/Makefile

@@ -0,0 +1,22 @@
+NAMESPACE=alemairebe
+include version
+
+IMAGE=pleroma
+
+push: get decompress ueberauth build
+
+get:
+	wget https://git.pleroma.social/pleroma/pleroma/-/archive/$(VERSION)/pleroma-$(VERSION).tar.bz2
+
+decompress:
+	tar -xf pleroma-$(VERSION).tar.bz2
+
+ueberauth:
+	sed -i 's/MIX_ENV\=prod/MIX_ENV\=prod \\\n    OAUTH_CONSUMER_STRATEGIES\="twitter facebook google microsoft keycloak:ueberauth_keycloak_strategy"/g' pleroma-$(VERSION)/Dockerfile
+
+build:
+	docker buildx build --platform linux/amd64,linux/arm64 --push \
+    	  --cache-from=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
+	  --cache-to=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
+	  --tag ${NAMESPACE}/${IMAGE}:$(VERSION) \
+	  --tag ${CI_REGISTRY_IMAGE}/${IMAGE}:$(VERSION) pleroma-$(VERSION)

pleroma/version

@@ -0,0 +1 @@
+VERSION=v2.3.0

restic/Dockerfile

@@ -1,7 +0,0 @@
-FROM alpine:3.12.3
-ARG VERSION
-ARG TARGETARCH
-ENV VERSION $VERSION
-ADD https://github.com/restic/restic/releases/download/v${VERSION}/restic_${VERSION}_linux_${TARGETARCH}.bz2 /root/restic.bz2
-RUN bunzip2 /root/restic.bz2 && chmod +x /root/restic && mv /root/restic /usr/bin/restic
-ENTRYPOINT ["/usr/bin/restic"]

restic/Makefile

@@ -1,18 +0,0 @@
-NAMESPACE=alemairebe
-include version
-
-IMAGE=restic
-
-nopush:
-	docker buildx build --platform linux/amd64 --load \
-	    --build-arg VERSION=$(VERSION) \
-    	--tag ${NAMESPACE}/${IMAGE}:$(VERSION) \
-		--tag ${CI_REGISTRY_IMAGE}/${IMAGE}:$(VERSION) .
-
-push:
-	docker buildx build --platform linux/amd64,linux/arm64,linux/arm,linux/ppc64le --push \
-	    --build-arg VERSION=$(VERSION) \
-    	--cache-from=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
-	    --cache-to=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
-	    --tag ${NAMESPACE}/${IMAGE}:$(VERSION) \
-		--tag ${CI_REGISTRY_IMAGE}/${IMAGE}:$(VERSION) .

restic/version

@@ -1 +0,0 @@
-VERSION=0.11.0

roundcubemail/Dockerfile

@@ -0,0 +1,133 @@
+FROM debian:buster-20210408-slim
+ENV APACHE_CONFDIR /etc/apache2
+ENV APACHE_ENVVARS $APACHE_CONFDIR/envvars
+RUN set -ex; \
+	apt-get update -qqy; \
+	apt-get install -qqy --no-install-recommends \
+		php-exif \
+		php-gd \
+		php-intl \
+		php-ldap \
+		php-pdo-mysql \
+		php-pdo-pgsql \
+		php-pdo-sqlite \
+		php-zip \
+		php-imagick \
+		php-cli \
+		php-mbstring \
+		php-xml \
+		apache2 \
+		libapache2-mod-php \
+		rsync \
+		curl \
+		gnupg \
+		dirmngr \
+		locales \
+		libc-l10n \
+	; \
+	rm -rf /var/lib/apt/lists/*; \
+	a2dismod mpm_event && a2enmod mpm_prefork && a2enmod rewrite; \
+	mkdir -p /etc/ssl/certs; \
+	curl -fLSko /etc/ssl/certs/cacert.pem https://curl.se/ca/cacert.pem; \
+	sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' "$APACHE_ENVVARS"; \
+	\
+	. "$APACHE_ENVVARS"; \
+	for dir in \
+		"$APACHE_LOCK_DIR" \
+		"$APACHE_RUN_DIR" \
+		"$APACHE_LOG_DIR" \
+	; do \
+		rm -rvf "$dir"; \
+		mkdir -p "$dir"; \
+		chown "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$dir"; \
+		chmod 777 "$dir"; \
+	done; \
+	\
+	rm -rvf /var/www/html/*; \
+	chmod 777 /var/www/html; \
+	\
+	# logs should go to stdout / stderr
+	ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log"; \
+	ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log"; \
+	ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log"; \
+	chown -R --no-dereference "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$APACHE_LOG_DIR"; \
+	{ \
+		echo '<FilesMatch \.php$>'; \
+		echo '\tSetHandler application/x-httpd-php'; \
+		echo '</FilesMatch>'; \
+		echo; \
+		echo 'DirectoryIndex disabled'; \
+		echo 'DirectoryIndex index.php index.html'; \
+		echo; \
+		echo '<Directory /var/www/>'; \
+		echo '\tOptions -Indexes'; \
+		echo '\tAllowOverride All'; \
+		echo '</Directory>'; \
+	} | tee "$APACHE_CONFDIR/conf-available/docker-php.conf" \
+	&& a2enconf docker-php
+
+ENV CURL_CA_BUNDLE=/etc/ssl/certs/cacert.pem \
+	SSL_CERT_FILE=/etc/ssl/certs/cacert.pem
+
+# install composer
+RUN set -ex; \
+	php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"; \
+	php -r "if (hash_file('sha384', 'composer-setup.php') === '756890a4488ce9024fc62c56153228907f1545c228516cbf63f885e036d37e9a59d27d63f46af1d4d07ee0f76181c7d3') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"; \
+	php composer-setup.php --install-dir=/usr/local/bin/ --version=2.0.9; \
+	php -r "unlink('composer-setup.php');" 
+
+# include the wait-for-it.sh script
+RUN curl -fL https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh > /wait-for-it.sh && chmod +x /wait-for-it.sh
+
+# use custom PHP settings
+COPY php.ini /usr/local/etc/php/conf.d/roundcube-defaults.ini
+
+COPY docker-entrypoint.sh /
+COPY apache2-foreground /usr/local/bin/
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["apache2-foreground"]
+
+# expose these volumes
+VOLUME /var/roundcube/config
+VOLUME /var/roundcube/db
+VOLUME /var/www/html
+VOLUME /tmp/roundcube-temp
+WORKDIR /var/www/html
+STOPSIGNAL SIGWINCH
+# Define Roundcubemail version
+ARG VERSION
+ENV ROUNDCUBEMAIL_VERSION $VERSION
+
+# Download package and extract to web volume
+RUN set -ex; \
+	chmod +x /docker-entrypoint.sh /usr/local/bin/apache2-foreground; \
+	curl -o roundcubemail.tar.gz -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz; \
+	curl -o roundcubemail.tar.gz.asc -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz.asc; \
+	export GNUPGHOME="$(mktemp -d)"; \
+	# workaround for "Cannot assign requested address", see e.g. https://github.com/inversepath/usbarmory-debian-base_image/issues/9
+	echo "disable-ipv6" > "$GNUPGHOME/dirmngr.conf"; \
+	# ha.pool.sks-keyservers.net seems to be unreliable, use pgp.mit.edu as fallback
+	gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys F3E4C04BB3DB5D4215C45F7F5AB2BAA141C4F7D5 || gpg --batch --keyserver pgp.mit.edu --recv-keys F3E4C04BB3DB5D4215C45F7F5AB2BAA141C4F7D5; \
+	gpg --batch --verify roundcubemail.tar.gz.asc roundcubemail.tar.gz; \
+	gpgconf --kill all; \
+	mkdir /usr/src/roundcubemail; \
+	tar -xf roundcubemail.tar.gz -C /usr/src/roundcubemail --strip-components=1 --no-same-owner; \
+	rm -r "$GNUPGHOME" roundcubemail.tar.gz.asc roundcubemail.tar.gz; \
+	rm -rf /usr/src/roundcubemail/installer; \
+	chown -R www-data:www-data /usr/src/roundcubemail/logs
+
+RUN set -ex; \
+	/usr/local/bin/composer.phar \
+        --working-dir=/usr/src/roundcubemail/ \
+        --prefer-dist --prefer-stable \
+        --no-update --no-interaction \
+        --optimize-autoloader --apcu-autoloader \
+        require \
+        	roundcube/carddav \
+    ; \
+    /usr/local/bin/composer.phar \
+        --working-dir=/usr/src/roundcubemail/ \
+        --prefer-dist --no-dev \
+        --no-interaction \
+        --optimize-autoloader --apcu-autoloader \
+        update;

roundcubemail/Makefile

@@ -1,7 +1,7 @@
 NAMESPACE=alemairebe
 include version
 
-IMAGE=minio
+IMAGE=roundcubemail
 
 nopush:
 	docker buildx build --platform linux/amd64 --load \
@@ -10,10 +10,9 @@ nopush:
 		--tag ${CI_REGISTRY_IMAGE}/${IMAGE}:$(VERSION) .
 
 push:
-	docker buildx build --platform linux/amd64,linux/arm64,linux/arm,linux/ppc64le --push \
+	docker buildx build --platform linux/amd64,linux/arm64,linux/arm --push \
 	    --build-arg VERSION=$(VERSION) \
     	--cache-from=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
 	    --cache-to=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
 	    --tag ${NAMESPACE}/${IMAGE}:$(VERSION) \
 		--tag ${CI_REGISTRY_IMAGE}/${IMAGE}:$(VERSION) .
-

roundcubemail/apache2-foreground

@@ -0,0 +1,40 @@
+#!/bin/bash
+set -e
+
+# Note: we don't just use "apache2ctl" here because it itself is just a shell-script wrapper around apache2 which provides extra functionality like "apache2ctl start" for launching apache2 in the background.
+# (also, when run as "apache2ctl <apache args>", it does not use "exec", which leaves an undesirable resident shell process)
+
+: "${APACHE_CONFDIR:=/etc/apache2}"
+: "${APACHE_ENVVARS:=$APACHE_CONFDIR/envvars}"
+if test -f "$APACHE_ENVVARS"; then
+	. "$APACHE_ENVVARS"
+fi
+
+# Apache gets grumpy about PID files pre-existing
+: "${APACHE_RUN_DIR:=/var/run/apache2}"
+: "${APACHE_PID_FILE:=$APACHE_RUN_DIR/apache2.pid}"
+rm -f "$APACHE_PID_FILE"
+
+# create missing directories
+# (especially APACHE_RUN_DIR, APACHE_LOCK_DIR, and APACHE_LOG_DIR)
+for e in "${!APACHE_@}"; do
+	if [[ "$e" == *_DIR ]] && [[ "${!e}" == /* ]]; then
+		# handle "/var/lock" being a symlink to "/run/lock", but "/run/lock" not existing beforehand, so "/var/lock/something" fails to mkdir
+		#   mkdir: cannot create directory '/var/lock': File exists
+		dir="${!e}"
+		while [ "$dir" != "$(dirname "$dir")" ]; do
+			dir="$(dirname "$dir")"
+			if [ -d "$dir" ]; then
+				break
+			fi
+			absDir="$(readlink -f "$dir" 2>/dev/null || :)"
+			if [ -n "$absDir" ]; then
+				mkdir -p "$absDir"
+			fi
+		done
+
+		mkdir -p "${!e}"
+	fi
+done
+
+exec apache2 -DFOREGROUND "$@"

