services:

  # Gluetun is used to connect container to VPN
  matrix-gluetun:
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - VPN_ENDPOINT_IP={{ proxy_server_ip }}
      - VPN_ENDPOINT_PORT={{ proxy_server_vpn_port }}
      - WIREGUARD_PUBLIC_KEY={{ vpn_server_pubkey }}
      - WIREGUARD_PRIVATE_KEY={{ matrix_service_privkey }}
      - WIREGUARD_ADDRESSES=10.0.0.6/32
      - FIREWALL_VPN_INPUT_PORTS=8448,443
      - DOT=off
    ports:
      - "8448:8448"
    deploy:
      resources:
        limits:
          cpus: '0.10'
          memory: 512M

  matrix-synapse:
    user: "1007:1008" # This should be replaced with the respective user ID/GID running the docker container IE user service_matrix
    network_mode: "service:matrix-gluetun"
    #build:
    #  context: ../..
    #  dockerfile: docker/Dockerfile
    image: docker.io/matrixdotorg/synapse:latest
    # Since synapse does not retry to connect to the database, restart upon
    # failure
    restart: unless-stopped
    # See the readme for a full documentation of the environment settings
    # NOTE: You must edit homeserver.yaml to use postgres, it defaults to sqlite
    environment:
      - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
    volumes:
      # You may either store all the files in a local folder
      - ./synapse-data:/data
      # .. or you may split this between different storage points
      # - ./files:/data
      # - /path/to/ssd:/data/uploads
      # - /path/to/large_hdd:/data/media
    depends_on:
      - matrix-db
    # In order to expose Synapse, remove one of the following, you might for
    # instance expose the TLS port directly:
    #ports:
    #  - 8448:8448/tcp
    # ... or use a reverse proxy, here is an example for traefik:
    #labels:
    #  # The following lines are valid for Traefik version 1.x:
    #  - traefik.enable=true
    #  - traefik.frontend.rule=Host:my.matrix.Host
    #  - traefik.port=8008
    #  # Alternatively, for Traefik version 2.0:
    #  - traefik.enable=true
    #  - traefik.http.routers.http-synapse.entryPoints=http
    #  - traefik.http.routers.http-synapse.rule=Host(`my.matrix.host`)
    #  - traefik.http.middlewares.https_redirect.redirectscheme.scheme=https
    #  - traefik.http.middlewares.https_redirect.redirectscheme.permanent=true
    #  - traefik.http.routers.http-synapse.middlewares=https_redirect
    #  - traefik.http.routers.https-synapse.entryPoints=https
    #  - traefik.http.routers.https-synapse.rule=Host(`my.matrix.host`)
    #  - traefik.http.routers.https-synapse.service=synapse
    #  - traefik.http.routers.https-synapse.tls=true
    #  - traefik.http.services.synapse.loadbalancer.server.port=8008
    #  - traefik.http.routers.https-synapse.tls.certResolver=le-ssl
    deploy:
      resources:
        limits:
          cpus: '0.25'
          memory: 4096M

  matrix-db:
    network_mode: "service:matrix-gluetun"
    image: docker.io/postgres:16-alpine
    # Change that password, of course!
    environment:
      - POSTGRES_DB=synapse
      - POSTGRES_USER=synapse
      - POSTGRES_PASSWORD={{ service_matrix_postgres_pass }}
      # ensure the database gets created correctly
      # https://element-hq.github.io/synapse/latest/postgres.html#set-up-database
      - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
    volumes:
      # You may store the database tables in a local folder..
      - ./postgres-data:/var/lib/postgresql/data
      # .. or store them on some high performance storage for better results
      # - /path/to/ssd/storage:/var/lib/postgresql/data
    deploy:
      resources:
        limits:
          cpus: '0.10'
          memory: 512M