Fix #897 and shuffle directory around (#1054)

* Fix #897 and shuffle directory around

* Update find-lint

* goimports

Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>

27 files changed, 979 insertions, 0 deletions

diff --git a/build/docker/Dockerfile b/build/docker/Dockerfile
new file mode 100644
index 00000000..5810825a
--- /dev/null
+++ b/build/docker/Dockerfile
@@ -0,0 +1,9 @@
+FROM docker.io/golang:1.13.7-alpine3.11
+
+RUN mkdir /build
+
+WORKDIR /build
+
+RUN apk --update --no-cache add openssl bash git build-base
+
+CMD ["bash", "docker/build.sh"]
diff --git a/build/docker/README.md b/build/docker/README.md
new file mode 100644
index 00000000..83d0b6a8
--- /dev/null
+++ b/build/docker/README.md
@@ -0,0 +1,100 @@
+Development with Docker
+---
+
+With `docker` and `docker-compose` you can easily spin up a development environment
+and start working on dendrite.
+
+### Requirements
+
+- docker
+- docker-compose (version 3+)
+
+### Configuration
+
+Create a directory named `cfg` in the root of the project. Copy the
+`dendrite-docker.yaml` file into that directory and rename it to `dendrite.yaml`.
+It already contains the defaults used in `docker-compose` for networking so you will
+only have to change things like the `server_name` or to toggle `naffka`.
+
+You can run the following `docker-compose` commands either from the top directory
+specifying the `docker-compose` file
+```
+docker-compose -f docker/docker-compose.yml <cmd>
+```
+or from within the `docker` directory 
+
+```
+docker-compose <cmd>
+```
+
+### Starting a monolith server
+
+For the monolith server you would need a postgres instance 
+
+```
+docker-compose up postgres
+```
+
+and the dendrite component from `bin/dendrite-monolith-server`
+
+```
+docker-compose up monolith
+```
+
+The monolith will be listening on `http://localhost:8008`.
+
+You would also have to make the following adjustments to `dendrite.yaml`.
+ - Set `use_naffka: true` 
+ - Uncomment the `database/naffka` postgres url.
+
+### Starting a multiprocess server
+
+The multiprocess server requires kafka, zookeeper and postgres
+
+```
+docker-compose up kafka zookeeper postgres
+```
+
+and the following dendrite components 
+
+```
+docker-compose up client_api media_api sync_api room_server public_rooms_api edu_server
+docker-compose up client_api_proxy
+```
+
+The `client-api-proxy` will be listening on `http://localhost:8008`.
+
+You would also have to make the following adjustments to `dendrite.yaml`.
+ - Set `use_naffka: false` 
+ - Comment out the `database/naffka` postgres url.
+
+### Starting federation
+
+```
+docker-compose up federation_api federation_sender
+docker-compose up federation_api_proxy
+```
+
+You can point other Matrix servers to `http://localhost:8448`.
+
+### Creating a new component
+
+You can create a new dendrite component by adding an entry to the `docker-compose.yml` 
+file and creating a startup script for the component in `docker/services`. 
+For more information refer to the official docker-compose [documentation](https://docs.docker.com/compose/).
+
+```yaml
+  new_component:
+    container_name: dendrite_room_server
+    hostname: new_component
+    # Start up script.
+    entrypoint: ["bash", "./docker/services/new-component.sh"]
+    # Use the common Dockerfile for all the dendrite components.
+    build: ./
+    volumes:
+      - ..:/build
+    depends_on:
+      - another_component
+    networks:
+      - internal
+```
diff --git a/build/docker/build.sh b/build/docker/build.sh
new file mode 100644
index 00000000..a3e3ca24
--- /dev/null
+++ b/build/docker/build.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+./build.sh
+
+# Generate the keys if they don't already exist.
+if [ ! -f server.key ] || [ ! -f server.crt ] || [ ! -f matrix_key.pem ]; then
+    echo "Generating keys ..."
+
+    rm -f server.key server.crt matrix_key.pem
+
+    test -f server.key || openssl req -x509 -newkey rsa:4096 \
+                        -keyout server.key \
+                        -out server.crt \
+                        -days 3650 -nodes \
+                        -subj /CN=localhost
+
+    test -f matrix_key.pem || /build/bin/generate-keys -private-key matrix_key.pem
+fi
diff --git a/build/docker/dendrite-docker.yml b/build/docker/dendrite-docker.yml
new file mode 100644
index 00000000..a72ff3dd
--- /dev/null
+++ b/build/docker/dendrite-docker.yml
@@ -0,0 +1,129 @@
+# The config file format version
+# This is used by dendrite to tell if it understands the config format.
+# This will change if the structure of the config file changes or if the meaning
+# of an existing config key changes.