roundcubemail/docker-entrypoint.sh

@@ -0,0 +1,144 @@
+#!/bin/bash
+# set -ex
+
+# PWD=`pwd`
+
+if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
+  # docroot is empty
+  if ! [ -e index.php -a -e bin/installto.sh ]; then
+    echo >&2 "roundcubemail not found in $PWD - copying now..."
+    if [ "$(ls -A)" ]; then
+      echo >&2 "WARNING: $PWD is not empty - press Ctrl+C now if this is an error!"
+      ( set -x; ls -A; sleep 10 )
+    fi
+    tar cf - --one-file-system -C /usr/src/roundcubemail . | tar xf -
+    echo >&2 "Complete! ROUNDCUBEMAIL has been successfully copied to $PWD"
+  # update Roundcube in docroot
+  else
+    INSTALLDIR=`pwd`
+    echo >&2 "roundcubemail found in $INSTALLDIR - installing update..."
+    (cd /usr/src/roundcubemail && bin/installto.sh -y $INSTALLDIR)
+    composer.phar update --no-dev
+  fi
+
+  if [ -f /run/secrets/roundcube_db_user ]; then
+    ROUNDCUBEMAIL_DB_USER=`cat /run/secrets/roundcube_db_user`
+  fi
+  if [ -f /run/secrets/roundcube_db_password ]; then
+    ROUNDCUBEMAIL_DB_PASSWORD=`cat /run/secrets/roundcube_db_password`
+  fi
+
+  if [ ! -z "${!POSTGRES_ENV_POSTGRES_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "pgsql" ]; then
+    : "${ROUNDCUBEMAIL_DB_TYPE:=pgsql}"
+    : "${ROUNDCUBEMAIL_DB_HOST:=postgres}"
+    : "${ROUNDCUBEMAIL_DB_PORT:=5432}"
+    : "${ROUNDCUBEMAIL_DB_USER:=${POSTGRES_ENV_POSTGRES_USER}}"
+    : "${ROUNDCUBEMAIL_DB_PASSWORD:=${POSTGRES_ENV_POSTGRES_PASSWORD}}"
+    : "${ROUNDCUBEMAIL_DB_NAME:=${POSTGRES_ENV_POSTGRES_DB:-roundcubemail}}"
+    : "${ROUNDCUBEMAIL_DSNW:=${ROUNDCUBEMAIL_DB_TYPE}://${ROUNDCUBEMAIL_DB_USER}:${ROUNDCUBEMAIL_DB_PASSWORD}@${ROUNDCUBEMAIL_DB_HOST}:${ROUNDCUBEMAIL_DB_PORT}/${ROUNDCUBEMAIL_DB_NAME}}"
+
+    /wait-for-it.sh ${ROUNDCUBEMAIL_DB_HOST}:${ROUNDCUBEMAIL_DB_PORT} -t 30
+  elif [ ! -z "${!MYSQL_ENV_MYSQL_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "mysql" ]; then
+    : "${ROUNDCUBEMAIL_DB_TYPE:=mysql}"
+    : "${ROUNDCUBEMAIL_DB_HOST:=mysql}"
+    : "${ROUNDCUBEMAIL_DB_PORT:=3306}"
+    : "${ROUNDCUBEMAIL_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}}"
+    if [ "$ROUNDCUBEMAIL_DB_USER" = 'root' ]; then
+      : "${ROUNDCUBEMAIL_DB_PASSWORD:=${MYSQL_ENV_MYSQL_ROOT_PASSWORD}}"
+    else
+      : "${ROUNDCUBEMAIL_DB_PASSWORD:=${MYSQL_ENV_MYSQL_PASSWORD}}"
+    fi
+    : "${ROUNDCUBEMAIL_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-roundcubemail}}"
+    : "${ROUNDCUBEMAIL_DSNW:=${ROUNDCUBEMAIL_DB_TYPE}://${ROUNDCUBEMAIL_DB_USER}:${ROUNDCUBEMAIL_DB_PASSWORD}@${ROUNDCUBEMAIL_DB_HOST}:${ROUNDCUBEMAIL_DB_PORT}/${ROUNDCUBEMAIL_DB_NAME}}"
+
+    /wait-for-it.sh ${ROUNDCUBEMAIL_DB_HOST}:${ROUNDCUBEMAIL_DB_PORT} -t 30
+  else
+    # use local SQLite DB in /var/roundcube/db
+    : "${ROUNDCUBEMAIL_DB_TYPE:=sqlite}"
+    : "${ROUNDCUBEMAIL_DB_DIR:=/var/roundcube/db}"
+    : "${ROUNDCUBEMAIL_DB_NAME:=sqlite}"
+    : "${ROUNDCUBEMAIL_DSNW:=${ROUNDCUBEMAIL_DB_TYPE}:///$ROUNDCUBEMAIL_DB_DIR/${ROUNDCUBEMAIL_DB_NAME}.db?mode=0646}"
+
+    mkdir -p $ROUNDCUBEMAIL_DB_DIR
+    chown www-data:www-data $ROUNDCUBEMAIL_DB_DIR
+  fi
+
+  : "${ROUNDCUBEMAIL_DEFAULT_HOST:=localhost}"
+  : "${ROUNDCUBEMAIL_DEFAULT_PORT:=143}"
+  : "${ROUNDCUBEMAIL_SMTP_SERVER:=localhost}"
+  : "${ROUNDCUBEMAIL_SMTP_PORT:=587}"
+  : "${ROUNDCUBEMAIL_PLUGINS:=archive,zipdownload}"
+  : "${ROUNDCUBEMAIL_SKIN:=larry}"
+  : "${ROUNDCUBEMAIL_TEMP_DIR:=/tmp/roundcube-temp}"
+  : "${ROUNDCUBEMAIL_IMAP_CACHE_TTL:7d}"
+  : "${ROUNDCUBEMAIL_MESSAGES_CACHE_TTL:3m}"
+  : "${ROUNDCUBEMAIL_MESSAGES_CACHE_TRESHOLD:3mb}"
+  
+
+  if [ ! -e config/config.inc.php ]; then
+    ROUNDCUBEMAIL_DES_KEY=`head /dev/urandom | base64 | head -c 24`
+    touch config/config.inc.php
+
+    echo "Write root config to $PWD/config/config.inc.php"
+    echo "<?php
+    \$config['plugins'] = [];
+    \$config['log_driver'] = 'stdout';
+    \$config['zipdownload_selection'] = true;
+    \$config['des_key'] = '${ROUNDCUBEMAIL_DES_KEY}';
+    include(__DIR__ . '/config.docker.inc.php');
+    " > config/config.inc.php
+
+  elif ! grep -q "config.docker.inc.php" config/config.inc.php; then
+    echo "include(__DIR__ . '/config.docker.inc.php');" >> config/config.inc.php
+  fi
+
+  ROUNDCUBEMAIL_PLUGINS_PHP=`echo "${ROUNDCUBEMAIL_PLUGINS}" | sed -E "s/[, ]+/', '/g"`
+  echo "Write Docker config to $PWD/config/config.docker.inc.php"
+  echo "<?php
+  \$config['db_dsnw'] = '${ROUNDCUBEMAIL_DSNW}';
+  \$config['db_dsnr'] = '${ROUNDCUBEMAIL_DSNR}';
+  \$config['default_host'] = '${ROUNDCUBEMAIL_DEFAULT_HOST}';
+  \$config['default_port'] = '${ROUNDCUBEMAIL_DEFAULT_PORT}';
+  \$config['smtp_server'] = '${ROUNDCUBEMAIL_SMTP_SERVER}';
+  \$config['smtp_port'] = '${ROUNDCUBEMAIL_SMTP_PORT}';
+  \$config['temp_dir'] = '${ROUNDCUBEMAIL_TEMP_DIR}';
+  \$config['skin'] = '${ROUNDCUBEMAIL_SKIN}';
+  \$config['plugins'] = array_filter(array_unique(array_merge(\$config['plugins'], ['${ROUNDCUBEMAIL_PLUGINS_PHP}'])));
+  \$config['imap_cache'] = 'db';
+  \$config['imap_cache_ttl'] = '${ROUNDCUBEMAIL_IMAP_CACHE_TTL}';
+  \$config['messages_cache'] = 'db';
+  \$config['messages_cache_threshold'] = '${ROUNDCUBEMAIL_MESSAGES_CACHE_THRESHOLD}';
+  \$config['messages_cache_ttl'] = '${ROUNDCUBEMAIL_MESSAGES_CACHE_TTL}';
+  " > config/config.docker.inc.php
+
+  if [ -e /run/secrets/roundcube_des_key ]; then
+    ROUNDCUBEMAIL_DES_KEY=`cat /run/secrets/roundcube_des_key`
+    echo "\$config['des_key'] = '${ROUNDCUBEMAIL_DES_KEY}';" >> config/config.docker.inc.php
+  fi
+
+  # include custom config files
+  for fn in `ls /var/roundcube/config/*.php 2>/dev/null || true`; do
+    echo "include('$fn');" >> config/config.docker.inc.php
+  done
+
+  # initialize or update DB
+  bin/initdb.sh --dir=$PWD/SQL --create || bin/updatedb.sh --dir=$PWD/SQL --package=roundcube || echo "Failed to initialize database. Please run $PWD/bin/initdb.sh and $PWD/bin/updatedb.sh manually."
+
+  if [ ! -z "${ROUNDCUBEMAIL_TEMP_DIR}" ]; then
+    mkdir -p ${ROUNDCUBEMAIL_TEMP_DIR} && chown www-data ${ROUNDCUBEMAIL_TEMP_DIR}
+  fi
+
+  if [ ! -z "${ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE}" ]; then
+    echo "upload_max_filesize=${ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE}" >> /usr/local/etc/php/conf.d/roundcube-override.ini
+    echo "post_max_size=${ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE}" >> /usr/local/etc/php/conf.d/roundcube-override.ini
+  fi
+
+  : "${ROUNDCUBEMAIL_LOCALE:=en_US.UTF-8 UTF-8}"
+
+  if [ -e /usr/sbin/locale-gen ] && [ ! -z "${ROUNDCUBEMAIL_LOCALE}" ]; then
+    echo "${ROUNDCUBEMAIL_LOCALE}" > /etc/locale.gen
+    /usr/sbin/locale-gen
+  fi
+fi
+
+exec "$@"

roundcubemail/php.ini

@@ -0,0 +1,10 @@
+memory_limit=64M
+display_errors=Off
+log_errors=On
+upload_max_filesize=5M
+post_max_size=6M
+zlib.output_compression=Off
+session.auto_start=Off
+session.gc_maxlifetime=21600
+session.gc_divisor=500
+session.gc_probability=1

roundcubemail/version

@@ -0,0 +1 @@
+VERSION=1.5-beta

shields/Dockerfile

@@ -0,0 +1,18 @@
+FROM node:12-alpine
+
+RUN mkdir -p /usr/src/app/private
+WORKDIR /usr/src/app
+
+COPY . /usr/src/app
+# We need dev deps to build the front end. We don't need Cypress, though.
+RUN NODE_ENV=development CYPRESS_INSTALL_BINARY=0 npm ci && \
+    npm run build && \
+    npm prune --production && \
+    npm cache clean --force
+
+# Run the server using production configs.
+ENV NODE_ENV production
+
+CMD node server
+
+EXPOSE 80

shields/Makefile

@@ -0,0 +1,20 @@
+NAMESPACE=alemairebe
+include version
+
+IMAGE=shields
+
+push: get decompress build
+
+get:
+	wget https://github.com/badges/shields/archive/$(VERSION).tar.gz
+
+decompress:
+	tar -xf $(VERSION).tar.gz
+
+build:
+	docker buildx build --platform linux/amd64,linux/arm64 --push \
+	  --cache-from=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
+	  --cache-to=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
+	  --tag ${NAMESPACE}/${IMAGE}:$(VERSION) \
+	  --tag ${CI_REGISTRY_IMAGE}/${IMAGE}:$(VERSION) \
+	  --file Dockerfile shields-$(VERSION)

