blob: eb0f35419e172ead464872f485d20ff8808f5d2e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
version: "3.4"
services:
postgres:
image: postgres:13-alpine
networks:
- dbnet
volumes:
- db-data:/var/lib/postgresql/13/
ports:
- "5432:5432"
environment:
- POSTGRES_PASSWORD_FILE=/run/secrets/pg_pass_secret
- POSTGRES_USER_FILE=/run/secrets/pg_user_secret
- POSTGRES_INITDB_ARGS_FILE=/run/secrets/pg_initdb_args_secret
- POSTGRES_DB_FILE=/run/secrets/pg_db_secret
secrets:
- pg_pass_secret
- pg_user_secret
- pg_initdb_args_secret
- pg_db_secret
synapse:
image: synapse
build:
context: ./synapse/
networks:
- matrixnet
- certnet
- dbnet
volumes:
- synapse-data:/data/
# - cert-data:/etc/letsencrypt/live/
# - ./synapse/homeserver.yaml:/data/homeserver.yaml
# - ./synapse/terminaldweller.com.signing.key:/data/terminaldweller.com.signing.key
# - ./synapse/terminaldweller.com.log.config:/data/terminaldweller.com.log.config
# entrypoint: ["tail", "-f", "/dev/null"]
# command: ["generate"]
depends_on:
- postgres
- haproxy
ports:
- "8008:8008"
# - "8484:8484/tcp"
# - "443:443"
environment:
- SYNAPSE_SERVER_NAME=terminaldweller.com
- SYNAPSE_REPORT_STATS=yes
- SYNAPSE_DATA_DIR=/data/
- SYNAPSE_CONFIG_DIR=/data/
- SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
# - TZ=Tehran/Asia
healthcheck:
test: ["CMD", "curl", "-fSs", "http://localhost:8008/health"]
interval: 1m
timeout: 10s
retries: 3
haproxy:
image: haproxy:lts-alpine
ports:
- "80:80"
- "443:443"
- "9999:9999"
- "8448:8448/tcp"
networks:
- matrixnet
- turnnet
- certnet
volumes:
- ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
# - cert-data:/usr/local/etc/haproxy/certificates:ro
# - cert-data:/etc/certificates:ro
- certificates:/etc/certificates
depends_on:
- certbot
# restart: on-failure
certbot:
image: certbot
build:
context: ./certbot
ports:
- "9080:80"
- "9443:443"
networks:
- certnet
volumes:
# - cert-data:/etc/certificates
- certificates:/etc/certificates
- certbot-data:/etc/letsencrypt
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do . /etc/scripts/renew-certificates.sh ; sleep 12h & wait $${!}; done;'"
restart: always
command: ["certonly"]
# coturn:
# image: coturn/coturn:latest
# networks:
# - turnnet
# volumes:
# - ./coturn/turnserver.conf:/etc/turnserver.conf:ro
# ports:
# - "3478:3478"
# - "5349:5349"
# depends_on:
# - synapse
networks:
matrixnet:
certnet:
dbnet:
turnnet:
volumes:
db-data:
synapse-data:
cert-data:
certificates:
certbot-data:
secrets:
pg_pass_secret:
file: ./postgres/pg_pass_secret
pg_user_secret:
file: ./postgres/pg_user_secret
pg_initdb_args_secret:
file: ./postgres/pg_initdb_args_secret
pg_db_secret:
file: ./postgres/pg_db_secret
|