+version: 0
+
+# The matrix specific config
+matrix:
+    # The name of the server. This is usually the domain name, e.g 'matrix.org', 'localhost'.
+    server_name: "example.com"
+    # The path to the PEM formatted matrix private key.
+    private_key: "matrix_key.pem"
+    # The x509 certificates used by the federation listeners for this server
+    federation_certificates: ["server.crt"]
+    # The list of identity servers trusted to verify third party identifiers by this server.
+    # Defaults to no trusted servers.
+    trusted_third_party_id_servers:
+      - vector.im
+      - matrix.org
+
+# The media repository config
+media:
+    # The base path to where the media files will be stored. May be relative or absolute.
+    base_path: /var/dendrite/media
+
+    # The maximum file size in bytes that is allowed to be stored on this server.
+    # Note: if max_file_size_bytes is set to 0, the size is unlimited.
+    # Note: if max_file_size_bytes is not set, it will default to 10485760 (10MB)
+    max_file_size_bytes: 10485760
+
+    # Whether to dynamically generate thumbnails on-the-fly if the requested resolution is not already generated
+    # NOTE: This is a possible denial-of-service attack vector - use at your own risk
+    dynamic_thumbnails: false
+
+    # A list of thumbnail sizes to be pre-generated for downloaded remote / uploaded content
+    # method is one of crop or scale. If omitted, it will default to scale.
+    # crop scales to fill the requested dimensions and crops the excess.
+    # scale scales to fit the requested dimensions and one dimension may be smaller than requested.
+    thumbnail_sizes:
+      - width: 32
+        height: 32
+        method: crop
+      - width: 96
+        height: 96
+        method: crop
+      - width: 320
+        height: 240
+        method: scale
+      - width: 640
+        height: 480
+        method: scale
+      - width: 800
+        height: 600
+        method: scale
+
+# The config for the TURN server
+turn:
+    # Whether or not guests can request TURN credentials
+    turn_allow_guests: true
+    # How long the authorization should last
+    turn_user_lifetime: "1h"
+    # The list of TURN URIs to pass to clients
+    turn_uris: []
+
+    # Authorization via Shared Secret
+    # The shared secret from coturn
+    turn_shared_secret: "<SECRET STRING GOES HERE>"
+
+    # Authorization via Static Username & Password
+    # Hardcoded Username and Password
+    turn_username: ""
+    turn_password: ""
+
+# The config for communicating with kafka
+kafka:
+    # Where the kafka servers are running.
+    addresses: ["kafka:9092"]
+    # Whether to use naffka instead of kafka.
+    # Naffka can only be used when running dendrite as a single monolithic server.
+    # Kafka can be used both with a monolithic server and when running the
+    # components as separate servers.
+    # If enabled database.naffka must also be specified.
+    use_naffka: true
+    # The names of the kafka topics to use.
+    topics:
+        output_room_event: roomserverOutput
+        output_client_data: clientapiOutput
+        output_typing_event: eduServerOutput
+        user_updates: userUpdates
+
+
+# The postgres connection configs for connecting to the databases e.g a postgres:// URI
+database:
+    account: "postgres://dendrite:itsasecret@postgres/dendrite_account?sslmode=disable"
+    device: "postgres://dendrite:itsasecret@postgres/dendrite_device?sslmode=disable"
+    media_api: "postgres://dendrite:itsasecret@postgres/dendrite_mediaapi?sslmode=disable"
+    sync_api: "postgres://dendrite:itsasecret@postgres/dendrite_syncapi?sslmode=disable"
+    room_server: "postgres://dendrite:itsasecret@postgres/dendrite_roomserver?sslmode=disable"
+    server_key: "postgres://dendrite:itsasecret@postgres/dendrite_serverkey?sslmode=disable"
+    federation_sender: "postgres://dendrite:itsasecret@postgres/dendrite_federationsender?sslmode=disable"
+    public_rooms_api: "postgres://dendrite:itsasecret@postgres/dendrite_publicroomsapi?sslmode=disable"
+    appservice: "postgres://dendrite:itsasecret@postgres/dendrite_appservice?sslmode=disable"
+    # If using naffka you need to specify a naffka database
+    naffka: "postgres://dendrite:itsasecret@postgres/dendrite_naffka?sslmode=disable"
+
+# The TCP host:port pairs to bind the internal HTTP APIs to.
+# These shouldn't be exposed to the public internet.
+# These aren't needed when running dendrite as a monolithic server.
+listen:
+    room_server: "room_server:7770"
+    client_api: "client_api:7771"
+    federation_api: "federation_api:7772"
+    sync_api: "sync_api:7773"
+    media_api: "media_api:7774"
+    public_rooms_api: "public_rooms_api:7775"
+    federation_sender: "federation_sender:7776"
+    edu_server: "typing_server:7777"
+
+# The configuration for tracing the dendrite components.
