ArcticFoxes-Synapse-Docker-.../docker-compose.yml
Tommy 95bb316d7a
Properly isolate networks
Signed-off-by: Tommy <contact@tommytran.io>
2022-11-23 06:33:10 -05:00

143 lines
3.4 KiB
YAML

# This compose file is compatible with Compose itself, it might need some
# adjustments to run properly with stack.
version: '3'
services:
synapse:
# Use docker.io/matrixdotorg/synapse:latest if you want the official image (without the Mjolnir module).
image: ghcr.io/tommytran732/synapse:latest
# Since synapse does not retry to connect to the database, restart upon
# failure
restart: unless-stopped
container_name: synapse
# Comment out the next line if you are using the official image.
user: "991:991"
# See the readme for a full documentation of the environment settings
# NOTE: You must edit homeserver.yaml to use postgres, it defaults to sqlite
environment:
- SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
volumes:
- ./files:/data:Z
# Uncomment if you want to install appservices. The registration files should go into ./bridges, and in your homeserver.yaml specify that it should install the appservices in /bridges.
# - ./bridges:/bridges:Z
depends_on:
- postgres
networks:
- matrix
- postgres
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
postgres:
image: docker.io/postgres-15:alpine
restart: unless-stopped
container_name: postgres
# Change that password, of course!
environment:
- POSTGRES_USER=synapse
- POSTGRES_PASSWORD=changeme
- POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
volumes:
- ./schemas:/var/lib/postgresql/data:Z
networks:
- postgres
#user: "70:70"
#read_only: true
#security_opt:
# - no-new-privileges:true
#cap_drop:
# - ALL
#tmpfs:
# - /var/run/postgresql:size=50M,mode=0770,uid=70,gid=70,noexec,nosuid,nodev
shm_size: 1g
element:
image: vectorim/element-web:latest
restart: unless-stopped
container_name: element
volumes:
- ./element/config.json:/app/config.json:Z
networks:
- element
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
tmpfs:
- /var/run:size=50M,mode=0770,noexec,nosuid,nodev
- /var/cache/nginx:size=50M,mode=0770,noexec,nosuid,nodev
swag:
image: ghcr.io/linuxserver/swag
restart: unless-stopped
container_name: swag
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1000
- URL=yourdomain.tld
- SUBDOMAINS=synapse,element
- VALIDATION=http
- EMAIL=changeme@yourdomain.tld
- ONLY_SUBDOMAINS=true
volumes:
- ./swag:/config:Z
- /etc/localtime:/etc/localtime:ro
ports:
- 443:443
- 80:80
networks:
- matrix
- element
- mjolnir
pantalaimon:
image: matrixdotorg/pantalaimon:latest
container_name: pantalaimon
restart: unless-stopped
volumes:
- ./pantalaimon:/data:Z
depends_on:
- synapse
networks:
- pantalaimon
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
mjolnir:
image: matrixdotorg/mjolnir:latest
container_name: mjolnir
restart: unless-stopped
volumes:
- ./mjolnir:/data:Z
depends_on:
- pantalaimon
networks:
- pantalaimon
- mjolnir
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
networks:
matrix:
postgres:
element:
pantalaimon:
mjolnir: