switched build of jupyter-python to hostinger

- added beed dashboard deployment to Cloudflare Pages

.gitea/workflows/build-arch-builder.yaml

@@ -31,7 +31,8 @@ jobs:
           pull: true
           tags: |
             "gitea.woggioni.net/woggioni/arch-builder:base"
-          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/arch-builder:buildx
+          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/arch-builder:base-buildx
+          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/arch-builder:base-buildx          
           target: base
       -
         name: Build and push arch-builder kernel images
@@ -43,7 +44,8 @@ jobs:
           pull: true
           tags: |
             "gitea.woggioni.net/woggioni/arch-builder:kernel"
-          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/arch-builder:buildx
+          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/arch-builder:kernel-buildx
+          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/arch-builder:kernel-buildx          
           target: kernel
       -
         name: Build and push arch-builder rust images
@@ -55,7 +57,8 @@ jobs:
           pull: true
           tags: |
             "gitea.woggioni.net/woggioni/arch-builder:rust"
-          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/arch-builder:buildx
+          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/arch-builder:rust-buildx
+          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/arch-builder:rust-buildx          
           target: rust
       -
         name: Build and push arch-builder rust full images
@@ -67,7 +70,8 @@ jobs:
           pull: true
           tags: |
             "gitea.woggioni.net/woggioni/arch-builder:rust-full"
-          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/arch-builder:buildx
+          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/arch-builder:rust-full-buildx
+          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/arch-builder:rust-full-buildx          
           target: rust-full
       -
         name: Build and push arch-builder gitea_act_runner images
@@ -79,6 +83,6 @@ jobs:
           pull: true
           tags: |
             "gitea.woggioni.net/woggioni/arch-builder:gitea_act_runner"
-          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/arch-builder:buildx
+          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/arch-builder:gitea-buildx
-          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/arch-builder:buildx          
+          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/arch-builder:gitea-buildx          
           target: gitea_act_runner

.gitea/workflows/build-bee-dashboard.yaml

@@ -0,0 +1,60 @@
+name: CI
+on:
+  push:
+    branches: [ master ]
+    paths:
+      - 'bee-dashboard/**'
+      - '.gitea/workflows/build-bee-dashboard.yaml'      
+jobs:
+  "Build & deploy Cloudflare page":
+    runs-on: hostinger
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+        with:
+          path: docker-images
+      - name: Checkout bee-dashboard sources
+        run: /usr/sbin/git clone -b add-redistribution-stats --depth 1 https://github.com/woggioni/bee-dashboard.git src
+      - name: Execute build
+        run: cd src && npm install
+      - name: Copy _headers file
+        run: cp docker-images/bee-dashboard/_headers src/build
+      - name: Deploy to Cloudflare
+        run: npx wrangler pages deploy --project-name bee-dashboard --branch main src/build
+        env:
+          CLOUDFLARE_ACCOUNT_ID: ${{ vars.CLOUDFLARE_ACCOUNT_ID }}
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+  "Build bee-dashboard docker images":
+    runs-on: hostinger
+    steps:
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.4.0
+        with:
+          driver: docker-container
+          platforms: |
+            linux/amd64
+            linux/arm64
+      -
+        name: Login to Gitea container registry
+        uses: docker/login-action@v3
+        with:
+          registry: gitea.woggioni.net
+          username: woggioni
+          password: ${{ secrets.PUBLISHER_TOKEN }}
+      -
+        name: Build and push bee-dashboard images
+        uses: docker/build-push-action@v6
+        with:
+          platforms: |
+            linux/amd64
+            linux/arm64
+          context: "{{defaultContext}}:bee-dashboard"
+          push: true
+          pull: true
+          ssh: default=/home/luser/.ssh/id_ed25519
+          build-args: "VERSION=0.32.0"
+          tags: |
+            "gitea.woggioni.net/woggioni/bee-dashboard:0.32.0"
+          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/bee-dashboard:buildx
+          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/bee-dashboard:buildx          

.gitea/workflows/build-dyndns.yaml

@@ -0,0 +1,41 @@
+name: CI
+on:
+  push:
+    branches: [ master ]
+    paths:
+      - 'dyndns/*'
+      - '.gitea/workflows/build-dyndns.yaml'      
+jobs:
+  "Build dyndns docker images":
+    runs-on: hostinger
+    steps:
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.4.0
+        with:
+          driver: docker-container
+          platforms: |
+            linux/amd64
+            linux/arm64
+      -
+        name: Login to Gitea container registry
+        uses: docker/login-action@v3
+        with:
+          registry: gitea.woggioni.net
+          username: woggioni
+          password: ${{ secrets.PUBLISHER_TOKEN }}
+      -
+        name: Build and push dyndns images
+        uses: docker/build-push-action@v6
+        with:
+          context: "{{defaultContext}}:dyndns"
+          platforms: |
+            linux/amd64
+            linux/arm64
+          push: true
+          pull: true
+          tags: |
+            "gitea.woggioni.net/woggioni/dyndns:latest"
+          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/dyndns:buildx
+          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/dyndns:buildx          
+

.gitea/workflows/build-jupyter-ganymede.yaml

@@ -26,12 +26,12 @@ jobs:
           password: ${{ secrets.PUBLISHER_TOKEN }}
       -
         name: Build and push jupyter-ganymede image
-        uses: docker/build-push-action@v5.3.0
+        uses: docker/build-push-action@v6
         with:
           context: "{{defaultContext}}:jupyter-ganymede"
           platforms: linux/amd64,linux/arm64
           push: true
           pull: true
           tags: gitea.woggioni.net/woggioni/jupyter-ganymede:latest
-          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/jupyter-ganymede:buildx
+          cache-from: type=local,src=/home/luser/.cache/buildx
-          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/jupyter-ganymede:buildx          
+          cache-to: type=local,dest=/home/luser/.cache/buildx,mode=max

.gitea/workflows/build-jupyter-python.yaml

@@ -7,7 +7,7 @@ on:
       - '.gitea/workflows/build-jupyter-python.yaml'      
 jobs:
   "Build Jupyter python Docker images":
-    runs-on: woryzen
+    runs-on: hostinger
     steps:
       -
         name: Set up QEMU

.gitea/workflows/build-jupyterhub.yaml

@@ -6,8 +6,8 @@ on:
       - 'jupyterhub/**'
       - '.gitea/workflows/build-jupyterhub.yaml'      
 jobs:
-  "Build wildfly docker images":
+  "Build jupyterhub docker images":
-    runs-on: hostinger
+    runs-on: woryzen
     steps:
       -
         name: Set up Docker Buildx
@@ -30,8 +30,8 @@ jobs:
           pull: true
           tags: |
             "gitea.woggioni.net/woggioni/jupyterhub:latest"
-            "gitea.woggioni.net/woggioni/jupyterhub:5.2.1"
+            "gitea.woggioni.net/woggioni/jupyterhub:5.3.0"
-          build-args: "VERSION=5.2.1"
+          build-args: "VERSION=5.3.0"
           cache-from: type=registry,ref=gitea.woggioni.net/woggioni/jupyterhub:buildx
           cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/jupyterhub:buildx          
 

.gitea/workflows/build-nginx.yaml

@@ -25,18 +25,44 @@ jobs:
           username: woggioni
           password: ${{ secrets.PUBLISHER_TOKEN }}
       -
-        name: Build and push nginx images
+        name: Build and push nginx vanilla images
         uses: docker/build-push-action@v6
         with:
           context: "{{defaultContext}}:nginx"
           platforms: |
             linux/amd64
+            linux/arm64
           push: true
           pull: true
+          ssh: default=/home/luser/.ssh/id_ed25519
           tags: |
             "gitea.woggioni.net/woggioni/nginx:latest"
-            "gitea.woggioni.net/woggioni/nginx:v1.27.3"
+            "gitea.woggioni.net/woggioni/nginx:v1.29.1"
-          build-args: "VERSION=1.27.3"
+          secrets: |
-          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/nginx:buildx
+            GIT_AUTH_TOKEN.github.com=${{ secrets.GH_ACCESS_TOKEN }}
-          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/nginx:buildx
+          build-args: |
-
+            NGINX_VERSION=1.29.1
+            NGINX_BRANCH=vanilla
+          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/nginx:buildx-vanilla
+          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/nginx:buildx-vanilla
+      -
+        name: Build and push nginx custom images
+        uses: docker/build-push-action@v6
+        with:
+          context: "{{defaultContext}}:nginx"
+          platforms: |
+            linux/amd64
+            linux/arm64
+          push: true
+          pull: true
+          ssh: default=/home/luser/.ssh/id_ed25519
+          tags: |
+            "gitea.woggioni.net/woggioni/nginx:woggioni"
+            "gitea.woggioni.net/woggioni/nginx:v1.29.1-woggioni"
+          secrets: |
+            GIT_AUTH_TOKEN.github.com=${{ secrets.GH_ACCESS_TOKEN }}
+          build-args: |
+            NGINX_VERSION=1.29.1
+            NGINX_BRANCH=woggioni
+          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/nginx:buildx-woggioni
+          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/nginx:buildx-woggioni

.gitea/workflows/build-pgvector.yaml

@@ -30,8 +30,8 @@ jobs:
           pull: true
           tags: |
             "gitea.woggioni.net/woggioni/pgvector:latest"
-            "gitea.woggioni.net/woggioni/pgvector:0.8.0-pg16"
+            "gitea.woggioni.net/woggioni/pgvector:0.8.0-pg17"
-          build-args: "PG_VERSION=16"
+          build-args: "PG_VERSION=17"
           cache-from: type=registry,ref=gitea.woggioni.net/woggioni/pgvector:buildx
           cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/pgvector:buildx          
 

.gitea/workflows/build-rlevtree.yaml

@@ -0,0 +1,43 @@
+name: CI
+on:
+  push:
+    branches: [ master ]
+    paths:
+      - 'rlevtree/*'
+      - '.gitea/workflows/build-rlevtree.yaml'      
+jobs:
+  "Build rlevtree docker images":
+    runs-on: woryzen
+    steps:
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.4.0
+        with:
+          driver: docker-container
+          platforms: |
+            wasm/wasm
+            linux/amd64
+            linux/arm64
+      -
+        name: Login to Gitea container registry
+        uses: docker/login-action@v3
+        with:
+          registry: gitea.woggioni.net
+          username: woggioni
+          password: ${{ secrets.PUBLISHER_TOKEN }}
+      -
+        name: Build and push sserver-rust images
+        uses: docker/build-push-action@v6
+        with:
+          context: "{{defaultContext}}:rlevtree"
+          platforms: |
+            wasm/wasm
+            linux/amd64
+            linux/arm64
+          push: true
+          pull: true
+          tags: |
+            "gitea.woggioni.net/woggioni/rlevtree:latest"
+          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/rlevtree:buildx
+          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/rlevtree:buildx          
+

.gitea/workflows/build-shadowsocks-rust.yaml

@@ -7,7 +7,7 @@ on:
       - '.gitea/workflows/build-shadowsocks-rust.yaml'      
 jobs:
   "Build shadowsocks-rust docker images":
-    runs-on: hostinger
+    runs-on: woryzen
     steps:
       -
         name: Set up Docker Buildx
@@ -36,8 +36,8 @@ jobs:
           pull: true
           tags: |
             "gitea.woggioni.net/woggioni/sserver-rust:latest"
-            "gitea.woggioni.net/woggioni/sserver-rust:v1.23.0"
+            "gitea.woggioni.net/woggioni/sserver-rust:v1.23.5"
-          build-args: "VERSION=1.23.0"
+          build-args: "VERSION=1.23.5"
           cache-from: type=registry,ref=gitea.woggioni.net/woggioni/sserver-rust:buildx
           cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/sserver-rust:buildx          
 

.gitea/workflows/build-swarm-cli.yaml

@@ -0,0 +1,41 @@
+name: CI
+on:
+  push:
+    branches: [ master ]
+    paths:
+      - 'swarm-cli/*'
+      - '.gitea/workflows/build-swarm-cli.yaml'      
+jobs:
+  "Build swarm-cli docker images":
+    runs-on: woryzen
+    steps:
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.4.0
+        with:
+          driver: docker-container
+          platforms: |
+            linux/amd64
+            linux/arm64
+      -
+        name: Login to Gitea container registry
+        uses: docker/login-action@v3
+        with:
+          registry: gitea.woggioni.net
+          username: woggioni
+          password: ${{ secrets.PUBLISHER_TOKEN }}
+      -
+        name: Build and push swarm-cli images
+        uses: docker/build-push-action@v6
+        with:
+          context: "{{defaultContext}}:swarm-cli"
+          platforms: |
+            linux/amd64
+            linux/arm64
+          push: true
+          pull: true
+          tags: |
+            "gitea.woggioni.net/woggioni/swarm-cli:latest"
+          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/swarm-cli:buildx
+          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/swarm-cli:buildx          
+

.gitea/workflows/build-wildfly.yaml

@@ -7,7 +7,7 @@ on:
       - '.gitea/workflows/build-wildfly.yaml'      
 jobs:
   "Build wildfly docker images":
-    runs-on: woryzen
+    runs-on: hostinger
     steps:
       -
         name: Set up Docker Buildx
@@ -22,7 +22,7 @@ jobs:
           username: woggioni
           password: ${{ secrets.PUBLISHER_TOKEN }}
       -
-        name: Build and push jenkins-agent images
+        name: Build and push wildfly images
         uses: docker/build-push-action@v6
         with:
           context: "{{defaultContext}}:wildfly"
@@ -30,8 +30,8 @@ jobs:
           pull: true
           tags: |
             "gitea.woggioni.net/woggioni/wildfly:latest"
-            "gitea.woggioni.net/woggioni/wildfly:33.0.1"
+            "gitea.woggioni.net/woggioni/wildfly:37.0.1"
-          build-args: "VERSION=33.0.1"
+          build-args: "VERSION=37.0.1"
           cache-from: type=registry,ref=gitea.woggioni.net/woggioni/wildfly:buildx
           cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/wildfly:buildx          
 

.gitea/workflows/build-xmrig.yaml

@@ -0,0 +1,38 @@
+name: CI
+on:
+  push:
+    branches: [ master ]
+    paths:
+      - 'xmrig/**'
+      - '.gitea/workflows/build-xmrig.yaml'      
+jobs:
+  "Build xmrig docker images":
+    runs-on: woryzen
+    steps:
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.4.0
+        with:
+          driver: docker-container
+      -
+        name: Login to Gitea container registry
+        uses: docker/login-action@v3
+        with:
+          registry: gitea.woggioni.net
+          username: woggioni
+          password: ${{ secrets.PUBLISHER_TOKEN }}
+      -
+        name: Build and push xmrig images
+        uses: docker/build-push-action@v6
+        with:
+          context: "{{defaultContext}}:xmrig"
+          push: true
+          pull: true
+          ssh: default=/home/luser/.ssh/id_ed25519
+          tags: |
+            "gitea.woggioni.net/woggioni/xmrig:latest"
+            "gitea.woggioni.net/woggioni/xmrig:6.24.0"
+          build-args: "VERSION=6.24.0"
+          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/xmrig:buildx
+          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/xmrig:buildx          
+

arch-builder/Dockerfile

@@ -95,7 +95,9 @@ RUN --mount=type=cache,target=/var/cache/pacman pacman -S --noconfirm --needed \
     protobuf     
 USER luser
 WORKDIR /home/luser
+RUN rustup update
 RUN rustup toolchain install stable-x86_64-unknown-linux-gnu --profile minimal
+RUN rustup component add rustfmt
 RUN rustup target add \
     x86_64-unknown-linux-musl \
     x86_64-unknown-linux-gnu \
@@ -107,11 +109,29 @@ RUN rustup target add \
     wasm32-wasip2
 
 FROM base AS gitea_act_runner
-RUN --mount=type=cache,target=/var/cache/pacman pacman -S --noconfirm --needed nodejs npm docker docker-buildx btrfs-progs hidapi protobuf rustup llvm clang
-RUN --mount=type=cache,target=/var/cache/pacman pacman -S --noconfirm --needed gitea-act-runner jdk21-graalvm-bin jdk23-graalvm-bin jdk21-graalvm-ce-bin jdk23-graalvm-ce-bin
 RUN --mount=type=bind,source=woggioni.net.ca.pem,target=/root.pem trust anchor root.pem
+RUN --mount=type=cache,target=/var/cache/pacman pacman -S --noconfirm --needed nodejs npm docker docker-buildx btrfs-progs hidapi protobuf rustup llvm clang trunk emscripten sccache
+RUN --mount=type=cache,target=/var/cache/pacman pacman -S --noconfirm --needed gitea-act-runner jdk21-graalvm-bin jdk23-graalvm-bin jdk21-graalvm-ce-bin jdk23-graalvm-ce-bin
 RUN usermod -a luser -G docker
 USER luser
-ENV PATH="/home/luser/.local/bin:/home/luser/.cargo/bin:${PATH}"
 WORKDIR /home/luser
+COPY --chown=1000:1000 config.toml /home/luser/.cargo/config.toml
+COPY --chown=1000:1000 sccache_config.toml /home/luser/.config/sccache/config
+RUN rustup update
+RUN rustup toolchain install stable-x86_64-unknown-linux-gnu --profile minimal
+RUN rustup component add rustfmt
+RUN rustup component add clippy
+RUN rustup target add \
+    x86_64-unknown-linux-musl \
+    x86_64-unknown-linux-gnu \
+    armv7-unknown-linux-musleabihf \
+    arm-unknown-linux-musleabi \
+    aarch64-unknown-linux-musl \
+    aarch64-unknown-linux-gnu \
+    wasm32-unknown-unknown \
+    wasm32-wasip2
+RUN cargo install worker-build
+RUN cargo install wasm-bindgen-cli
+RUN npm install -D wrangler
+ENV PATH="/home/luser/.local/bin:/home/luser/.cargo/bin:${PATH}"
 CMD ["/usr/lib/gitea/act_runner/act_runner", "daemon", "--config", "/var/lib/gitea/act_runner.yaml"]

arch-builder/config.toml

@@ -20,4 +20,4 @@ lto = true
 strip = true
 
 [build]
-rustc-wrapper = "/usr/sbin/sccache"
+rustc-wrapper = "/usr/bin/sccache"

arch-builder/makepkg/makepkg-aarch64.conf

@@ -49,7 +49,7 @@ LTOFLAGS="-flto=auto"
 
 #RUSTFLAGS="-C opt-level=2"
 #-- Make Flags: change this for DistCC/SMP systems
-MAKEFLAGS="-j4"
+MAKEFLAGS="--jobs=$(nproc)"
 #-- Debugging flags
 DEBUG_CFLAGS="-g -fvar-tracking-assignments"
 DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"

arch-builder/makepkg/makepkg-armv7h.conf

@@ -46,7 +46,7 @@ LTOFLAGS="-flto=auto"
 
 #RUSTFLAGS="-C opt-level=2"
 #-- Make Flags: change this for DistCC/SMP systems
-MAKEFLAGS="-j4"
+MAKEFLAGS="--jobs=$(nproc)"
 #-- Debugging flags
 DEBUG_CFLAGS="-g -fvar-tracking-assignments"
 DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"

arch-builder/makepkg/makepkg-atom.conf

@@ -0,0 +1,153 @@
+#!/hint/bash
+#
+# /etc/makepkg.conf
+#
+
+#########################################################################
+# SOURCE ACQUISITION
+#########################################################################
+#
+#-- The download utilities that makepkg should use to acquire sources
+#  Format: 'protocol::agent'
+DLAGENTS=('file::/usr/bin/curl -gqC - -o %o %u'
+          'ftp::/usr/bin/curl -gqfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
+          'http::/usr/bin/curl -gqb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
+          'https::/usr/bin/curl -gqb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
+          'rsync::/usr/bin/rsync --no-motd -z %u %o'
+          'scp::/usr/bin/scp -C %u %o')
+
+# Other common tools:
+# /usr/bin/snarf
+# /usr/bin/lftpget -c
+# /usr/bin/wget
+
+#-- The package required by makepkg to download VCS sources
+#  Format: 'protocol::package'
+VCSCLIENTS=('bzr::bzr'
+            'git::git'
+            'hg::mercurial'
+            'svn::subversion')
+
+#########################################################################
+# ARCHITECTURE, COMPILE FLAGS
+#########################################################################
+#
+CARCH="x86_64"
+CHOST="x86_64-pc-linux-gnu"
+
+#-- Compiler and Linker Flags
+#CPPFLAGS=""
+CFLAGS="-march=atom -mtune=atom -O3 -pipe -fno-plt -fexceptions \
+        -Wp,-D_FORTIFY_SOURCE=2,-D_GLIBCXX_ASSERTIONS \
+        -Wformat -Werror=format-security \
+        -fstack-clash-protection -fcf-protection"
+CXXFLAGS="$CFLAGS"
+LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro -Wl,-z,now \
+         -Wl,-z,pack-relative-relocs"
+LTOFLAGS="-flto=auto"
+
+#RUSTFLAGS="-C opt-level=2"
+#-- Make Flags: change this for DistCC/SMP systems
+MAKEFLAGS="--jobs=$(nproc)"
+#-- Debugging flags
+DEBUG_CFLAGS="-g -fvar-tracking-assignments"
+DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"
+#DEBUG_RUSTFLAGS="-C debuginfo=2"
+
+#########################################################################
+# BUILD ENVIRONMENT
+#########################################################################
+#
+# Defaults: BUILDENV=(!distcc !color !ccache check !sign)
+#  A negated environment option will do the opposite of the comments below.
+#
+#-- distcc:   Use the Distributed C/C++/ObjC compiler
+#-- color:    Colorize output messages
+#-- ccache:   Use ccache to cache compilation
+#-- check:    Run the check() function if present in the PKGBUILD
+#-- sign:     Generate PGP signature file
+#
+BUILDENV=(!distcc color ccache check !sign)
+#
+#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
+#-- specify a space-delimited list of hosts running in the DistCC cluster.
+#DISTCC_HOSTS=""
+#
+#-- Specify a directory for package building.
+#BUILDDIR=/tmp/makepkg
+
+#########################################################################
+# GLOBAL PACKAGE OPTIONS
+#   These are default values for the options=() settings
+#########################################################################
+#
+# Default: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug)
+#  A negated option will do the opposite of the comments below.
+#
+#-- strip:      Strip symbols from binaries/libraries
+#-- docs:       Save doc directories specified by DOC_DIRS
+#-- libtool:    Leave libtool (.la) files in packages
+#-- staticlibs: Leave static library (.a) files in packages
+#-- emptydirs:  Leave empty directories in packages
+#-- zipman:     Compress manual (man and info) pages in MAN_DIRS with gzip
+#-- purge:      Remove files specified by PURGE_TARGETS
+#-- debug:      Add debugging flags as specified in DEBUG_* variables
+#
+OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug lto)
+
+#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
+INTEGRITY_CHECK=(md5)
+#-- Options to be used when stripping binaries. See `man strip' for details.
+STRIP_BINARIES="--strip-all"
+#-- Options to be used when stripping shared libraries. See `man strip' for details.
+STRIP_SHARED="--strip-unneeded"
+#-- Options to be used when stripping static libraries. See `man strip' for details.
+STRIP_STATIC="--strip-debug"
+#-- Manual (man and info) directories to compress (if zipman is specified)
+MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
+#-- Doc directories to remove (if !docs is specified)
+DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
+#-- Files to be removed from all packages (if purge is specified)
+PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
+#-- Directory to store source code in for debug packages
+DBGSRCDIR="/usr/src/debug"
+
+#########################################################################
+# PACKAGE OUTPUT
+#########################################################################
+#
+# Default: put built package and cached source in build directory
+#
+#-- Destination: specify a fixed directory where all packages will be placed
+#PKGDEST=/home/packages
+#-- Source cache: specify a fixed directory where source files will be cached
+#SRCDEST=/home/sources
+#-- Source packages: specify a fixed directory where all src packages will be placed
+#SRCPKGDEST=/home/srcpackages
+#-- Log files: specify a fixed directory where all log files will be placed
+#LOGDEST=/home/makepkglogs
+#-- Packager: name/email of the person or organization building packages
+#PACKAGER="John Doe <john@doe.com>"
+#-- Specify a key to use for package signing
+#GPGKEY=""
+
+#########################################################################
+# COMPRESSION DEFAULTS
+#########################################################################
+#
+COMPRESSGZ=(gzip -c -f -n)
+COMPRESSBZ2=(bzip2 -c -f)
+COMPRESSXZ=(xz -9 -c -z -)
+COMPRESSZST=(zstd -14 -c -T0 -)
+COMPRESSLRZ=(lrzip -q)
+COMPRESSLZO=(lzop -q)
+COMPRESSZ=(compress -c -f)
+COMPRESSLZ4=(lz4 -q)
+COMPRESSLZ=(lzip -c -f)
+
+#########################################################################
+# EXTENSION DEFAULTS
+#########################################################################
+#
+PKGEXT='.pkg.tar.zst'
+SRCEXT='.src.tar.gz'

arch-builder/makepkg/makepkg-goldmont.conf

@@ -48,7 +48,7 @@ LTOFLAGS="-flto=auto"
 
 #RUSTFLAGS="-C opt-level=2"
 #-- Make Flags: change this for DistCC/SMP systems
-MAKEFLAGS="-j4"
+MAKEFLAGS="--jobs=$(nproc)"
 #-- Debugging flags
 DEBUG_CFLAGS="-g -fvar-tracking-assignments"
 DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"

arch-builder/makepkg/makepkg-native.conf

@@ -44,7 +44,7 @@ LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro -Wl,-z,now \
 LTOFLAGS="-flto=auto"
 
 #-- Make Flags: change this for DistCC/SMP systems
-MAKEFLAGS="-j4"
+MAKEFLAGS="--jobs=$(nproc)"
 #-- Debugging flags
 DEBUG_CFLAGS="-g -fvar-tracking-assignments"
 DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"

arch-builder/makepkg/makepkg-sandybridge.conf

@@ -48,7 +48,7 @@ LTOFLAGS="-flto=auto"
 
 #RUSTFLAGS="-C opt-level=2"
 #-- Make Flags: change this for DistCC/SMP systems
-MAKEFLAGS="-j4"
+MAKEFLAGS="--jobs=$(nproc)"
 #-- Debugging flags
 DEBUG_CFLAGS="-g -fvar-tracking-assignments"
 DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"

arch-builder/makepkg/makepkg-silvermont.conf

@@ -48,7 +48,7 @@ LTOFLAGS="-flto=auto"
 
 #RUSTFLAGS="-C opt-level=2"
 #-- Make Flags: change this for DistCC/SMP systems
-MAKEFLAGS="-j4"
+MAKEFLAGS="--jobs=$(nproc)"
 #-- Debugging flags
 DEBUG_CFLAGS="-g -fvar-tracking-assignments"
 DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"

arch-builder/makepkg/makepkg-skylake.conf

@@ -48,7 +48,7 @@ LTOFLAGS="-flto=auto"
 
 #RUSTFLAGS="-C opt-level=2"
 #-- Make Flags: change this for DistCC/SMP systems
-MAKEFLAGS="-j4"
+MAKEFLAGS="--jobs=$(nproc)"
 #-- Debugging flags
 DEBUG_CFLAGS="-g -fvar-tracking-assignments"
 DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"

arch-builder/makepkg/makepkg-tigerlake.conf

@@ -48,7 +48,7 @@ LTOFLAGS="-flto=auto"
 
 #RUSTFLAGS="-C opt-level=2"
 #-- Make Flags: change this for DistCC/SMP systems
-MAKEFLAGS="-j4"
+MAKEFLAGS="--jobs=$(nproc)"
 #-- Debugging flags
 DEBUG_CFLAGS="-g -fvar-tracking-assignments"
 DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"

arch-builder/makepkg/makepkg-znver1.conf

@@ -48,7 +48,8 @@ LTOFLAGS="-flto=auto"
 
 #RUSTFLAGS="-C opt-level=2"
 #-- Make Flags: change this for DistCC/SMP systems
-MAKEFLAGS="-j4"
+MAKEFLAGS="--jobs=$(nproc)"
+
 #-- Debugging flags
 DEBUG_CFLAGS="-g -fvar-tracking-assignments"
 DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"

arch-builder/makepkg/makepkg-znver2.conf

@@ -48,7 +48,7 @@ LTOFLAGS="-flto=auto"
 
 #RUSTFLAGS="-C opt-level=2"
 #-- Make Flags: change this for DistCC/SMP systems
-MAKEFLAGS="-j4"
+MAKEFLAGS="--jobs=$(nproc)"
 #-- Debugging flags
 DEBUG_CFLAGS="-g -fvar-tracking-assignments"
 DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"

arch-builder/makepkg/makepkg-znver3.conf

@@ -48,7 +48,8 @@ LTOFLAGS="-flto=auto"
 
 #RUSTFLAGS="-C opt-level=2"
 #-- Make Flags: change this for DistCC/SMP systems
-MAKEFLAGS="-j4"
+MAKEFLAGS="--jobs=$(nproc)"
+
 #-- Debugging flags
 DEBUG_CFLAGS="-g -fvar-tracking-assignments"
 DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"

arch-builder/makepkg/makepkg-znver5.conf

@@ -48,7 +48,7 @@ LTOFLAGS="-flto=auto"
 
 #RUSTFLAGS="-C opt-level=2"
 #-- Make Flags: change this for DistCC/SMP systems
-MAKEFLAGS="-j4"
+MAKEFLAGS="--jobs=$(nproc)"
 #-- Debugging flags
 DEBUG_CFLAGS="-g -fvar-tracking-assignments"
 DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"

arch-builder/makepkg/makepkg.conf

@@ -46,7 +46,7 @@ LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro -Wl,-z,now \
          -Wl,-z,pack-relative-relocs"
 LTOFLAGS="-flto=auto"
 #-- Make Flags: change this for DistCC/SMP systems
-MAKEFLAGS="-j4"
+MAKEFLAGS="--jobs=$(nproc)"
 #-- Debugging flags
 DEBUG_CFLAGS="-g -fvar-tracking-assignments"
 DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"

bee-dashboard/Dockerfile

@@ -0,0 +1,14 @@
+FROM alpine:3.22 AS base
+RUN --mount=type=cache,target=/var/cache/apk apk add nodejs npm
+
+FROM base AS build
+ARG VERSION
+RUN --mount=type=cache,target=/var/cache/apk apk add chromium
+WORKDIR /src
+#ADD git@github.com:ethersphere/bee-dashboard.git#v${VERSION} .
+ADD git@github.com:woggioni/bee-dashboard.git#add-redistribution-stats .
+RUN PUPPETEER_SKIP_DOWNLOAD=1 npm install
+
+FROM gitea.woggioni.net/woggioni/nginx:v1.29.1 AS final
+COPY --from=build /src/build /srv/http
+COPY bee-dashboard.conf /etc/nginx/conf.d/bee-dashboard.conf

bee-dashboard/_headers

@@ -0,0 +1,2 @@
+/*
+  Content-Security-Policy: default-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' http://localhost:1633 https://xdai.fairdatasociety.org https://rpc.gnosis.gateway.fm https://rpc.gnosischain.com https://rpc.ankr.com;

bee-dashboard/bee-dashboard.conf

@@ -0,0 +1,7 @@
+server {
+    listen 8080;
+    root   /srv/http;    
+    location / {
+    }
+}
+

dyndns/Dockerfile

@@ -0,0 +1,12 @@
+FROM alpine:3.22
+
+RUN --mount=type=cache,target=/var/cache/apk apk add python3 pipx
+RUN addgroup -S dyndns
+RUN adduser -D -S -h /var/lib/dyndns -G dyndns dyndns
+
+ADD --chown=dyndns:dyndns pip.conf /var/lib/dyndns/.pip/pip.conf
+
+USER dyndns
+WORKDIR /var/lib/dyndns
+RUN pipx install wdyndns
+ENV PATH="/var/lib/dyndns/.local/bin:$PATH"

dyndns/pip.conf

@@ -0,0 +1,3 @@
+[global]
+index-url = https://gitea.woggioni.net/api/packages/woggioni/pypi/simple
+extra-index-url = https://pypi.org/simple

jupyter-ganymede/Dockerfile

@@ -1,25 +1,40 @@
-FROM alpine:3.19 AS build
+FROM alpine:3.21 AS build-base
 RUN --mount=type=cache,target=/var/cache/apk/,sharing=locked \
     apk update &&\
-    apk add python3 python3-dev openjdk21-jre pipx gcc g++ musl-dev linux-headers which curl libffi-dev
+    apk add python3 python3-dev pipx gcc g++ musl-dev linux-headers which curl libffi-dev git
-RUN curl -O https://repo1.maven.org/maven2/dev/hcf/ganymede/ganymede/2.1.2.20230910/ganymede-2.1.2.20230910.jar
 RUN adduser jovyan -u 1000 --system -s /bin/sh -h /home/jovyan
+
+FROM build-base AS java-build
+RUN --mount=type=cache,target=/var/cache/apk/,sharing=locked \
+    apk add openjdk11-jdk  maven
+USER jovyan
+WORKDIR /home/jovyan
+#RUN curl -O https://repo1.maven.org/maven2/dev/hcf/ganymede/ganymede/2.1.2.20230910/ganymede-2.1.2.20230910.jar
+#ADD --chown=jovyan:jovyan https://github.com/allen-ball/ganymede.git ganymede
+RUN git clone https://github.com/allen-ball/ganymede.git ganymede
+WORKDIR /home/jovyan/ganymede
+RUN --mount=type=cache,target=/home/jovyan/.m2/,uid=1000,gid=1000,sharing=locked mvn -Dmaven.test.skip=true -q package
+    
+FROM build-base AS python-build
+RUN --mount=type=cache,target=/var/cache/apk/,sharing=locked \
+    apk add openjdk21-jre
 USER jovyan
 WORKDIR /home/jovyan
 RUN python -m venv venv
-RUN venv/bin/pip install jupyter-core
+RUN --mount=type=cache,target=/home/jovyan/.cache/pip,uid=1000,gid=1000 venv/bin/pip install jupyter-core
-RUN venv/bin/pip install notebook==5.7.16
+RUN --mount=type=cache,target=/home/jovyan/.cache/pip,uid=1000,gid=1000 venv/bin/pip install notebook jupyterlab
 ENV PATH="/home/jovyan/venv/bin/:$PATH"
-RUN java -jar /ganymede-2.1.2.20230910.jar -i --copy-jar=true
+RUN --mount=type=bind,from=java-build,src=/home/jovyan/ganymede/ganymede/target/ganymede-2.1.3-SNAPSHOT.jar,target=/home/jovyan/ganymede.jar\
-RUN venv/bin/pip install jupyterhub
+    java -jar /home/jovyan/ganymede.jar -i --copy-jar=true
+RUN --mount=type=cache,target=/home/jovyan/.cache/pip,uid=1000,gid=1000 venv/bin/pip install jupyterhub
 
-FROM alpine:3.19
+FROM alpine:3.21
 RUN --mount=type=cache,target=/var/cache/apk/,sharing=locked \
     apk update &&\
     apk add python3 openjdk21-jre
 RUN adduser jovyan -u 1000 --system -s /bin/sh -h /home/jovyan
 USER jovyan
-COPY --from=build /home/jovyan /home/jovyan
+COPY --from=python-build /home/jovyan /home/jovyan
 COPY jupyter_server_config.py docker_healthcheck.py /etc/jupyter/
 COPY start-notebook.py start-singleuser.py /usr/local/bin/
 RUN mkdir /home/jovyan/work

jupyter-python/Dockerfile

@@ -2,7 +2,7 @@ FROM debian:stable AS build
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     --mount=type=cache,target=/var/lib/apt,sharing=locked \
     apt update &&\
-    apt install -y python3 python3-dev pipx gcc g++ libffi-dev cargo cmake autoconf swig ninja-build patchelf meson python3-faiss
+    apt install -y python3 python3-dev pipx gcc g++ libffi-dev cargo cmake autoconf swig ninja-build patchelf meson python3-faiss adduser
 RUN adduser -u 1000 --system --shell /bin/sh --home /home/jovyan jovyan
 USER jovyan
 WORKDIR /home/jovyan
@@ -29,7 +29,7 @@ FROM debian:stable
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     --mount=type=cache,target=/var/lib/apt,sharing=locked \
     apt update &&\
-    apt install -y python3
+    apt install -y python3 adduser
 RUN adduser -u 1000 --system --shell /bin/sh --home /home/jovyan jovyan
 USER jovyan
 COPY --from=build /home/jovyan /home/jovyan

nginx/Dockerfile

@@ -1,60 +1,11 @@
-FROM alpine:latest
+ARG NGINX_BRANCH=vanilla
-ARG VERSION
+FROM alpine:latest AS base
-ENV NGINX_VERSION=${VERSION}
+
-RUN GPG_KEYS=D6786CE303D9A9022998DC6CC8464D549AF75C0A \
+FROM alpine:latest AS build_stage_1
-	&& CONFIG="\
+ARG NGINX_VERSION LIBRESSL_VERSION=4.1.0
-		--prefix=/etc/nginx \
+ENV NGINX_VERSION=${NGINX_VERSION}
-		--sbin-path=/usr/sbin/nginx \
+RUN --mount=type=cache,target=/var/cache/apk apk update
-		--modules-path=/usr/lib/nginx/modules \
+RUN --mount=type=cache,target=/var/cache/apk apk add \
-		--conf-path=/etc/nginx/nginx.conf \
-		--error-log-path=/var/log/nginx/error.log \
-		--http-log-path=/var/log/nginx/access.log \
-		--pid-path=/var/run/nginx.pid \
-		--lock-path=/var/run/nginx.lock \
-		--http-client-body-temp-path=/var/cache/nginx/client_temp \
-		--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
-		--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
-		--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
-		--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
-		--user=nginx \
-		--group=nginx \
-		--with-http_ssl_module \
-		--with-http_realip_module \
-		--with-http_addition_module \
-		--with-http_sub_module \
-		--with-http_dav_module \
-		--with-http_flv_module \
-		--with-http_mp4_module \
-		--with-http_gunzip_module \
-		--with-http_gzip_static_module \
-		--with-http_random_index_module \
-		--with-http_secure_link_module \
-		--with-http_stub_status_module \
-		--with-http_auth_request_module \
-		--with-http_xslt_module=dynamic \
-		--with-http_image_filter_module=dynamic \
-		--with-http_geoip_module=dynamic \
-		--with-http_perl_module=dynamic \
-		--with-threads \
-		--with-stream \
-		--with-stream_ssl_module \
-		--with-stream_ssl_preread_module \
-		--with-stream_realip_module \
-		--with-stream_geoip_module=dynamic \
-		--with-http_slice_module \
-		--with-mail \
-		--with-mail_ssl_module \
-		--with-compat \
-		--with-file-aio \
-		--with-http_v2_module \
-		--with-http_v3_module \
-		--add-dynamic-module=/usr/src/ngx_headers_more \
-		--add-dynamic-module=/usr/src/ngx_brotli \
-		--add-dynamic-module=/usr/src/njs/nginx \
-	" \
-	&& addgroup -S nginx \
-	&& adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
-	&& apk add --no-cache --virtual .build-deps \
 	autoconf \
 	automake \
 	bind-tools \
@@ -76,6 +27,7 @@ RUN GPG_KEYS=D6786CE303D9A9022998DC6CC8464D549AF75C0A \
 	libxslt-dev \
 	linux-headers \
 	make \
+	ninja \
 	pcre \
 	pcre-dev \
 	perl-dev \
@@ -84,101 +36,74 @@ RUN GPG_KEYS=D6786CE303D9A9022998DC6CC8464D549AF75C0A \
 	tzdata \
 	zlib \
 	zlib-dev \
-		mercurial \
+	mercurial
-	&& curl -fSL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz -o nginx-${NGINX_VERSION}.tar.gz \
+RUN adduser -D luser
-	&& curl -fSL https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz.asc  -o nginx-${NGINX_VERSION}.tar.gz.asc \
+USER luser
-	&& export GNUPGHOME="$(mktemp -d)" \
+WORKDIR /home/luser
-	&& found=''; \
-	for server in \
-		ha.pool.sks-keyservers.net \
-		hkp://keyserver.ubuntu.com:80 \
-		hkp://p80.pool.sks-keyservers.net:80 \
-		pgp.mit.edu \
-	; do \
-		echo "Fetching GPG key $GPG_KEYS from $server"; \
-		gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
-	done; \
-	test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
-	gpg --batch --verify nginx-${NGINX_VERSION}.tar.gz.asc nginx-${NGINX_VERSION}.tar.gz \
-	&& mkdir -p /usr/src \
-	&& tar -zxC /usr/src -f nginx-${NGINX_VERSION}.tar.gz \
-	&& rm nginx-${NGINX_VERSION}.tar.gz \
-	&& rm -rf "$GNUPGHOME" nginx-${NGINX_VERSION}.tar.gz.asc \
-	&& git clone --depth=1 --recurse-submodules https://github.com/google/ngx_brotli /usr/src/ngx_brotli \
-	&& git clone --depth=1 https://github.com/openresty/headers-more-nginx-module /usr/src/ngx_headers_more \
-	&& hg clone http://hg.nginx.org/njs /usr/src/njs \
-	&& (git clone https://boringssl.googlesource.com/boringssl /usr/src/boringssl \
-		&& cd /usr/src/boringssl && git checkout --force --quiet e648990 \
-		&& (grep -qxF 'SET_TARGET_PROPERTIES(crypto PROPERTIES SOVERSION 1)' /usr/src/boringssl/crypto/CMakeLists.txt || echo -e '\nSET_TARGET_PROPERTIES(crypto PROPERTIES SOVERSION 1)' >> /usr/src/boringssl/crypto/CMakeLists.txt) \
-		&& (grep -qxF 'SET_TARGET_PROPERTIES(ssl PROPERTIES SOVERSION 1)' /usr/src/boringssl/ssl/CMakeLists.txt || echo -e '\nSET_TARGET_PROPERTIES(ssl PROPERTIES SOVERSION 1)' >> /usr/src/boringssl/ssl/CMakeLists.txt) \
-		&& mkdir -p /usr/src/boringssl/build \
-		&& cmake -B/usr/src/boringssl/build -S/usr/src/boringssl -DCMAKE_BUILD_TYPE=RelWithDebInfo \
-		&& make -C/usr/src/boringssl/build -j$(getconf _NPROCESSORS_ONLN) \
-	   ) \
-	&& cd /usr/src/nginx-${NGINX_VERSION} \
-	&& curl -fSL https://raw.githubusercontent.com/nginx-modules/ngx_http_tls_dyn_size/master/nginx__dynamic_tls_records_1.27.2%2B.patch -o dynamic_tls_records.patch \
-	&& patch -p1 < dynamic_tls_records.patch \
-	&& ./configure $CONFIG --with-debug --with-cc-opt="-I/usr/src/boringssl/include" --with-ld-opt="-L/usr/src/boringssl/build/ssl -L/usr/src/boringssl/build/crypto" \
-	&& make -j$(getconf _NPROCESSORS_ONLN) \
-	&& mv objs/nginx objs/nginx-debug \
-	&& mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \
-	&& mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \
-	&& mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \
-	&& mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \
-	&& mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \
-	&& ./configure $CONFIG --with-cc-opt="-I/usr/src/boringssl/include" --with-ld-opt="-L/usr/src/boringssl/build/ssl -L/usr/src/boringssl/build/crypto" \
-	&& make -j$(getconf _NPROCESSORS_ONLN) \
-	&& make install \
-	&& rm -rf /etc/nginx/html/ \
-	&& mkdir /etc/nginx/conf.d/ \
-	&& mkdir -p /usr/share/nginx/html/ \
-	&& install -m644 html/index.html /usr/share/nginx/html/ \
-	&& install -m644 html/50x.html /usr/share/nginx/html/ \
-	&& install -m755 objs/nginx-debug /usr/sbin/nginx-debug \
-	&& install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \
-	&& install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \
-	&& install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \
-	&& install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \
-	&& install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \
-	&& ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \
-	&& strip /usr/sbin/nginx* \
-	&& strip /usr/lib/nginx/modules/*.so \
-	&& rm -rf /usr/src/nginx-${NGINX_VERSION} \
-	&& rm -rf /usr/src/boringssl /usr/src/ngx_* /usr/src/njs \
-	\
-	# Bring in gettext so we can get `envsubst`, then throw
-	# the rest away. To do this, we need to install `gettext`
-	# then move `envsubst` out of the way so `gettext` can
-	# be deleted completely, then move `envsubst` back.
-	&& apk add --no-cache --virtual .gettext gettext \
-	&& mv /usr/bin/envsubst /tmp/ \
-	\
-	&& runDeps="$( \
-		scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \
-			| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
-			| sort -u \
-			| xargs -r apk info --installed \
-			| sort -u \
-	) tzdata ca-certificates" \
-	&& apk add --no-cache --virtual .nginx-rundeps $runDeps \
-	&& apk del .build-deps \
-	&& apk del .gettext \
-	&& mv /tmp/envsubst /usr/local/bin/ \
-	\
-	# forward request and error logs to docker log collector
-	&& ln -sf /dev/stdout /var/log/nginx/access.log \
-	&& ln -sf /dev/stderr /var/log/nginx/error.log
 
+#RUN git clone --depth 1 --branch v4.0.0 https://github.com/libressl/portable.git libressl
+#RUN git clone --depth 1 --branch v4.0.0 https://github.com/libressl/portable.git libressl
+#ADD --chown=luser:luser git@github.com:libressl/portable.git#v${LIBRESSL_VERSION} libressl
+ADD --chown=luser:luser https://cdn.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VERSION}.tar.gz libressl.tgz
+RUN tar -xzf libressl.tgz && mv libressl-${LIBRESSL_VERSION} libressl && rm libressl.tgz
+RUN mkdir -p libressl/build
+RUN cmake -G Ninja -B libressl/build -S libressl \ 
+	-DCMAKE_BUILD_TYPE=Release \
+	-DLIBRESSL_APPS=OFF \
+	-DLIBRESSL_SKIP_INSTALL=ON \
+	-DENABLE_ASM=OFF \
+	-DENABLE_NC=OFF \
+	-DLIBRESSL_TESTS=OFF \
+	-DBUILD_SHARED_LIBS=OFF
+RUN cmake --build libressl/build
+
+FROM build_stage_1 AS build_stage_2_vanilla
+ARG NGINX_VERSION
+ADD --chown=luser:luser https://github.com/nginx/nginx.git#release-${NGINX_VERSION} /nginx
+
+FROM build_stage_1 AS build_stage_2_woggioni
+ARG NGINX_VERSION
+ADD --chown=luser:luser git@github.com:woggioni/nginx.git#release-${NGINX_VERSION} /nginx
+
+FROM build_stage_2_${NGINX_BRANCH} AS build
+ADD --chown=luser:luser https://github.com/openresty/headers-more-nginx-module.git /ngx_headers_more
+ADD --chown=luser:luser https://github.com/google/ngx_brotli.git /ngx_brotli
+USER root
+WORKDIR /
+RUN hg clone http://hg.nginx.org/njs /njs
+RUN chown luser:luser -R /njs
+USER luser
+WORKDIR /home/luser
+ADD --chown=luser:luser --chmod=755 ./build.sh ./build.sh
+RUN ./build.sh
+
+
+FROM base AS release
+ARG VERSION
+ENV NGINX_VERSION=${VERSION}
+
+RUN addgroup -S nginx
+RUN adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx
+
+RUN --mount=type=cache,target=/var/cache/apk apk add --virtual .install_deps make perl-dev gettext binutils
+RUN --mount=type=cache,target=/var/cache/apk \
+    --mount=type=bind,from=build,source=/nginx,target=/nginx \
+    --mount=type=bind,from=build,source=/ngx_headers_more,target=/ngx_headers_more \
+    --mount=type=bind,from=build,source=/ngx_brotli,target=/ngx_brotli \
+    --mount=type=bind,from=build,source=/njs,target=/njs \
+    --mount=type=bind,source=install.sh,target=/install.sh \
+	 (cd nginx && sh /install.sh)
+RUN --mount=type=cache,target=/var/cache/apk apk del .install_deps
+
+COPY --from=build /home/luser/libressl/openssl.cnf /etc/ssl/openssl.cnf
 COPY conf/nginx.conf /etc/nginx/nginx.conf
 COPY conf/nginx.vh.no-default.conf /etc/nginx/conf.d/default.conf
+COPY conf/dhparam /etc/nginx/dhparam
 
-RUN APK_ARCH="$(cat /etc/apk/arch)"
+LABEL description="NGINX Docker built top of LibreSSL" \
-
+      maintainer="Walter Oggioni <oggioni.walter@gmail.com>" \
-LABEL description="NGINX Docker built top of rolling release BoringSSL" \
+      openssl="LibreSSL" \
-      maintainer="Denis Denisov <denji0k@gmail.com>" \
+      nginx="nginx ${NGINX_VERSION}"
-      openssl="BoringSSL" \
-      nginx="nginx ${NGINX_VERSION}" \
-      arch="$APK_ARCH"
 
 EXPOSE 80 443 443/udp
 

nginx/build.sh

@@ -0,0 +1,59 @@
+#!/usr/bin/env sh
+
+set -e
+
+CONFIG='
+		--prefix=/etc/nginx
+		--sbin-path=/usr/sbin/nginx
+		--modules-path=/usr/lib/nginx/modules
+		--conf-path=/etc/nginx/nginx.conf
+		--error-log-path=/var/log/nginx/error.log
+		--http-log-path=/var/log/nginx/access.log
+		--pid-path=/var/run/nginx.pid
+		--lock-path=/var/run/nginx.lock
+		--http-client-body-temp-path=/var/cache/nginx/client_temp
+		--http-proxy-temp-path=/var/cache/nginx/proxy_temp
+		--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
+		--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
+		--http-scgi-temp-path=/var/cache/nginx/scgi_temp
+		--user=nginx
+		--group=nginx
+		--with-http_ssl_module
+		--with-http_realip_module
+		--with-http_addition_module
+		--with-http_sub_module
+		--with-http_dav_module
+		--with-http_flv_module
+		--with-http_mp4_module
+		--with-http_gunzip_module
+		--with-http_gzip_static_module
+		--with-http_random_index_module
+		--with-http_secure_link_module
+		--with-http_stub_status_module
+		--with-http_auth_request_module
+		--with-http_xslt_module=dynamic
+		--with-http_geoip_module=dynamic
+		--with-threads
+		--with-stream
+		--with-stream_ssl_module
+		--with-stream_ssl_preread_module
+		--with-stream_realip_module
+		--with-stream_geoip_module=dynamic
+		--with-http_slice_module
+		--with-mail
+		--with-mail_ssl_module
+		--with-compat
+		--with-file-aio
+		--with-http_v2_module
+		--with-http_v3_module
+		--add-dynamic-module=/ngx_headers_more
+		--add-dynamic-module=/ngx_brotli
+		--add-dynamic-module=/njs/nginx
+'
+
+cd /nginx
+
+auto/configure $CONFIG \
+    --with-cc-opt="-I/home/luser/libressl/build/include" \
+    --with-ld-opt="-lstdc++ -L/home/luser/libressl/build/ssl -L/home/luser/libressl/build/crypto"
+make -j$(nproc)

nginx/conf/dhparam

@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
+-----END DH PARAMETERS-----

nginx/conf/nginx.conf

@@ -1,9 +1,9 @@
 
-# load_module modules/ngx_http_xslt_filter_module.so;
+load_module modules/ngx_http_xslt_filter_module.so;
 #load_module modules/ngx_http_image_filter_module.so;
-# load_module modules/ngx_http_geoip_module.so;
+load_module modules/ngx_http_geoip_module.so;
 #load_module modules/ngx_http_perl_module.so;
-# load_module modules/ngx_stream_geoip_module.so;
+load_module modules/ngx_stream_geoip_module.so;
 load_module modules/ngx_http_headers_more_filter_module.so;
 load_module modules/ngx_http_brotli_static_module.so;
 load_module modules/ngx_http_brotli_filter_module.so;
@@ -40,20 +40,23 @@ http {
 
     keepalive_disable  msie6;
 
-    ssl_dyn_rec_enable on;
+    # intermediate configuration
     ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ecdh_curve X25519:P-521:P-384;
+    ssl_ecdh_curve X25519:prime256v1:secp384r1;
-    ssl_ciphers [ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES256-GCM-SHA384|ECDHE-RSA-AES256-GCM-SHA384]:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-    ssl_prefer_server_ciphers on;
+    ssl_prefer_server_ciphers off;
-    ssl_session_cache shared:SSL:1m;
-    ssl_session_timeout 1h;
 
+    # see also ssl_session_ticket_key alternative to stateful session cache
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
     ssl_session_tickets off;
 
     http2 on;
     http3 on;
+    http3_hq on;
+    quic_gso on;
     quic_retry on;
-    #ssl_early_data on;
+    ssl_early_data off;
     
     gzip_static on;
     gzip on;
@@ -62,30 +65,64 @@ http {
     gzip_proxied any;
     gzip_vary on;
     gzip_disable "msie6";
+    
     gzip_types 
-        text/plain
+        application/atom+xml 
-        text/css
+        application/javascript 
-        text/x-component
-        text/javascript application/javascript application/x-javascript
-        text/xml application/xml application/rss+xml
         application/json 
+        application/ld+json 
+        application/manifest+json 
+        application/rss+xml 
+        application/vnd.geo+json 
         application/vnd.ms-fontobject 
-        font/truetype font/opentype
+        application/x-font-ttf 
-        image/svg+xml;
+        application/x-web-app-manifest+json 
+        application/xhtml+xml 
+        application/xml 
+        font/opentype 
+        image/bmp 
+        image/svg+xml
+        image/x-icon 
+        text/cache-manifest 
+        text/css 
+        text/plain 
+        text/vcard 
+        text/vnd.rim.location.xloc 
+        text/vtt text/x-component 
+        text/x-cross-domain-policy 
+        application/wasm;
+
+
 
     brotli_static on;
     brotli on;
     brotli_comp_level 6;
     brotli_types 
-       text/plain
+        application/atom+xml 
-       text/css
+        application/javascript 
-       text/x-component
-       text/javascript application/javascript application/x-javascript
-       text/xml application/xml application/rss+xml
         application/json 
+        application/rss+xml
         application/vnd.ms-fontobject
-       font/truetype font/opentype
+        application/x-font-opentype 
-       image/svg+xml;
+        application/x-font-truetype
+        application/x-font-ttf 
+        application/x-javascript 
+        application/xhtml+xml 
+        application/xml
+        font/eot 
+        font/opentype 
+        font/otf 
+        font/truetype 
+        image/svg+xml 
+        image/vnd.microsoft.icon
+        image/x-icon 
+        image/x-win-bitmap 
+        text/css 
+        text/javascript 
+        text/plain 
+        text/xml 
+        application/wasm;
+
 
     include /etc/nginx/conf.d/*.conf;
 }

nginx/conf/nginx.vh.no-default.conf

@@ -11,6 +11,7 @@ server {
 }
 
 server {
-  listen 443 ssl http2 default_server;
+  listen 443 ssl default_server;
+  http2 on;
   ssl_reject_handshake on;
 }

nginx/install.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env sh
+set -e
+make install
+rm -rf /etc/nginx/html/
+mkdir -p /etc/nginx/conf.d/
+mkdir -p /usr/share/nginx/html/
+install -m644 docs/html/index.html /usr/share/nginx/html/
+install -m644 docs/html/50x.html /usr/share/nginx/html/
+ln -s ../../usr/lib/nginx/modules /etc/nginx/modules
+strip /usr/sbin/nginx*
+strip /usr/lib/nginx/modules/*.so
+
+# Bring in gettext so we can get `envsubst`, then throw
+# the rest away. To do this, we need to install `gettext`
+# then move `envsubst` out of the way so `gettext` can
+# be deleted completely, then move `envsubst` back.
+
+apk add --no-cache --virtual .gettext gettext
+mv /usr/bin/envsubst /tmp/
+runDeps="libintl libxml2 musl zlib tzdata ca-certificates pcre brotli-libs libxslt geoip"
+apk add --no-cache $runDeps
+apk del .gettext
+mv /tmp/envsubst /usr/local/bin/
+# forward request and error logs to docker log collect
+mkdir -p /var/log/nginx
+ln -sf /dev/stdout /var/log/nginx/access.log
+ln -sf /dev/stderr /var/log/nginx/error.log

pgvector/pg_upgrade.dockerfile

@@ -0,0 +1,9 @@
+FROM gitea.woggioni.net/woggioni/pgvector:0.8.0-pg16 AS release-16
+RUN --mount=type=cache,target=/var/cache/apk apk update
+RUN --mount=type=cache,target=/var/cache/apk apk add patchelf
+RUN find /usr/local/bin -type f ! -name "*.sh" -exec patchelf --set-rpath /usr/local-16/lib {} \;
+
+FROM gitea.woggioni.net/woggioni/pgvector:0.8.0-pg17 AS release-17
+
+COPY --from=release-16 /usr/local/ /usr/local-16/
+

rlevtree/Dockerfile

@@ -0,0 +1,3 @@
+FROM scratch
+ADD benchmark.wasm /benchmark.wasm
+CMD ["/benchmark.wasm"]

shadowsocks-rust/Dockerfile

@@ -1,43 +1,34 @@
-FROM --platform=$BUILDPLATFORM rust:alpine AS builder
+FROM --platform=$BUILDPLATFORM gitea.woggioni.net/woggioni/arch-builder:rust-full AS base
 
 ARG VERSION TARGETPLATFORM BUILDPLATFORM
 
-RUN set -x \
+WORKDIR /home/luser/shadowsocks-rust
-    && apk add --no-cache build-base cmake llvm15-dev clang15-libclang clang15 rust-bindgen git rustup curl
-
-WORKDIR /root/shadowsocks-rust
 
 RUN git clone --depth 1 --branch "v${VERSION}" https://github.com/shadowsocks/shadowsocks-rust.git .
 
-RUN case "$TARGETPLATFORM" in \
+FROM base AS builder-linux_386
-    "linux/386") \
+ENV RUST_TARGET="i686-unknown-linux-musl"
-        RUST_TARGET="i686-unknown-linux-musl" \
+
-        MUSL="i686-linux-musl" \
+FROM base AS builder-linux_amd64
-    ;; \
+ENV RUST_TARGET="x86_64-unknown-linux-musl"
-    "linux/amd64") \
+ENV CC_x86_64-unknown-linux-musl=/opt/x-tools/x86_64-unknown-linux-musl/bin/x86_64-unknown-linux-musl-gcc
-        RUST_TARGET="x86_64-unknown-linux-musl" \
+ENV CXX_x86_64-unknown-linux-musl=/opt/x-tools/x86_64-unknown-linux-musl/bin/x86_64-unknown-linux-musl-g++
-        MUSL="x86_64-linux-musl" \
+
-    ;; \
+FROM base AS builder-linux_arm64
-    "linux/arm64") \
+ENV RUST_TARGET="aarch64-unknown-linux-musl"
-        RUST_TARGET="aarch64-unknown-linux-musl" \
+ENV CC_aarch64_unknown_linux_musl=/opt/x-tools/aarch64-unknown-linux-musl/bin/aarch64-unknown-linux-musl-gcc
-        MUSL="aarch64-linux-musl" \
+ENV CXX_aarch64_unknown_linux_musl=/opt/x-tools/aarch64-unknown-linux-musl/bin/aarch64-unknown-linux-musl-g++
-    ;; \
+
-    "linux/arm/v7") \
+
-        RUST_TARGET="arm-unknown-linux-musleabihf" \
+FROM base AS builder-linux_arm_v7
-        MUSL="arm-linux-musleabihf" \
+ENV RUST_TARGET="arm-unknown-linux-musleabihf"
-    ;; \
+ENV CC_armv7_unknown_linux_musleabihf=/opt/x-tools/arm-unknown-linux-musleabi/bin/arm-unknown-linux-musleabi-gcc
-    *) \
+ENV CXX_armv7_unknown_linux_musleabihf=/opt/x-tools/arm-unknown-linux-musleabi/bin/arm-unknown-linux-musleabi-g++
-        echo "Doesn't support $TARGETPLATFORM architecture" \
+
-        exit 1 \
+
-    ;; \
+FROM builder-${TARGETPLATFORM/\//_} AS builder
-    esac \
+RUN rustup target add $RUST_TARGET
-    && wget -qO- "https://musl.cc/$MUSL-cross.tgz" | tar -xzC /root/ \
+RUN cargo +stable build --locked --target "$RUST_TARGET" --release --features "full,aead-cipher-extra,aead-cipher-2022-extra,security-replay-attack-detect" \
-    && PATH="/root/$MUSL-cross/bin:$PATH" \
-    && CC=/root/$MUSL-cross/bin/$MUSL-gcc \
-    && echo "CC=$CC" \
-    && rustup override set stable \
-    && rustup target add "$RUST_TARGET" \
-    && RUSTFLAGS="-C linker=$CC" CC=$CC cargo build --target "$RUST_TARGET" --release --features "full-extra" \
     && mv target/$RUST_TARGET/release/ss* target/release/
 
 COPY download_v2ray.sh download_v2ray.sh
@@ -48,20 +39,20 @@ RUN ./download_xray.sh "$TARGETPLATFORM"
 FROM busybox:musl AS sslocal
 
 # NOTE: Please be careful to change the path of these binaries, refer to #1149 for more information.
-COPY --from=builder /root/shadowsocks-rust/target/release/sslocal /usr/bin/
+COPY --from=builder --chown=root:root /home/luser/shadowsocks-rust/target/release/sslocal /usr/bin/
-COPY --from=builder /root/shadowsocks-rust/examples/config.json /etc/shadowsocks-rust/
+COPY --from=builder --chown=root:root /home/luser/shadowsocks-rust/examples/config.json /etc/shadowsocks-rust/
-COPY --from=builder /root/shadowsocks-rust/docker/docker-entrypoint.sh /usr/bin/
+COPY --from=builder --chown=root:root /home/luser/shadowsocks-rust/docker/docker-entrypoint.sh /usr/bin/
-COPY --from=builder /tmp/v2ray-plugin /usr/bin/v2ray-plugin
+COPY --from=builder --chown=root:root /tmp/v2ray-plugin /usr/bin/v2ray-plugin
-COPY --from=builder /tmp/xray-plugin /usr/bin/xray-plugin
+COPY --from=builder --chown=root:root /tmp/xray-plugin /usr/bin/xray-plugin
 
 ENTRYPOINT [ "docker-entrypoint.sh" ]
 CMD [ "sslocal", "--log-without-time", "-c", "/etc/shadowsocks-rust/config.json" ]
 
