99 lines
3.7 KiB
YAML
99 lines
3.7 KiB
YAML
services:
|
|
|
|
# Gluetun is used to connect container to VPN
|
|
matrix-gluetun:
|
|
image: qmcgaw/gluetun
|
|
cap_add:
|
|
- NET_ADMIN
|
|
environment:
|
|
- VPN_SERVICE_PROVIDER=custom
|
|
- VPN_TYPE=wireguard
|
|
- VPN_ENDPOINT_IP={{ proxy_server_ip }}
|
|
- VPN_ENDPOINT_PORT={{ proxy_server_vpn_port }}
|
|
- WIREGUARD_PUBLIC_KEY={{ vpn_server_pubkey }}
|
|
- WIREGUARD_PRIVATE_KEY={{ matrix_service_privkey }}
|
|
- WIREGUARD_ADDRESSES=10.0.0.6/32
|
|
- FIREWALL_VPN_INPUT_PORTS=8448,443
|
|
- DOT=off
|
|
ports:
|
|
- "8448:8448"
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '0.10'
|
|
memory: 512M
|
|
|
|
matrix-synapse:
|
|
user: "1007:1008" # This should be replaced with the respective user ID/GID running the docker container IE user service_matrix
|
|
network_mode: "service:matrix-gluetun"
|
|
#build:
|
|
# context: ../..
|
|
# dockerfile: docker/Dockerfile
|
|
image: docker.io/matrixdotorg/synapse:latest
|
|
# Since synapse does not retry to connect to the database, restart upon
|
|
# failure
|
|
restart: unless-stopped
|
|
# See the readme for a full documentation of the environment settings
|
|
# NOTE: You must edit homeserver.yaml to use postgres, it defaults to sqlite
|
|
environment:
|
|
- SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
|
|
volumes:
|
|
# You may either store all the files in a local folder
|
|
- ./synapse-data:/data
|
|
# .. or you may split this between different storage points
|
|
# - ./files:/data
|
|
# - /path/to/ssd:/data/uploads
|
|
# - /path/to/large_hdd:/data/media
|
|
depends_on:
|
|
- matrix-db
|
|
# In order to expose Synapse, remove one of the following, you might for
|
|
# instance expose the TLS port directly:
|
|
#ports:
|
|
# - 8448:8448/tcp
|
|
# ... or use a reverse proxy, here is an example for traefik:
|
|
#labels:
|
|
# # The following lines are valid for Traefik version 1.x:
|
|
# - traefik.enable=true
|
|
# - traefik.frontend.rule=Host:my.matrix.Host
|
|
# - traefik.port=8008
|
|
# # Alternatively, for Traefik version 2.0:
|
|
# - traefik.enable=true
|
|
# - traefik.http.routers.http-synapse.entryPoints=http
|
|
# - traefik.http.routers.http-synapse.rule=Host(`my.matrix.host`)
|
|
# - traefik.http.middlewares.https_redirect.redirectscheme.scheme=https
|
|
# - traefik.http.middlewares.https_redirect.redirectscheme.permanent=true
|
|
# - traefik.http.routers.http-synapse.middlewares=https_redirect
|
|
# - traefik.http.routers.https-synapse.entryPoints=https
|
|
# - traefik.http.routers.https-synapse.rule=Host(`my.matrix.host`)
|
|
# - traefik.http.routers.https-synapse.service=synapse
|
|
# - traefik.http.routers.https-synapse.tls=true
|
|
# - traefik.http.services.synapse.loadbalancer.server.port=8008
|
|
# - traefik.http.routers.https-synapse.tls.certResolver=le-ssl
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '0.25'
|
|
memory: 4096M
|
|
|
|
matrix-db:
|
|
network_mode: "service:matrix-gluetun"
|
|
image: docker.io/postgres:16-alpine
|
|
# Change that password, of course!
|
|
environment:
|
|
- POSTGRES_DB=synapse
|
|
- POSTGRES_USER=synapse
|
|
- POSTGRES_PASSWORD={{ service_matrix_postgres_pass }}
|
|
# ensure the database gets created correctly
|
|
# https://element-hq.github.io/synapse/latest/postgres.html#set-up-database
|
|
- POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
|
|
volumes:
|
|
# You may store the database tables in a local folder..
|
|
- ./postgres-data:/var/lib/postgresql/data
|
|
# .. or store them on some high performance storage for better results
|
|
# - /path/to/ssd/storage:/var/lib/postgresql/data
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '0.10'
|
|
memory: 512M
|