Published the 2025-10-19 on Willow's site

On how to enhance Alpine Linux user experience

Very recently I had the need for a watch-party solution. Syncplay seems a formidable tool for this. It allows me and my partner to watch videos from our respective Mpv players. Fortunately it was already packaged for our Linux distribution, formerly Alpine Linux and Linux Mint. I just had to set up the server side in my personal server, an Alpine machine too. Unfortunately, the recipe for this package was less than ideal.

To install this on my server here what I had to do:

Install the package syncplay. This installs the server side, but also the client side, meaning I install a bunch of dependencies on my server, as mesa stuff, qt6, etc…

Write an Openrc service file, as /etc/init.d/syncplay-server. Not really complicated, but because the daemon is not well-behaved, I have to open the Openrc documentation to remember how to background it.

On first run, the server generates a salt, but I have to re-use the same one on future restarts. So I write a configuration file as /etc/conf.d/syncplay-server to centralize a password, and this salt.

Next I have to open a hole on my firewall, meaning writing an additional entry file to /etc/nftables.d/. First I have to dig a little bit in the documentation to know which port, and which protocol to use (tcp/udp).

The whole labor took me probably 20 minutes, but I’d say every Alpine sys user that want to use Syncplay have to follow the same process.

The very next day I decided to open the package recipe, to see how we could improve this:

First thing first, let’s alleviate the dependency cost on the server. The codebase looks unified for the server and client side, but apparently the server can perfectly run without a bunch of stuff. So I split the package as syncplay-server and syncplay-client, using an intermediary syncplay-common package containing the Python code.

Then we should provide an -openrc package so that sysadmin can start the server immediately. I use a standardized initd and confd format. And I push this even forward with a dedicated post-install hook to initialize the salt and password automatically.

The last task is to help the user to open the firewall hole. For Nftables, a recent improvement I brought to Alpine Linux is the nftables-ruleset meta package. Installing this one will install every -nftrules subpackages. I just have to provide a simple .nft file, installed as usr/share/nftables.avail/50_syncplay_server.nft, and abuild would split this out.

From now on, a sysadmin user just has to install syncplay-server, symlink /usr/share/nftables.avail/50_syncplay_server.nft to /etc/nftables.d/, and start the syncplay-server Openrc service.

Sharing this labor in the distribution workspace provides a saner environment. Making a mistake is really easy: opening a wrong port, or introducing a vulnerability. Some reviewer will very probably figure this out, and provide a fix for this, sooner or later.

RSS feed

If this post inspired you, feels free to leave a comment!

Reach me