+tracing:
+    # Config for the jaeger opentracing reporter.
+    # See https://godoc.org/github.com/uber/jaeger-client-go/config#Configuration
+    # for documentation.
+    jaeger:
+        disabled: true
+
+# A list of application service config files to use
+application_services:
+    config_files: []
diff --git a/build/docker/docker-compose.yml b/build/docker/docker-compose.yml
new file mode 100644
index 00000000..c6bb4581
--- /dev/null
+++ b/build/docker/docker-compose.yml
@@ -0,0 +1,202 @@
+version: "3.4"
+services:
+  riot:
+    image: vectorim/riot-web
+    networks:
+      - internal
+    ports:
+      - "8500:80"
+
+  monolith:
+    container_name: dendrite_monolith
+    hostname: monolith
+    entrypoint: ["bash", "./docker/services/monolith.sh", "--config", "/etc/dendrite/dendrite.yaml"]
+    build: ./
+    volumes:
+      - ..:/build
+      - ./build/bin:/build/bin
+      - ../cfg:/etc/dendrite
+    networks:
+      - internal
+    depends_on:
+      - postgres
+    ports:
+      - "8008:8008"
+      - "8448:8448"
+
+  client_api_proxy:
+    container_name: dendrite_client_api_proxy
+    hostname: client_api_proxy
+    entrypoint: ["bash", "./docker/services/client-api-proxy.sh"]
+    build: ./
+    volumes:
+      - ..:/build
+    networks:
+      - internal
+    depends_on:
+      - postgres
+      - sync_api
+      - client_api
+      - media_api
+      - public_rooms_api
+    ports:
+      - "8008:8008"
+
+  client_api:
+    container_name: dendrite_client_api
+    hostname: client_api
+    entrypoint: ["bash", "./docker/services/client-api.sh"]
+    build: ./
+    volumes:
+      - ..:/build
+    depends_on:
+      - postgres
+      - room_server
+    networks:
+      - internal
+
+  media_api:
+    container_name: dendrite_media_api
+    hostname: media_api
+    entrypoint: ["bash", "./docker/services/media-api.sh"]
+    build: ./
+    volumes:
+      - ..:/build
+    depends_on:
+      - postgres
+    networks:
+      - internal
+
+  public_rooms_api:
+    container_name: dendrite_public_rooms_api
+    hostname: public_rooms_api
+    entrypoint: ["bash", "./docker/services/public-rooms-api.sh"]
+    build: ./
+    volumes:
+      - ..:/build
+    depends_on:
+      - postgres
+    networks:
+      - internal
+
+  sync_api:
+    container_name: dendrite_sync_api
+    hostname: sync_api
+    entrypoint: ["bash", "./docker/services/sync-api.sh"]
+    build: ./
+    volumes:
+      - ..:/build
+    depends_on:
+      - postgres
+    networks:
+      - internal
+
+  room_server:
+    container_name: dendrite_room_server
+    hostname: room_server
+    entrypoint: ["bash", "./docker/services/room-server.sh"]
+    build: ./
+    volumes:
+      - ..:/build
+    depends_on:
+      - postgres
+    networks:
+      - internal
+
+  edu_server:
+    container_name: dendrite_edu_server
+    hostname: edu_server
+    entrypoint: ["bash", "./docker/services/edu-server.sh"]
+    build: ./
+    volumes:
+      - ..:/build
+    networks:
+      - internal
+
+  federation_api_proxy:
+    container_name: dendrite_federation_api_proxy
+    hostname: federation_api_proxy
+    entrypoint: ["bash", "./docker/services/federation-api-proxy.sh"]
+    build: ./
+    volumes:
+      - ..:/build
+    depends_on:
+      - postgres
+      - federation_api
+      - federation_sender
+      - media_api
+    networks:
+      - internal
+    ports:
+      - "8448:8448"
+
+  federation_api:
+    container_name: dendrite_federation_api
+    hostname: federation_api
+    entrypoint: ["bash", "./docker/services/federation-api.sh"]
+    build: ./
+    volumes:
+      - ..:/build
+    depends_on:
+      - postgres
+    networks:
+      - internal
+
+  federation_sender:
+    container_name: dendrite_federation_sender
+    hostname: federation_sender
+    entrypoint: ["bash", "./docker/services/federation-sender.sh"]
+    build: ./
+    volumes:
+      - ..:/build
+    depends_on:
+      - postgres
+    networks:
+      - internal
+      
+  key_server:
+    container_name: dendrite_key_server
+    hostname: key_server
+    entrypoint: ["bash", "./docker/services/key-server.sh"]
+    build: ./
+    volumes:
+        - ..:/build
+    networks:
+        - internal
+
+  postgres:
+    container_name: dendrite_postgres
+    hostname: postgres
+    image: postgres:9.5
+    restart: always
+    volumes:
+      - ./postgres/create_db.sh:/docker-entrypoint-initdb.d/20-create_db.sh
+    environment:
+      POSTGRES_PASSWORD: itsasecret
+      POSTGRES_USER: dendrite
+    networks:
+      - internal
+
+  zookeeper:
+    container_name: dendrite_zk
+    hostname: zookeeper
+    image: zookeeper
+    networks:
+      - internal
+
+  kafka:
+    container_name: dendrite_kafka
+    hostname: kafka
+    image: wurstmeister/kafka
+    environment:
+      KAFKA_ADVERTISED_HOST_NAME: "kafka"
+      KAFKA_DELETE_TOPIC_ENABLE: "true"
+      KAFKA_ZOOKEEPER_CONNECT: "zookeeper:2181"
+    depends_on:
+      - zookeeper
+    networks:
+      - internal
+
+networks:
+  internal:
+    attachable: true
diff --git a/build/docker/hub/Dockerfile b/build/docker/hub/Dockerfile
new file mode 100644
index 00000000..d8e07681
--- /dev/null
+++ b/build/docker/hub/Dockerfile
@@ -0,0 +1,10 @@
+FROM docker.io/golang:1.13.7-alpine3.11 AS builder
+
+RUN apk --update --no-cache add bash build-base
+
+WORKDIR /build
+
+COPY . /build
+
+RUN mkdir -p bin
+RUN sh ./build.sh
\ No newline at end of file
diff --git a/build/docker/hub/Dockerfile.component b/build/docker/hub/Dockerfile.component
new file mode 100644
index 00000000..13634391
--- /dev/null
+++ b/build/docker/hub/Dockerfile.component
@@ -0,0 +1,13 @@
+FROM matrixdotorg/dendrite:latest AS base
+
+FROM alpine:latest
+
+ARG component=monolith
+ENV entrypoint=${component}
+
+COPY --from=base /build/bin/${component} /usr/bin
+
+VOLUME /etc/dendrite
+WORKDIR /etc/dendrite
+
+ENTRYPOINT /usr/bin/${entrypoint} $@
\ No newline at end of file
diff --git a/build/docker/hub/README.md b/build/docker/hub/README.md
new file mode 100644
index 00000000..fd641143
--- /dev/null
+++ b/build/docker/hub/README.md
@@ -0,0 +1,68 @@
+# Docker Hub images
+
+These are Docker Hub-friendly images for Dendrite.
+
+## Dockerfiles
+
+The `Dockerfile` builds the base image which contains all of the Dendrite
+components. The `Dockerfile.*` files take components from the base image and
+produce smaller component-specific images, which are substantially smaller
+and do not contain the Go toolchain etc.
+
+## Compose files
+
+There are three sample `docker-compose` files:
+
+- `docker-compose.deps.yml` which runs the Postgres and Kafka prerequisites
+- `docker-compose.monolith.yml` which runs a monolith Dendrite deployment
+- `docker-compose.polylith.yml` which runs a polylith Dendrite deployment
+
+## Configuration
+
+The `docker-compose` files refer to the `/etc/dendrite` volume as where the
+runtime config should come from. The mounted folder must contain:
+
+- `dendrite.yaml` configuration file (based on the sample `dendrite-config.yaml`
+   in the `docker/hub/config` folder in the [Dendrite repository](https://github.com/matrix-org/dendrite)
+- `matrix_key.pem` server key, as generated using `cmd/generate-keys`
+- `server.crt` certificate file
+- `server.key` private key file for the above certificate
+
+To generate keys:
+
+```
+go run github.com/matrix-org/dendrite/cmd/generate-keys \
+  --private-key=matrix_key.pem \
+  --tls-cert=server.crt \
+  --tls-key=server.key
+```
+
+## Starting Dendrite
+
+Once in place, start the dependencies:
+
+```
+docker-compose -f docker-compose.deps.yml up
+```
+
+Wait a few seconds for Kafka and Postgres to finish starting up, and then start a monolith:
+
+```
+docker-compose -f docker-compose.monolith.yml up
+```
+
+... or start the polylith components:
+
+```
+docker-compose -f docker-compose.polylith.yml up
+```
+
+## Building the images
+
+The `docker/hub/images-build.sh` script will build all of the component images.
+
+The `docker/hub/images-push.sh` script will push them to Docker Hub (subject
+to permissions). 
