Update

2023-10-28 17:55:22 +02:00 · 2023-10-28 17:55:22 +02:00 · 0096c60399
commit 0096c60399
parent ea26436c38
13 changed files with 18 additions and 35 deletions
--- a/container-config/synapse/homeserver.yaml
+++ b/container-config/synapse/homeserver.yaml
@ -1,15 +1,15 @@
 server_name: strypsteen.me
 report_stats: false
 log_config: /etc/synapse/log_config.yaml
-signing_key_path: /var/lib/synapse/signing.key
+signing_key_path: /data/signing.key
 database:
  name: psycopg2
  args:
    host: systemd-postgresql.
    user: synapse
-    password: DB_PASS
+    password: synapse
    database: synapse
-media_store_path: /var/lib/synapse/media
+media_store_path: /data/media
 listeners:
  - type: http
    bind_addresses: ['::']
@ -22,5 +22,4 @@ trusted_key_servers:
 suppress_key_server_warning: true
 turn_uris: ["turn:vps.strypsteen.com"]
 turn_allow_guests: false
-turn_shared_secret: TURN_SECRET
 delete_stale_devices_after: 1y
--- a/container-config/synapse/log_config.yaml
+++ b/container-config/synapse/log_config.yaml
--- a/containers-home/gitea/gitea.container
+++ b/containers-home/gitea/gitea.container
@ -1,8 +1,7 @@
 [Container]
 Image=docker.io/gitea/gitea:latest-rootless
-UserNS=keep-id:uid=1000,gid=1000
 Volume=/home/gitea/app.ini:/etc/gitea/app.ini:Z,ro
-Volume=/home/gitea/data:/var/lib/gitea:Z
+Volume=/home/gitea/data:/var/lib/gitea:U,Z
 PublishPort=[::1]:8001:3000
 AutoUpdate=registry
 [Install]
--- a/containers-home/monero/monero.container
+++ b/containers-home/monero/monero.container
@ -1,7 +1,6 @@
 [Container]
 Image=git.strypsteen.me/mathieu/monero
-UserNS=keep-id:uid=100,gid=101
-Volume=/home/monero/data:/.bitmonero:Z
+Volume=/home/monero/data:/.bitmonero:U,Z
 PublishPort=18089:18089
 AutoUpdate=registry
 [Install]
--- a/containers-home/synapse/postgresql.container
+++ b/containers-home/synapse/postgresql.container
@ -1,8 +1,7 @@
 [Container]
-Image=git.strypsteen.me/mathieu/postgresql
-UserNS=keep-id:uid=70,gid=70
+Image=docker.io/postgres:16-alpine
 Network=synapse.network
-Volume=/home/synapse/db:/var/lib/postgres:Z
+Volume=/home/synapse/db:/var/lib/postgresql/data:U,Z
 AutoUpdate=registry
 [Install]
 WantedBy=default.target
--- a/containers-home/synapse/synapse.container
+++ b/containers-home/synapse/synapse.container
@ -2,13 +2,13 @@
 Requires=postgresql.service
 After=postgresql.service
 [Container]
-Image=git.strypsteen.me/mathieu/synapse
-UserNS=keep-id:uid=100,gid=101
+Image=docker.io/matrixdotorg/synapse
 Network=synapse.network
-Volume=/home/synapse/data:/var/lib/synapse:Z
-Tmpfs=/etc/synapse
+User=991
+Exec=run --config-path /etc/synapse/homeserver.yaml --config-path /data/turn.yaml
+Volume=/var/lib/system-config/container-config/synapse:/etc/synapse:O
+Volume=/home/synapse/data:/data:U,Z
 PublishPort=[::1]:8000:8080
-EnvironmentFile=/home/synapse/synapse.cfg
 AutoUpdate=registry
 [Install]
 WantedBy=default.target
--- a/containers-vps/podman-mail/dovecot.container
+++ b/containers-vps/podman-mail/dovecot.container
@ -1,7 +1,5 @@
 [Container]
 Image=git.strypsteen.me/mathieu/dovecot
-UserNS=keep-id:uid=1000,gid=1000
-User=0
 Volume=/etc/certificates:/etc/certificates:O
 Volume=/home/podman-mail/dovecot:/etc/dovecot-local:O
 Volume=/home/podman-mail/mail:/srv/mail:Z
--- a/containers-vps/podman-mail/redis.container
+++ b/containers-vps/podman-mail/redis.container
@ -1,8 +1,7 @@
 [Container]
 Image=cgr.dev/chainguard/redis
 Network=rspamd.network
-UserNS=keep-id:uid=65532,gid=65532
-Volume=redis.volume:/data:Z
+Volume=redis.volume:/data:U,Z
 AutoUpdate=registry
 [Install]
 WantedBy=default.target
--- a/containers-vps/podman-mail/rspamd.container
+++ b/containers-vps/podman-mail/rspamd.container
@ -4,9 +4,8 @@ After=redis.service
 [Container]
 Image=docker.io/rspamd/rspamd
 Network=rspamd.network
-UserNS=keep-id:uid=11333,gid=11333
 Volume=/var/lib/system-config/container-config/rspamd:/etc/rspamd/local.d:O
-Volume=rspamd.volume:/var/lib/rspamd:Z
+Volume=rspamd.volume:/var/lib/rspamd:U,Z
 Volume=/home/podman-mail/dkim:/var/lib/rspamd/dkim:O
 PublishPort=[::1]:11332:11332
 AutoUpdate=registry
--- a/containers/postgresql/Dockerfile
+++ b/containers/postgresql/Dockerfile
@ -1,6 +0,0 @@
-FROM git.strypsteen.me/mathieu/alpine
-RUN sed -i s/v3.18/edge/ /etc/apk/repositories
-RUN apk upgrade
-RUN apk add postgresql16
-USER postgres
-CMD postgres -D /var/lib/postgres -k /tmp
--- a/containers/synapse/Dockerfile
+++ b/containers/synapse/Dockerfile
@ -1,6 +0,0 @@
-FROM git.strypsteen.me/mathieu/alpine
-RUN apk add synapse
-COPY --chown=synapse homeserver.yaml /etc/synapse/homeserver.yaml
-COPY log_config.yaml /etc/synapse/log_config.yaml
-USER synapse
-CMD sed s/DB_PASS/$DB_PASS/ -i /etc/synapse/homeserver.yaml && sed s/TURN_SECRET/$TURN_SECRET/ -i /etc/synapse/homeserver.yaml && synapse_homeserver -c /etc/synapse/homeserver.yaml
--- a/desktop/var/lib/flatpak/extension/org.mozilla.firefox.systemconfig/x86_64/stable/policies/policies.json
+++ b/desktop/var/lib/flatpak/extension/org.mozilla.firefox.systemconfig/x86_64/stable/policies/policies.json
@ -12,6 +12,10 @@
      "Locked": true,
      "ProviderURL": "https://dns10.quad9.net/dns-query"
    },
+    "EnableTrackingProtection": {
+      "Value": true,
+      "Locked": true
+    },
    "ExtensionSettings": {
      "amazon@search.mozilla.org": {
        "installation_mode": "blocked"
--- a/setup-common.sh
+++ b/setup-common.sh
@ -2,4 +2,3 @@
 set -e
 cp -R common/* /
 sed -E "s/#(auth.+required)/\1/" -i /etc/pam.d/su
-authselect select minimal