shields/version

@@ -0,0 +1 @@
+VERSION=server-2021-05-01

synapse/Dockerfile

@@ -0,0 +1,155 @@
+# Dockerfile to build the matrixdotorg/synapse docker images.
+#
+# To build the image, run `docker build` command from the root of the
+# synapse repository:
+#
+#    docker build -f docker/Dockerfile .
+#
+#
+ARG DEBIAN_VERSION=20210408
+###
+### Stage 0: builder
+###
+FROM docker.io/debian:bullseye-${DEBIAN_VERSION}-slim as builder
+
+# install the OS build deps
+RUN apt-get update && apt-get install -y \
+    build-essential \
+    libffi-dev \
+    libjpeg-dev \
+    libpq-dev \
+    libssl-dev \
+    libwebp-dev \
+    libxml++2.6-dev \
+    libxslt1-dev \
+    openssl \
+    python3-dev \
+    cargo \
+    rustc \
+    zlib1g-dev \
+    python3-pip \
+    python3-jsonschema \
+    python3-frozendict \
+    python3-unpaddedbase64 \
+    python3-nacl \
+    python3-idna \
+    python3-twisted \
+    python3-treq \
+    python3-yaml \
+    python3-pyasn1-modules \
+    python3-bcrypt \
+    python3-pillow \
+    python3-sortedcontainers \
+    python3-pymacaroons \
+    python3-msgpack \
+    python3-phonenumbers \
+    python3-netaddr \
+    python3-jinja2 \
+    python3-bleach \
+    python3-pysaml2 \
+    python3-systemd \
+    python3-lxml \
+    python3-jwt \
+    python3-hiredis\
+    python3-canonicaljson \
+    python3-signedjson \
+    python3-typing-extensions \
+    python3-psycopg2cffi \
+    python3-txacme \
+    python3-authlib \
+    python3-sentry-sdk \
+    python3-opentracing \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy just what we need to pip install
+COPY scripts /synapse/scripts/
+COPY MANIFEST.in README.rst setup.py synctl /synapse/
+COPY synapse/__init__.py /synapse/synapse/__init__.py
+COPY synapse/python_dependencies.py /synapse/synapse/python_dependencies.py
+
+# To speed up rebuilds, install all of the dependencies before we copy over
+# the whole synapse project so that we this layer in the Docker cache can be
+# used while you develop on the source
+#
+# This is aiming at installing the `install_requires` and `extras_require` from `setup.py`
+RUN pip install --upgrade pip && \
+    pip install --prefix="/install" --no-warn-script-location \
+    /synapse[all]
+
+# Copy over the rest of the project
+COPY synapse /synapse/synapse/
+
+# Install the synapse package itself and all of its children packages.
+#
+# This is aiming at installing only the `packages=find_packages(...)` from `setup.py
+RUN pip3 install --prefix="/install" --no-deps --no-warn-script-location /synapse
+
+###
+### Stage 1: runtime
+###
+
+FROM docker.io/debian:bullseye-${DEBIAN_VERSION}-slim
+
+LABEL org.opencontainers.image.url='https://matrix.org/docs/projects/server/synapse'
+LABEL org.opencontainers.image.documentation='https://github.com/matrix-org/synapse/blob/master/docker/README.md'
+LABEL org.opencontainers.image.source='https://github.com/matrix-org/synapse.git'
+LABEL org.opencontainers.image.licenses='Apache-2.0'
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    curl \
+    gosu \
+    libjpeg62-turbo \
+    libpq5 \
+    libwebp6 \
+    xmlsec1 \
+    libjemalloc2 \
+    libssl-dev \
+    openssl \
+    python3-jsonschema \
+    python3-frozendict \
+    python3-unpaddedbase64 \
+    python3-nacl \
+    python3-idna \
+    python3-twisted \
+    python3-treq \
+    python3-yaml \
+    python3-pyasn1-modules \
+    python3-bcrypt \
+    python3-pillow \
+    python3-sortedcontainers \
+    python3-pymacaroons \
+    python3-msgpack \
+    python3-phonenumbers \
+    python3-netaddr \
+    python3-jinja2 \
+    python3-bleach \
+    python3-pysaml2 \
+    python3-systemd \
+    python3-lxml \
+    python3-jwt \
+    python3-hiredis\
+    python3-canonicaljson \
+    python3-signedjson \
+    python3-typing-extensions \
+    python3-psycopg2cffi \
+    python3-txacme \
+    python3-authlib \
+    python3-sentry-sdk \
+    python3-opentracing \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY --from=builder /install /usr/local
+COPY ./docker/start.py /start.py
+COPY ./docker/conf /conf
+
+RUN ln -s /usr/bin/python3 /usr/local/bin/python && \
+    mv /usr/local/lib/python3.9/site-packages/* /usr/local/lib/python3.9/dist-packages/
+
+VOLUME ["/data"]
+
+EXPOSE 8008/tcp 8009/tcp 8448/tcp
+
+ENTRYPOINT ["/start.py"]
+
+HEALTHCHECK --interval=1m --timeout=5s \
+    CMD curl -fSs http://localhost:8008/health || exit 1