+
+If you wish to build and push your own images, rename `matrixdotorg/dendrite` to
+the name of another Docker Hub repository in `images-build.sh` and `images-push.sh`.
diff --git a/build/docker/hub/config/dendrite-config.yaml b/build/docker/hub/config/dendrite-config.yaml
new file mode 100644
index 00000000..23d6479b
--- /dev/null
+++ b/build/docker/hub/config/dendrite-config.yaml
@@ -0,0 +1,129 @@
+# The config file format version
+# This is used by dendrite to tell if it understands the config format.
+# This will change if the structure of the config file changes or if the meaning
+# of an existing config key changes.
+version: 0
+
+# The matrix specific config
+matrix:
+    # The name of the server. This is usually the domain name, e.g 'matrix.org', 'localhost'.
+    server_name: "example.com"
+    # The path to the PEM formatted matrix private key.
+    private_key: "matrix_key.pem"
+    # The x509 certificates used by the federation listeners for this server
+    federation_certificates: ["server.crt"]
+    # The list of identity servers trusted to verify third party identifiers by this server.
+    # Defaults to no trusted servers.
+    trusted_third_party_id_servers:
+      - vector.im
+      - matrix.org
+
+# The media repository config
+media:
+    # The base path to where the media files will be stored. May be relative or absolute.
+    base_path: /var/dendrite/media
+
+    # The maximum file size in bytes that is allowed to be stored on this server.
+    # Note: if max_file_size_bytes is set to 0, the size is unlimited.
+    # Note: if max_file_size_bytes is not set, it will default to 10485760 (10MB)
+    max_file_size_bytes: 10485760
+
+    # Whether to dynamically generate thumbnails on-the-fly if the requested resolution is not already generated
+    # NOTE: This is a possible denial-of-service attack vector - use at your own risk
+    dynamic_thumbnails: false
+
+    # A list of thumbnail sizes to be pre-generated for downloaded remote / uploaded content
+    # method is one of crop or scale. If omitted, it will default to scale.
+    # crop scales to fill the requested dimensions and crops the excess.
+    # scale scales to fit the requested dimensions and one dimension may be smaller than requested.
+    thumbnail_sizes:
+      - width: 32
+        height: 32
+        method: crop
+      - width: 96
+        height: 96
+        method: crop
+      - width: 320
+        height: 240
+        method: scale
+      - width: 640
+        height: 480
+        method: scale
+      - width: 800
+        height: 600
+        method: scale
+
+# The config for the TURN server
+turn:
+    # Whether or not guests can request TURN credentials
+    turn_allow_guests: true
+    # How long the authorization should last
+    turn_user_lifetime: "1h"
+    # The list of TURN URIs to pass to clients
+    turn_uris: []
+
+    # Authorization via Shared Secret
+    # The shared secret from coturn
+    turn_shared_secret: "<SECRET STRING GOES HERE>"
+
+    # Authorization via Static Username & Password
+    # Hardcoded Username and Password
+    turn_username: ""
+    turn_password: ""
+
+# The config for communicating with kafka
+kafka:
+    # Where the kafka servers are running.
+    addresses: ["kafka:9092"]
+    # Whether to use naffka instead of kafka.
+    # Naffka can only be used when running dendrite as a single monolithic server.
+    # Kafka can be used both with a monolithic server and when running the
+    # components as separate servers.
+    # If enabled database.naffka must also be specified.
+    use_naffka: false
+    # The names of the kafka topics to use.
+    topics:
+        output_room_event: roomserverOutput
+        output_client_data: clientapiOutput
+        output_typing_event: eduServerOutput
+        user_updates: userUpdates
+
+
+# The postgres connection configs for connecting to the databases e.g a postgres:// URI
+database:
+    account: "postgres://dendrite:itsasecret@postgres/dendrite_account?sslmode=disable"
+    device: "postgres://dendrite:itsasecret@postgres/dendrite_device?sslmode=disable"
+    media_api: "postgres://dendrite:itsasecret@postgres/dendrite_mediaapi?sslmode=disable"
+    sync_api: "postgres://dendrite:itsasecret@postgres/dendrite_syncapi?sslmode=disable"
+    room_server: "postgres://dendrite:itsasecret@postgres/dendrite_roomserver?sslmode=disable"
+    server_key: "postgres://dendrite:itsasecret@postgres/dendrite_serverkey?sslmode=disable"
+    federation_sender: "postgres://dendrite:itsasecret@postgres/dendrite_federationsender?sslmode=disable"
+    public_rooms_api: "postgres://dendrite:itsasecret@postgres/dendrite_publicroomsapi?sslmode=disable"
+    appservice: "postgres://dendrite:itsasecret@postgres/dendrite_appservice?sslmode=disable"
+    # If using naffka you need to specify a naffka database
+    #naffka: "postgres://dendrite:itsasecret@postgres/dendrite_naffka?sslmode=disable"
+
+# The TCP host:port pairs to bind the internal HTTP APIs to.