 FROM busybox:musl AS ssserver
 
-COPY --from=builder /root/shadowsocks-rust/target/release/ssserver /usr/bin/
+COPY --from=builder --chown=root:root /home/luser/shadowsocks-rust/target/release/ssserver /usr/bin/
-COPY --from=builder /root/shadowsocks-rust/examples/config.json /etc/shadowsocks-rust/
+COPY --from=builder --chown=root:root /home/luser/shadowsocks-rust/examples/config.json /etc/shadowsocks-rust/
-COPY --from=builder /root/shadowsocks-rust/docker/docker-entrypoint.sh /usr/bin/
+COPY --from=builder --chown=root:root /home/luser/shadowsocks-rust/docker/docker-entrypoint.sh /usr/bin/
 COPY --from=builder /tmp/v2ray-plugin /usr/bin/v2ray-plugin
 COPY --from=builder /tmp/xray-plugin /usr/bin/xray-plugin
 

swarm-cli/Dockerfile

@@ -0,0 +1,14 @@
+FROM alpine:3.22
+
+RUN --mount=type=cache,target=/var/cache/apk apk update
+RUN --mount=type=cache,target=/var/cache/apk apk add nodejs npm nushell curl
+RUN npm install --global @ethersphere/swarm-cli
+RUN addgroup -S ethswarm
+RUN adduser -D -S -h /var/lib/ethswarm -s /usr/bin/nu -G ethswarm ethswarm
+ADD --chown=ethswarm:ethswarm config.nu /var/lib/ethswarm/.config/nushell/config.nu
+
+USER ethswarm
+WORKDIR /var/lib/ethswarm
+ENTRYPOINT ["/usr/bin/nu"]
+
+

swarm-cli/config.nu

@@ -0,0 +1,40 @@
+# config.nu
+#
+# Installed by:
+# version = "0.104.1"
+#
+# This file is used to override default Nushell settings, define
+# (or import) custom commands, or run any other startup tasks.
+# See https://www.nushell.sh/book/configuration.html
+#
+# This file is loaded after env.nu and before login.nu
+#
+# You can open this file in your default editor using:
+# config nu
+#
+# See `help config nu` for more options
+#
+# You can remove these comments if you want or leave
+# them for future reference.
+
+use std/util "path add"
+
+path add ($env.HOME | path join "bin")
+path add ($env.HOME | path join ".local/bin")
+path add ($env.HOME | path join ".cargo/bin")
+
+$env.config.show_banner = false
+$env.config.history.max_size = 10000
+
+$env.PROMPT_COMMAND = { ||
+    let username = id -u -n
+    let hostname = sys host | get hostname
+    let current_dir = (pwd)
+    
+    $"($username)@($hostname) ($current_dir)"
+}
+
+def --env mkcd [p: string] {
+    mkdir $p
+    cd $p
+}

wildfly/Dockerfile

@@ -7,6 +7,7 @@ RUN echo "   -> Removing unneeded .bat and .ps1 files..." &&\
     install -d -m 755 "/opt/" &&\
     tar -xf wildfly-${VERSION}.Final.tar.gz &&\
     cp -R "wildfly-${VERSION}.Final" "/opt/wildfly" &&\
+    rm /opt/wildfly/bin/standalone.conf &&\
     cd "wildfly-${VERSION}.Final/docs/contrib/scripts/systemd" &&\
     echo "   -> Creating wildfly.conf (environment settings)..." &&\
     install -D -t "/opt/wildfly/etc/wildfly" -m 644 wildfly.conf &&\
@@ -14,15 +15,24 @@ RUN echo "   -> Removing unneeded .bat and .ps1 files..." &&\
     install -D -t "/opt/wildfly/bin" -m 755 launch.sh &&\
     chmod -R u=rwX,g=rwX,o=rX "/opt/wildfly"
 
-FROM eclipse-temurin:23-jre-alpine AS release
+FROM archlinux:latest AS release
-RUN adduser wildfly -u 1000 --system -s /bin/sh -h /opt/wildfly
+RUN pacman-key --init
+RUN pacman-key --refresh-keys
+RUN curl --retry 3 -OJ https://gitea.woggioni.net/api/packages/woggioni/arch/repository.key
+RUN pacman-key --add repository.key
+RUN pacman-key --lsign-key 0D28BF66FDB45D18D8EBEE5D4C91DADCD00B3F77
+
+RUN --mount=type=bind,source=pacman-gitea-repository.conf,target=pacman-gitea-repository.conf cat pacman-gitea-repository.conf  >> /etc/pacman.conf
+RUN --mount=type=cache,target=/var/cache/pacman pacman -Syu --noconfirm
+RUN --mount=type=cache,target=/var/cache/pacman pacman -S --noconfirm jre21-openjdk
+RUN useradd wildfly -u 1000 --system -s /bin/sh -d /opt/wildfly
 COPY --from=build /opt/wildfly /opt/wildfly
 RUN install -d -m 755 -o wildfly /opt/wildfly/standalone/log
 RUN install -d -m 755 -o wildfly /opt/wildfly/standalone/data
 RUN install -d -m 755 -o wildfly /opt/wildfly/standalone/tmp
 RUN install -d -m 755 -o wildfly /opt/wildfly/standalone/deployments
 RUN chown -R wildfly /opt/wildfly/standalone/configuration
-VOLUME ["/opt/wildfly/standalone/deployments", "/opt/wildfly/standalone/tmp", "/opt/wildfly/standalone/data", "/opt/wildfly/standalone/log"]
+VOLUME ["/opt/wildfly/standalone/tmp", "/opt/wildfly/standalone/data", "/opt/wildfly/standalone/log"]
 USER wildfly
 WORKDIR /opt/wildfly
 ENV LAUNCH_JBOSS_IN_BACKGROUND=true

wildfly/pacman-gitea-repository.conf

@@ -0,0 +1,4 @@
+
+[woggioni.gitea.woggioni.net]
+SigLevel = Required
+Server = https://gitea.woggioni.net/api/packages/woggioni/arch/default/x86_64

xmrig/001-remove-donation.patch

@@ -0,0 +1,15 @@
+diff --git a/src/donate.h b/src/donate.h
+index 206b1b8f..14cdf9ea 100644
+--- a/src/donate.h
++++ b/src/donate.h
+@@ -37,8 +37,8 @@
+  * If you plan on changing donations to 0%, please consider making a one-off donation to my wallet:
+  * XMR: 48edfHu7V9Z84YzzMa6fUueoELZ9ZRXq9VetWzYGzKt52XU5xvqgzYnDK9URnRoJMk1j8nLwEVsaSWJ4fhdUyZijBGUicoD
+  */
+-constexpr const int kDefaultDonateLevel = 1;
+-constexpr const int kMinimumDonateLevel = 1;
++constexpr const int kDefaultDonateLevel = 0;
++constexpr const int kMinimumDonateLevel = 0;
+ 
+ 
+ #endif // XMRIG_DONATE_H

xmrig/Dockerfile

@@ -0,0 +1,51 @@
+FROM alpine:3.22 AS base
+
+FROM base AS build
+ARG VERSION
+RUN --mount=type=cache,target=/var/cache/apk apk add gcc g++ musl-dev cmake ninja hwloc-dev libuv-dev openssl-dev git upx
+RUN adduser -D -S -h /home/luser luser
+WORKDIR /home/luser
+USER luser
+ADD --chown=luser:luser git@github.com:xmrig/xmrig.git#v${VERSION} xmrig
+ADD 001-remove-donation.patch .
+RUN mkdir build
+WORKDIR xmrig
+RUN git apply /home/luser/001-remove-donation.patch
+WORKDIR /home/luser
+RUN cmake -G Ninja -S xmrig -B build -DCMAKE_BUILD_TYPE=Release \ 
+  -DWITH_VAES=TRUE \
+  -DWITH_RANDOMX=ON \
+  -DWITH_OPENCL=OFF \
+  -DWITH_MSR=ON \
+  -DWITH_CUDA=OFF \
+  -DWITH_BENCHMARK=OFF \
+  -DWITH_HWLOC=ON \
+  -DWITH_HTTP=ON \
+  -DWITH_SSE41=ON \
+  -DWITH_AVX2=ON \
+  -DWITH_ASM=ON \
+  -DWITH_ARGON2=ON \
+  -DWITH_ADL=ON \
+  -DWITH_CN_PICO=ON \
+  -DWITH_CN_LITE=ON \
+  -DWITH_CN_HEAVY=ON \
+  -DWITH_CN_FEMTO=ON \
+  -DWITH_GHOSTRIDER=ON \
+  -DWITH_KAWPOW=ON \
+  -DWITH_ENV_VARS=ON \
+  -DWITH_RANDOMX=ON
+
+WORKDIR build
+RUN ninja
+RUN strip -s xmrig
+RUN upx -6 xmrig
+
+
+
+FROM base AS release
+RUN --mount=type=cache,target=/var/cache/apk apk add hwloc libuv openssl
+COPY --from=build /home/luser/build/xmrig /usr/local/bin/xmrig
+RUN adduser -D -S -h /var/lib/xmrig xmrig
+WORKDIR /var/lib/xmrig
+USER xmrig
+ENTRYPOINT ["/usr/local/bin/xmrig"]