synapse/Makefile

@@ -0,0 +1,27 @@
+NAMESPACE=alemairebe
+VERSION=1.36.0
+IMAGE=synapse
+
+push: get decompress build
+
+dev: get decompress build_dev
+
+get:
+	wget https://github.com/matrix-org/synapse/archive/refs/tags/v$(VERSION).tar.gz
+
+decompress:
+	tar -xf v$(VERSION).tar.gz
+
+build:
+	docker buildx build --platform linux/amd64,linux/arm64,linux/arm --push \
+      --cache-from=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
+      --cache-to=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
+      --tag ${CI_REGISTRY_IMAGE}/${IMAGE}:$(VERSION) \
+      --tag ${NAMESPACE}/${IMAGE}:$(VERSION) \
+      -f Dockerfile ${IMAGE}-${VERSION}
+
+build_dev:
+	docker buildx build --platform linux/amd64,linux/arm64,linux/arm \
+	--output type=tar,dest=synapse.tar \
+      --tag ${NAMESPACE}/${IMAGE}:$(VERSION) \
+      -f Dockerfile ${IMAGE}-${VERSION}

unifi/Dockerfile

@@ -1,11 +1,13 @@
-FROM ubuntu:focal-20201106
+FROM ubuntu:focal-20210416
 
 ARG DEBIAN_FRONTEND=noninteractive
+COPY entrypoint.sh /docker-entrypoint.sh
 
 ARG TARGETARCH
 ARG UNIFI_VERSION
 ARG VERSION
 ENV VERSION $VERSION
+ENV JAVA_OPTS -Xmx512M
 
 WORKDIR /tmp
 RUN mkdir -p /usr/share/man/man1 && \
@@ -15,16 +17,13 @@ RUN mkdir -p /usr/share/man/man1 && \
     apt install -qqy --no-install-recommends /tmp/unifi_sysvinit_all.deb procps tini openjdk-8-jre-headless && \
     apt remove -qqy wget && \
     rm -rf /var/lib/apt/lists/* && \
-    rm /tmp/unifi_sysvinit_all.deb
+    rm /tmp/unifi_sysvinit_all.deb && \
+    ln -s /var/lib/unifi /usr/lib/unifi/data
 
 
-RUN ln -s /var/lib/unifi /usr/lib/unifi/data
 EXPOSE 8080/tcp 8443/tcp 8843/tcp 8880/tcp 3478/udp
 
 WORKDIR /var/lib/unifi
-ENV JAVA_OPTS -Xmx512M
 
-COPY entrypoint.sh /docker-entrypoint.sh
 ENTRYPOINT ["/usr/bin/tini", "-g", "--", "/docker-entrypoint.sh"]
-
 CMD ["start"]

unifi/version

@@ -1,2 +1,2 @@
-VERSION=6.0.43
-UNIFI_VERSION=6.0.43
+VERSION=6.2.26
+UNIFI_VERSION=6.2.26-a79cb15f05

watchdog/Dockerfile

@@ -1,8 +0,0 @@
-FROM debian:buster-20201209-slim
-ARG DEBIAN_FRONTEND=noninteractive
-ARG VERSION
-RUN apt update -qq && \
-    apt install -qqy --no-install-recommends watchdog=$VERSION && \
-    rm -rf /var/lib/apt/lists/*
-
-ENTRYPOINT ["/usr/sbin/watchdog", "-F"]

watchdog/Makefile

@@ -1,19 +0,0 @@
-NAMESPACE=alemairebe
-include version
-
-IMAGE=watchdog
-
-nopush:
-	docker buildx build --platform linux/amd64 --load \
-	    --build-arg VERSION=$(VERSION) \
-    	--tag ${NAMESPACE}/${IMAGE}:$(VERSION) \
-		--tag ${CI_REGISTRY_IMAGE}/${IMAGE}:$(VERSION) .
-
-push:
-	docker buildx build --platform linux/amd64,linux/arm64,linux/arm,linux/ppc64le --push \
-	    --build-arg VERSION=$(VERSION) \
-    	--cache-from=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
-	    --cache-to=type=registry,ref=${NAMESPACE}/buildx:${IMAGE} \
-	    --tag ${NAMESPACE}/${IMAGE}:$(VERSION) \
-		--tag ${CI_REGISTRY_IMAGE}/${IMAGE}:$(VERSION) .
-

watchdog/version

@@ -1 +0,0 @@
-VERSION=5.15-2