+# These shouldn't be exposed to the public internet.
+# These aren't needed when running dendrite as a monolithic server.
+listen:
+    room_server: "room_server:7770"
+    client_api: "client_api:7771"
+    federation_api: "federation_api:7772"
+    sync_api: "sync_api:7773"
+    media_api: "media_api:7774"
+    public_rooms_api: "public_rooms_api:7775"
+    federation_sender: "federation_sender:7776"
+    edu_server: "edu_server:7777"
+
+# The configuration for tracing the dendrite components.
+tracing:
+    # Config for the jaeger opentracing reporter.
+    # See https://godoc.org/github.com/uber/jaeger-client-go/config#Configuration
+    # for documentation.
+    jaeger:
+        disabled: true
+
+# A list of application service config files to use
+application_services:
+    config_files: []
diff --git a/build/docker/hub/docker-compose.deps.yml b/build/docker/hub/docker-compose.deps.yml
new file mode 100644
index 00000000..ada625aa
--- /dev/null
+++ b/build/docker/hub/docker-compose.deps.yml
@@ -0,0 +1,36 @@
+version: "3.4"
+services:
+  postgres:
+    hostname: postgres
+    image: postgres:9.5
+    restart: always
+    volumes:
+      - ../postgres/create_db.sh:/docker-entrypoint-initdb.d/20-create_db.sh
+    environment:
+      POSTGRES_PASSWORD: itsasecret
+      POSTGRES_USER: dendrite
+    networks:
+      - internal
+
+  zookeeper:
+    hostname: zookeeper
+    image: zookeeper
+    networks:
+      - internal
+
+  kafka:
+    container_name: dendrite_kafka
+    hostname: kafka
+    image: wurstmeister/kafka
+    environment:
+      KAFKA_ADVERTISED_HOST_NAME: "kafka"
+      KAFKA_DELETE_TOPIC_ENABLE: "true"
+      KAFKA_ZOOKEEPER_CONNECT: "zookeeper:2181"
+    depends_on:
+      - zookeeper
+    networks:
+      - internal
+
+networks:
+  internal:
+    attachable: true
diff --git a/build/docker/hub/docker-compose.monolith.yml b/build/docker/hub/docker-compose.monolith.yml
new file mode 100644
index 00000000..336a4398
--- /dev/null
+++ b/build/docker/hub/docker-compose.monolith.yml
@@ -0,0 +1,18 @@
+version: "3.4"
+services:
+  monolith:
+    hostname: monolith
+    image: matrixdotorg/dendrite:monolith
+    command: [
+      "--config=dendrite.yaml",
+      "--tls-cert=server.crt",
+      "--tls-key=server.key"
+    ]
+    volumes:
+      - ./config:/etc/dendrite
+    networks:
+      - internal
+
+networks:
+  internal:
+    attachable: true
diff --git a/build/docker/hub/docker-compose.polylith.yml b/build/docker/hub/docker-compose.polylith.yml
new file mode 100644
index 00000000..f3967078
--- /dev/null
+++ b/build/docker/hub/docker-compose.polylith.yml
@@ -0,0 +1,146 @@
+version: "3.4"
+services:
+  client_api_proxy:
+    hostname: client_api_proxy
+    image: matrixdotorg/dendrite:clientproxy
+    command: [
+      "--bind-address=:8008",
+      "--client-api-server-url=http://client_api:7771",
+      "--sync-api-server-url=http://sync_api:7773",
+      "--media-api-server-url=http://media_api:7774",
+      "--public-rooms-api-server-url=http://public_rooms_api:7775"
+    ]
+    volumes:
+      - ./config:/etc/dendrite
+    networks:
+      - internal
+    depends_on:
+      - sync_api
+      - client_api
+      - media_api
+      - public_rooms_api
+    ports:
+      - "8008:8008"
+
+  client_api:
+    hostname: client_api
+    image: matrixdotorg/dendrite:clientapi
+    command: [
+      "--config=dendrite.yaml"
+    ]
+    volumes:
+      - ./config:/etc/dendrite
+      - room_server
+    networks:
+      - internal
+
+  media_api:
+    hostname: media_api
+    image: matrixdotorg/dendrite:mediaapi
+    command: [
+      "--config=dendrite.yaml"
+    ]
+    volumes:
+      - ./config:/etc/dendrite
+    networks:
+      - internal
+
+  public_rooms_api:
+    hostname: public_rooms_api
+    image: matrixdotorg/dendrite:publicroomsapi
+    command: [
+      "--config=dendrite.yaml"
+    ]
+    volumes:
+      - ./config:/etc/dendrite
+    networks:
+      - internal
+
+  sync_api:
+    hostname: sync_api
+    image: matrixdotorg/dendrite:syncapi
+    command: [
+      "--config=dendrite.yaml"
+    ]
+    volumes:
+      - ./config:/etc/dendrite
+    networks:
+      - internal
+
+  room_server:
+    hostname: room_server
+    image: matrixdotorg/dendrite:roomserver
+    command: [
+      "--config=dendrite.yaml"
+    ]
+    volumes:
+      - ./config:/etc/dendrite
+    networks:
+      - internal
+
+  edu_server:
+    hostname: edu_server
+    image: matrixdotorg/dendrite:eduserver
+    command: [
+      "--config=dendrite.yaml"
+    ]
+    volumes:
+      - ./config:/etc/dendrite
+    networks:
+      - internal
+
+  federation_api_proxy:
+    hostname: federation_api_proxy
+    image: matrixdotorg/dendrite:federationproxy
+    command: [
+      "--bind-address=:8448",
+      "--federation-api-url=http://federation_api_server:7772",
+      "--media-api-server-url=http://media_api:7774"
+    ]
+    volumes:
+      - ./config:/etc/dendrite
+    depends_on:
+      - federation_api
+      - federation_sender
+      - media_api
+    networks:
+      - internal
+    ports:
+      - "8448:8448"
+
+  federation_api:
+    hostname: federation_api
+    image: matrixdotorg/dendrite:federationapi
+    command: [
+      "--config=dendrite.yaml"
+    ]
+    volumes:
+      - ./config:/etc/dendrite
+    networks:
+      - internal
+
+  federation_sender:
+    hostname: federation_sender
+    image: matrixdotorg/dendrite:federationsender
+    command: [
+      "--config=dendrite.yaml"
+    ]
+    volumes:
+      - ./config:/etc/dendrite
+    networks:
+      - internal
+      
+  key_server:
+    hostname: key_serverde
+    image: matrixdotorg/dendrite:keyserver
+    command: [
+      "--config=dendrite.yaml"
+    ]
+    volumes:
+      - ./config:/etc/dendrite
+    networks:
+        - internal
+
+networks:
+  internal:
+    attachable: true
diff --git a/build/docker/hub/images-build.sh b/build/docker/hub/images-build.sh
new file mode 100755
index 00000000..0c6a0eb7
--- /dev/null
+++ b/build/docker/hub/images-build.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+cd $(git rev-parse --show-toplevel)
+
+docker build -f docker/hub/Dockerfile -t matrixdotorg/dendrite:latest .
+
+docker build -t matrixdotorg/dendrite:clientapi         --build-arg component=dendrite-client-api-server        -f docker/hub/Dockerfile.component .
+docker build -t matrixdotorg/dendrite:clientproxy       --build-arg component=client-api-proxy                  -f docker/hub/Dockerfile.component .
+docker build -t matrixdotorg/dendrite:eduserver         --build-arg component=dendrite-edu-server               -f docker/hub/Dockerfile.component .
+docker build -t matrixdotorg/dendrite:federationapi     --build-arg component=dendrite-federation-api-server    -f docker/hub/Dockerfile.component .
+docker build -t matrixdotorg/dendrite:federationsender  --build-arg component=dendrite-federation-sender-server -f docker/hub/Dockerfile.component .
+docker build -t matrixdotorg/dendrite:federationproxy   --build-arg component=federation-api-proxy              -f docker/hub/Dockerfile.component .
+docker build -t matrixdotorg/dendrite:keyserver         --build-arg component=dendrite-key-server               -f docker/hub/Dockerfile.component .
+docker build -t matrixdotorg/dendrite:mediaapi          --build-arg component=dendrite-media-api-server         -f docker/hub/Dockerfile.component .
+docker build -t matrixdotorg/dendrite:publicroomsapi    --build-arg component=dendrite-public-rooms-api-server  -f docker/hub/Dockerfile.component .
+docker build -t matrixdotorg/dendrite:roomserver        --build-arg component=dendrite-room-server              -f docker/hub/Dockerfile.component .
+docker build -t matrixdotorg/dendrite:syncapi           --build-arg component=dendrite-sync-api-server          -f docker/hub/Dockerfile.component .
