# This compose file is compatible with Compose itself, it might need some # adjustments to run properly with stack. version: '3' services: synapse: # Use docker.io/matrixdotorg/synapse:latest if you want the official image (without the Mjolnir module). image: ghcr.io/tommytran732/synapse:latest # Since synapse does not retry to connect to the database, restart upon # failure container_name: synapse restart: unless-stopped # Comment out the next line if you are using the official image. user: "991:991" # See the readme for a full documentation of the environment settings # NOTE: You must edit homeserver.yaml to use postgres, it defaults to sqlite environment: - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml volumes: - ./files:/data:Z # Uncomment if you want to install appservices. The registration files should go into ./bridges, and in your homeserver.yaml specify that it should install the appservices in /bridges. # - ./bridges:/bridges:Z depends_on: - postgres networks: - matrix - postgres security_opt: - no-new-privileges:true cap_drop: - ALL #Runtime should always be runc, otherwise load average with gVisor will be extremely high runtime: runc postgres: image: docker.io/postgres-15:alpine container_name: postgres restart: unless-stopped # Change that password, of course! environment: - POSTGRES_USER=synapse - POSTGRES_PASSWORD=changeme - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C volumes: - ./schemas:/var/lib/postgresql/data:Z networks: - postgres healthcheck: test: ["CMD", "pg_isready", "-U", "synapse"] interval: 15s timeout: 5s #user: "70:70" #read_only: true #security_opt: # - no-new-privileges:true #cap_drop: # - ALL #tmpfs: # - /var/run/postgresql:size=50M,mode=0770,uid=70,gid=70,noexec,nosuid,nodev shm_size: 1g #Runtime should always be runc, otherwise load average with gVisor will be extremely high runtime: runc element: image: vectorim/element-web:latest container_name: element restart: unless-stopped volumes: - ./element/config.json:/app/config.json:Z networks: - element read_only: true security_opt: - no-new-privileges:true cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID - CAP_NET_BIND_SERVICE tmpfs: - /var/run:size=50M,mode=0770,noexec,nosuid,nodev - /var/cache/nginx:size=50M,mode=0770,noexec,nosuid,nodev matrix-to: image: ghcr.io/tommytran732/matrix.to container_name: matrix-to restart: unless-stopped networks: - matrix-to user: 992:992 security_opt: - no-new-privileges:true - label:disable cap_drop: - ALL swag: image: ghcr.io/linuxserver/swag container_name: swag restart: unless-stopped environment: - PUID=1000 - PGID=1000 - URL=yourdomain.tld - SUBDOMAINS=synapse,element - VALIDATION=http - EMAIL=changeme@yourdomain.tld - ONLY_SUBDOMAINS=true volumes: - ./swag:/config:Z - /etc/localtime:/etc/localtime:ro ports: - 443:443 - 80:80 - 8448:8448 networks: - matrix - element - mjolnir security_opt: - no-new-privileges:true cap_add: - NET_ADMIN pantalaimon: image: matrixdotorg/pantalaimon:latest container_name: pantalaimon restart: unless-stopped volumes: - ./pantalaimon:/data:Z depends_on: - synapse networks: - pantalaimon read_only: true security_opt: - no-new-privileges:true cap_drop: - ALL mjolnir: image: matrixdotorg/mjolnir:latest container_name: mjolnir restart: unless-stopped volumes: - ./mjolnir:/data:Z depends_on: - pantalaimon networks: - pantalaimon - mjolnir read_only: true security_opt: - no-new-privileges:true cap_drop: - ALL networks: matrix: postgres: element: pantalaimon: mjolnir: