updates for appservices

Author: dr-bonez

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "synapse"]
+	path = synapse
+	url = https://github.com/element-hq/synapse.git

Dockerfile

@@ -0,0 +1,175 @@
+# syntax=docker/dockerfile:1
+# Custom Dockerfile for Synapse — replaces ghcr.io/astral-sh/uv with pip
+# for riscv64 compatibility. Based on upstream synapse/docker/Dockerfile.
+#
+# Changes from upstream:
+# - Stage 0: Replace uv image with python-slim, use pip-installed poetry
+# - Stage 1: Replace uv image with python, use pip instead of uv
+# - Stage 2: Add riscv64 to runtime dependency architectures
+
+ARG DEBIAN_VERSION=trixie
+ARG PYTHON_VERSION=3.13
+ARG POETRY_VERSION=2.1.1
+
+###
+### Stage 0: generate requirements.txt
+###
+### This stage is platform-agnostic, so we can use the build platform in case of cross-compilation.
+###
+FROM --platform=$BUILDPLATFORM docker.io/library/python:${PYTHON_VERSION}-slim-${DEBIAN_VERSION} AS requirements
+
+WORKDIR /synapse
+
+# Copy just what we need to run `poetry export`...
+COPY pyproject.toml poetry.lock /synapse/
+
+# If specified, we won't verify the hashes of dependencies.
+# This is only needed if the hashes of dependencies cannot be checked for some
+# reason, such as when a git repository is used directly as a dependency.
+ARG TEST_ONLY_SKIP_DEP_HASH_VERIFICATION
+
+# If specified, we won't use the Poetry lockfile.
+# Instead, we'll just install what a regular `pip install` would from PyPI.
+ARG TEST_ONLY_IGNORE_POETRY_LOCKFILE
+
+# Export the dependencies, but only if we're actually going to use the Poetry lockfile.
+# Otherwise, just create an empty requirements file so that the Dockerfile can
+# proceed.
+ARG POETRY_VERSION
+RUN --mount=type=cache,target=/root/.cache/pip \
+  if [ -z "$TEST_ONLY_IGNORE_POETRY_LOCKFILE" ]; then \
+    pip install poetry==${POETRY_VERSION} poetry-plugin-export==1.9.0 && \
+    poetry export --extras all -o /synapse/requirements.txt ${TEST_ONLY_SKIP_DEP_HASH_VERIFICATION:+--without-hashes}; \
+  else \
+    touch /synapse/requirements.txt; \
+  fi
+
+###
+### Stage 1: builder
+###
+FROM docker.io/library/python:${PYTHON_VERSION}-${DEBIAN_VERSION} AS builder
+
+# Install rust and ensure its in the PATH
+ENV RUSTUP_HOME=/rust
+ENV CARGO_HOME=/cargo
+ENV PATH=/cargo/bin:/rust/bin:$PATH
+RUN mkdir /rust /cargo
+
+RUN curl -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path --default-toolchain stable --profile minimal
+
+# arm64 builds consume a lot of memory if `CARGO_NET_GIT_FETCH_WITH_CLI` is not
+# set to true, so we expose it as a build-arg.
+ARG CARGO_NET_GIT_FETCH_WITH_CLI=false
+ENV CARGO_NET_GIT_FETCH_WITH_CLI=$CARGO_NET_GIT_FETCH_WITH_CLI
+
+# To speed up rebuilds, install all of the dependencies before we copy over
+# the whole synapse project, so that this layer in the Docker cache can be
+# used while you develop on the source
+#
+# This is aiming at installing the `[tool.poetry.depdendencies]` from pyproject.toml.
+COPY --from=requirements /synapse/requirements.txt /synapse/
+RUN --mount=type=cache,target=/root/.cache/pip \
+  pip install --prefix="/install" --no-deps -r /synapse/requirements.txt
+
+# Copy over the rest of the synapse source code.
+COPY synapse /synapse/synapse/
+COPY rust /synapse/rust/
+# ... and what we need to `pip install`.
+COPY pyproject.toml README.rst build_rust.py Cargo.toml Cargo.lock /synapse/
+
+# Repeat of earlier build argument declaration, as this is a new build stage.
+ARG TEST_ONLY_IGNORE_POETRY_LOCKFILE