diff --git a/build/docker/hub/images-push.sh b/build/docker/hub/images-push.sh
new file mode 100755
index 00000000..c6207268
--- /dev/null
+++ b/build/docker/hub/images-push.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+docker push matrixdotorg/dendrite:clientapi
+docker push matrixdotorg/dendrite:clientproxy
+docker push matrixdotorg/dendrite:eduserver
+docker push matrixdotorg/dendrite:federationapi
+docker push matrixdotorg/dendrite:federationsender
+docker push matrixdotorg/dendrite:federationproxy
+docker push matrixdotorg/dendrite:keyserver
+docker push matrixdotorg/dendrite:mediaapi
+docker push matrixdotorg/dendrite:publicroomsapi
+docker push matrixdotorg/dendrite:roomserver
+docker push matrixdotorg/dendrite:syncapi
diff --git a/build/docker/postgres/create_db.sh b/build/docker/postgres/create_db.sh
new file mode 100644
index 00000000..8ed11db1
--- /dev/null
+++ b/build/docker/postgres/create_db.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+for db in account device mediaapi syncapi roomserver serverkey federationsender publicroomsapi appservice naffka; do
+    createdb -U dendrite -O dendrite dendrite_$db
+done
diff --git a/build/docker/services/client-api-proxy.sh b/build/docker/services/client-api-proxy.sh
new file mode 100644
index 00000000..931f7abb
--- /dev/null
+++ b/build/docker/services/client-api-proxy.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+bash ./docker/build.sh
+
+./bin/client-api-proxy --bind-address ":8008" \
+    --client-api-server-url "http://client_api:7771" \
+    --sync-api-server-url "http://sync_api:7773" \
+    --media-api-server-url "http://media_api:7774" \
+    --public-rooms-api-server-url "http://public_rooms_api:7775" \
diff --git a/build/docker/services/client-api.sh b/build/docker/services/client-api.sh
new file mode 100644
index 00000000..8dc82242
--- /dev/null
+++ b/build/docker/services/client-api.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+bash ./docker/build.sh
+
+./bin/dendrite-client-api-server --config=dendrite.yaml
diff --git a/build/docker/services/edu-server.sh b/build/docker/services/edu-server.sh
new file mode 100644
index 00000000..d40b9fa7
--- /dev/null
+++ b/build/docker/services/edu-server.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+bash ./docker/build.sh
+
+./bin/dendrite-edu-server --config=dendrite.yaml
diff --git a/build/docker/services/federation-api-proxy.sh b/build/docker/services/federation-api-proxy.sh
new file mode 100644
index 00000000..6ea75c95
--- /dev/null
+++ b/build/docker/services/federation-api-proxy.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+bash ./docker/build.sh
+
+./bin/federation-api-proxy --bind-address ":8448" \
+    --federation-api-url "http://federation_api_server:7772" \
+    --media-api-server-url "http://media_api:7774" \
diff --git a/build/docker/services/federation-api.sh b/build/docker/services/federation-api.sh
new file mode 100644
index 00000000..807a7cf8
--- /dev/null
+++ b/build/docker/services/federation-api.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+bash ./docker/build.sh
+
+./bin/dendrite-federation-api-server --config dendrite.yaml
diff --git a/build/docker/services/federation-sender.sh b/build/docker/services/federation-sender.sh
new file mode 100644
index 00000000..ea116ef3
--- /dev/null
+++ b/build/docker/services/federation-sender.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+bash ./docker/build.sh
+
+./bin/dendrite-federation-sender-server --config dendrite.yaml
diff --git a/build/docker/services/key-server.sh b/build/docker/services/key-server.sh
new file mode 100644
index 00000000..965fa854
--- /dev/null
+++ b/build/docker/services/key-server.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+bash ./docker/build.sh
+
+./bin/dendrite-key-server --config dendrite.yaml
diff --git a/build/docker/services/media-api.sh b/build/docker/services/media-api.sh
new file mode 100644
index 00000000..876b3aa8
--- /dev/null
+++ b/build/docker/services/media-api.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+bash ./docker/build.sh
+
+./bin/dendrite-media-api-server --config dendrite.yaml
diff --git a/build/docker/services/monolith.sh b/build/docker/services/monolith.sh
new file mode 100644
index 00000000..2287555c
--- /dev/null
+++ b/build/docker/services/monolith.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+bash ./docker/build.sh
+
+./bin/dendrite-monolith-server --tls-cert=server.crt --tls-key=server.key $@
diff --git a/build/docker/services/public-rooms-api.sh b/build/docker/services/public-rooms-api.sh
new file mode 100644
index 00000000..652afcfe
--- /dev/null
+++ b/build/docker/services/public-rooms-api.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+bash ./docker/build.sh
+
+./bin/dendrite-public-rooms-api-server --config dendrite.yaml
diff --git a/build/docker/services/room-server.sh b/build/docker/services/room-server.sh
new file mode 100644
index 00000000..473b5f5d
--- /dev/null
+++ b/build/docker/services/room-server.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+bash ./docker/build.sh
+
+./bin/dendrite-room-server --config=dendrite.yaml
diff --git a/build/docker/services/sync-api.sh b/build/docker/services/sync-api.sh
new file mode 100644
index 00000000..ac6433fa
--- /dev/null
+++ b/build/docker/services/sync-api.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+bash ./docker/build.sh
+
+./bin/dendrite-sync-api-server --config=dendrite.yaml