+
+# Install the synapse package itself.
+# If we have populated requirements.txt, we don't install any dependencies
+# as we should already have those from the previous `pip install` step.
+RUN \
+  --mount=type=cache,target=/root/.cache/pip \
+  --mount=type=cache,target=/synapse/target,sharing=locked \
+  --mount=type=cache,target=${CARGO_HOME}/registry,sharing=locked \
+  if [ -z "$TEST_ONLY_IGNORE_POETRY_LOCKFILE" ]; then \
+    pip install --prefix="/install" --no-deps /synapse[all]; \
+  else \
+    pip install --prefix="/install" /synapse[all]; \
+  fi
+
+###
+### Stage 2: runtime dependencies download for ARM64, AMD64, and RISCV64
+###
+FROM --platform=$BUILDPLATFORM docker.io/library/debian:${DEBIAN_VERSION} AS runtime-deps
+
+# Tell apt to keep downloaded package files, as we're using cache mounts.
+RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
+
+# Add all target architectures
+RUN dpkg --add-architecture arm64
+RUN dpkg --add-architecture amd64
+RUN dpkg --add-architecture riscv64
+
+# Fetch the runtime dependencies debs for all architectures
+# We do that by building a recursive list of packages we need to download with `apt-cache depends`
+# and then downloading them with `apt-get download`.
+RUN \
+  --mount=type=cache,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,target=/var/lib/apt,sharing=locked \
+  apt-get update -qq && \
+  apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances --no-pre-depends \
+      curl \
+      gosu \
+      libjpeg62-turbo \
+      libpq5 \
+      libwebp7 \
+      xmlsec1 \
+      libjemalloc2 \
+    | grep '^\w' > /tmp/pkg-list && \
+  for arch in arm64 amd64 riscv64; do \
+    mkdir -p /tmp/debs-${arch} && \
+    chown _apt:root /tmp/debs-${arch} && \
+    cd /tmp/debs-${arch} && \
+    apt-get -o APT::Architecture="${arch}" download $(cat /tmp/pkg-list); \
+  done
+
+# Extract the debs for each architecture
+RUN \
+  for arch in arm64 amd64 riscv64; do \
+    mkdir -p /install-${arch}/var/lib/dpkg/status.d/ && \
+    for deb in /tmp/debs-${arch}/*.deb; do \
+      package_name=$(dpkg-deb -I ${deb} | awk '/^ Package: .*$/ {print $2}'); \
+      echo "Extracting: ${package_name}"; \
+      dpkg --ctrl-tarfile $deb | tar -Ox ./control > /install-${arch}/var/lib/dpkg/status.d/${package_name}; \
+      dpkg --extract $deb /install-${arch}; \
+    done; \
+  done
+
+
+###
+### Stage 3: runtime
+###
+
+FROM docker.io/library/python:${PYTHON_VERSION}-slim-${DEBIAN_VERSION}
+
+ARG TARGETARCH
+
+LABEL org.opencontainers.image.url='https://github.com/element-hq/synapse'
+LABEL org.opencontainers.image.documentation='https://element-hq.github.io/synapse/latest/'
+LABEL org.opencontainers.image.source='https://github.com/element-hq/synapse.git'
+LABEL org.opencontainers.image.licenses='AGPL-3.0-or-later OR LicenseRef-Element-Commercial'
+
+COPY --from=runtime-deps /install-${TARGETARCH}/etc /etc
+COPY --from=runtime-deps /install-${TARGETARCH}/usr /usr
+COPY --from=runtime-deps /install-${TARGETARCH}/var /var
+
+# Copy the installed python packages from the builder stage.
+#
+# uv will generate a `.lock` file when installing packages, which we don't want
+# to copy to the final image.
+COPY --from=builder  --exclude=.lock /install /usr/local
+COPY ./docker/start.py /start.py
+COPY ./docker/conf /conf
+
+EXPOSE 8008/tcp 8009/tcp 8448/tcp
+
+ENTRYPOINT ["/start.py"]
+
+HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \
+  CMD curl -fSs http://localhost:8008/health || exit 1

Dockerfile-sqlite

@@ -0,0 +1,3 @@
+FROM alpine:latest
+RUN apk add --no-cache sqlite
+ENTRYPOINT ["sqlite3"]

Makefile

@@ -1,103 +1,23 @@
-PACKAGE_ID := $(shell awk -F"'" '/id:/ {print $$2}' startos/manifest.ts)
-INGREDIENTS := $(shell start-cli s9pk list-ingredients 2>/dev/null)
 SYNAPSE_ADMIN_VERSION = v0.11.1-etke50
 SYNAPSE_ADMIN_CHECKSUM = c2a6888db6e4ac2766f17be2bc703d284a7e5f6e8af1c1a7fda0af9ae44e06aa
 
-.PHONY: all aarch64 x86_64 riscv64 arm arm64 x86 riscv arch/* clean install check-deps check-init package ingredients
-.DELETE_ON_ERROR:
-.SECONDARY:
+include s9pk.mk
 
-define SUMMARY
-	@manifest=$$(start-cli s9pk inspect $(1) manifest); \
-	size=$$(du -h $(1) | awk '{print $$1}'); \
-	title=$$(printf '%s' "$$manifest" | jq -r .title); \
-	version=$$(printf '%s' "$$manifest" | jq -r .version); \
-	arches=$$(printf '%s' "$$manifest" | jq -r '[.images[].arch // []] | flatten | unique | join(", ")'); \
-	sdkv=$$(printf '%s' "$$manifest" | jq -r .sdkVersion); \
-	gitHash=$$(printf '%s' "$$manifest" | jq -r .gitHash | sed -E 's/(.*-modified)$$/\x1b[0;31m\1\x1b[0m/'); \
-	printf "\n"; \
-	printf "\033[1;32m✅ Build Complete!\033[0m\n"; \
-	printf "\n"; \
-	printf "\033[1;37m📦 $$title\033[0m   \033[36mv$$version\033[0m\n"; \
-	printf "───────────────────────────────\n"; \
-	printf " \033[1;36mFilename:\033[0m   %s\n" "$(1)"; \
-	printf " \033[1;36mSize:\033[0m       %s\n" "$$size"; \
-	printf " \033[1;36mArch:\033[0m       %s\n" "$$arches"; \
-	printf " \033[1;36mSDK:\033[0m        %s\n" "$$sdkv"; \
-	printf " \033[1;36mGit:\033[0m        %s\n" "$$gitHash"; \
-	echo ""
-endef
-
-all: $(PACKAGE_ID).s9pk
-	$(call SUMMARY,$<)
-
-arch/%: $(PACKAGE_ID)_%.s9pk
-	$(call SUMMARY,$<)
-
-x86 x86_64: arch/x86_64
-arm arm64 aarch64: arch/aarch64
-riscv riscv64: arch/riscv64
-
-$(PACKAGE_ID).s9pk: $(INGREDIENTS) .git/HEAD .git/index assets/synapse-admin
-	@$(MAKE) --no-print-directory ingredients
-	@echo "   Packing '$@'..."
-	start-cli s9pk pack -o $@
-
-$(PACKAGE_ID)_%.s9pk: $(INGREDIENTS) .git/HEAD .git/index assets/synapse-admin
-	@$(MAKE) --no-print-directory ingredients
-	@echo "   Packing '$@'..."
-	start-cli s9pk pack --arch=$* -o $@
-
-ingredients: $(INGREDIENTS)
-	@echo "   Re-evaluating ingredients..."
-
-install: | check-deps check-init
-	@HOST=$$(awk -F'/' '/^host:/ {print $$3}' ~/.startos/config.yaml); \
-	if [ -z "$$HOST" ]; then \
-		echo "Error: You must define \"host: http://server-name.local\" in ~/.startos/config.yaml"; \
-		exit 1; \
-	fi; \
-	S9PK=$$(ls -t *.s9pk 2>/dev/null | head -1); \
-	if [ -z "$$S9PK" ]; then \
-		echo "Error: No .s9pk file found. Run 'make' first."; \
-		exit 1; \
-	fi; \
-	printf "\n🚀 Installing %s to %s ...\n" "$$S9PK" "$$HOST"; \
-	start-cli package install -s "$$S9PK"
-
-check-deps:
-	@command -v start-cli >/dev/null || \
-		(echo "Error: start-cli not found. Please see https://docs.start9.com/latest/developer-guide/sdk/installing-the-sdk" && exit 1)
-	@command -v npm >/dev/null || \
-		(echo "Error: npm not found. Please install Node.js and npm." && exit 1)
-
-check-init:
-	@if [ ! -f ~/.startos/developer.key.pem ]; then \
-		echo "Initializing StartOS developer environment..."; \
-		start-cli init-key; \
-	fi
-
-javascript/index.js: $(shell find startos -type f) tsconfig.json node_modules
-	npm run build
-
-node_modules: package-lock.json
-	npm ci
-
-package-lock.json: package.json
-	npm i
+# Add synapse-admin as additional prerequisite for s9pk targets
+$(BASE_NAME).s9pk: assets/synapse-admin
+$(BASE_NAME)_%.s9pk: assets/synapse-admin
 
+# Override clean to also remove synapse-admin artifacts
 clean:
 	@echo "Cleaning up build artifacts..."
 	@rm -rf $(PACKAGE_ID).s9pk $(PACKAGE_ID)_x86_64.s9pk $(PACKAGE_ID)_aarch64.s9pk $(PACKAGE_ID)_riscv64.s9pk javascript assets/synapse-admin tmp node_modules
 
-
-# Custom recipes for synapse
-
+# Custom recipes for synapse-admin
 assets/synapse-admin: tmp/synapse-admin.tar.gz
 	rm -rf assets/synapse-admin
 	tar -xzvf tmp/synapse-admin.tar.gz -C assets
 
 tmp/synapse-admin.tar.gz:
 	mkdir -p tmp
 	(cd tmp && curl --progress-bar -OL https://github.com/etkecc/synapse-admin/releases/download/$(SYNAPSE_ADMIN_VERSION)/synapse-admin.tar.gz)
-	echo "$(SYNAPSE_ADMIN_CHECKSUM)  tmp/synapse-admin.tar.gz" | shasum -a 256 -c
+	echo "$(SYNAPSE_ADMIN_CHECKSUM)  tmp/synapse-admin.tar.gz" | shasum -a 256 -c

package-lock.json

@@ -6,10 +6,10 @@
     "check": "tsc --noEmit"
   },
   "dependencies": {
-    "@start9labs/start-sdk": "^0.4.0-beta.46"
+    "@start9labs/start-sdk": "^0.4.0-beta.48"
   },
   "devDependencies": {
-    "@types/node": "^20.19.27",
+    "@types/node": "^22.19.0",
     "@vercel/ncc": "^0.38.4",
     "prettier": "^3.7.4",
     "typescript": "^5.9.3"