mirror of
https://github.com/element-hq/element-docker-demo.git
synced 2026-01-24 22:26:13 +03:00
242 lines
7.2 KiB
YAML
242 lines
7.2 KiB
YAML
# FIXME: define a frontend & backend network, and only expose backend services to the frontend (nginx)
|
|
networks:
|
|
backend:
|
|
|
|
secrets:
|
|
postgres_password:
|
|
file: secrets/postgres/postgres_password
|
|
synapse_signing_key:
|
|
file: secrets/synapse/${DOMAIN}.signing.key
|
|
|
|
services:
|
|
# dependencies for optionally generating default configs + secrets
|
|
generate-synapse-secrets:
|
|
image: ghcr.io/element-hq/synapse:latest
|
|
restart: "no"
|
|
volumes:
|
|
- ${VOLUME_PATH}/data/synapse:/data:rw
|
|
- ${VOLUME_PATH}/init/generate-synapse-secrets.sh:/entrypoint.sh
|
|
env_file: .env
|
|
environment:
|
|
SYNAPSE_CONFIG_DIR: /data
|
|
SYNAPSE_CONFIG_PATH: /data/homeserver.yaml.default
|
|
SYNAPSE_SERVER_NAME: ${DOMAIN}
|
|
SYNAPSE_REPORT_STATS: ${REPORT_STATS}
|
|
entrypoint: "/entrypoint.sh"
|
|
|
|
generate-mas-secrets:
|
|
restart: "no"
|
|
image: ghcr.io/element-hq/matrix-authentication-service:latest
|
|
volumes:
|
|
- ${VOLUME_PATH}/data/mas:/data:rw
|
|
env_file: .env
|
|
# FIXME: stop this regenerating a spurious default config every time
|
|
# We can't do the same approach as synapse (unless use a debug image of MAS) as MAS is distroless and has no bash.
|
|
command: "config generate -o /data/config.yaml.default"
|
|
|
|
# dependency for templating /data-template into /data (having extracted any secrets from any default generated configs)
|
|
init:
|
|
build: init
|
|
restart: "no"
|
|
volumes:
|
|
- ${VOLUME_PATH}/secrets:/secrets
|
|
- ${VOLUME_PATH}/data:/data
|
|
- ${VOLUME_PATH}/data-template:/data-template
|
|
- ${VOLUME_PATH}/init/init.sh:/init.sh
|
|
command: "/init.sh"
|
|
env_file: .env
|
|
depends_on:
|
|
generate-synapse-secrets:
|
|
condition: service_completed_successfully
|
|
generate-mas-secrets:
|
|
condition: service_completed_successfully
|
|
|
|
# nginx:
|
|
# image: nginx:latest
|
|
# restart: unless-stopped
|
|
# ports:
|
|
# - "80:80"
|
|
# - "443:443"
|
|
# volumes:
|
|
# - ${VOLUME_PATH}/data/nginx:/etc/nginx/conf.d
|
|
# - ${VOLUME_PATH}/data/certbot/conf:/etc/letsencrypt
|
|
# - ${VOLUME_PATH}/data/certbot/www:/var/www/certbot
|
|
# command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
|
|
# depends_on:
|
|
# init:
|
|
# condition: service_completed_successfully
|
|
|
|
# certbot:
|
|
# image: certbot/certbot:latest
|
|
# restart: unless-stopped
|
|
# volumes:
|
|
# - ${VOLUME_PATH}/data/certbot/conf:/etc/letsencrypt
|
|
# - ${VOLUME_PATH}/data/certbot/www:/var/www/certbot
|
|
# entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
|
|
# depends_on:
|
|
# init:
|
|
# condition: service_completed_successfully
|
|
|
|
postgres:
|
|
image: postgres:latest
|
|
restart: unless-stopped
|
|
volumes:
|
|
- ${VOLUME_PATH}/data/postgres:/var/lib/postgresql/data:rw
|
|
- ${VOLUME_PATH}/data-template/postgres/create-multiple-postgresql-databases.sh:/docker-entrypoint-initdb.d/create-multiple-postgresql-databases.sh
|
|
networks:
|
|
- backend
|
|
environment:
|
|
POSTGRES_MULTIPLE_DATABASES: synapse,mas
|
|
POSTGRES_USER: matrix # FIXME: use different username+passwords for synapse & MAS DBs.
|
|
POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
|
|
POSTGRES_INITDB_ARGS: --encoding=UTF8 --locale=C
|
|
secrets:
|
|
- postgres_password
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U matrix"]
|
|
start_period: "1s"
|
|
interval: "1s"
|
|
timeout: "5s"
|
|
depends_on:
|
|
init:
|
|
condition: service_completed_successfully
|
|
|
|
redis:
|
|
image: redis:latest
|
|
restart: unless-stopped
|
|
networks:
|
|
- backend
|
|
|
|
synapse:
|
|
image: ghcr.io/element-hq/synapse:latest
|
|
restart: unless-stopped
|
|
volumes:
|
|
- ${VOLUME_PATH}/data/synapse:/data:rw
|
|
ports:
|
|
- 8008:8008
|
|
networks:
|
|
- backend
|
|
environment:
|
|
SYNAPSE_CONFIG_DIR: /data
|
|
SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
|
|
secrets:
|
|
- synapse_signing_key
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
init:
|
|
condition: service_completed_successfully
|
|
|
|
synapse-generic-worker-1:
|
|
image: ghcr.io/element-hq/synapse:latest
|
|
restart: unless-stopped
|
|
entrypoint: ["/start.py", "run", "--config-path=/data/homeserver.yaml", "--config-path=/data/workers/synapse-generic-worker-1.yaml"]
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "curl -fSs http://localhost:8081/health || exit 1"]
|
|
start_period: "5s"
|
|
interval: "15s"
|
|
timeout: "5s"
|
|
networks:
|
|
- backend
|
|
volumes:
|
|
- ${VOLUME_PATH}/data/synapse:/data:rw
|
|
environment:
|
|
SYNAPSE_WORKER: synapse.app.generic_worker
|
|
# Expose port if required so your reverse proxy can send requests to this worker
|
|
# Port configuration will depend on how the http listener is defined in the worker configuration file
|
|
ports:
|
|
- 8081:8081
|
|
secrets:
|
|
- synapse_signing_key
|
|
depends_on:
|
|
- synapse
|
|
|
|
synapse-federation-sender-1:
|
|
image: ghcr.io/element-hq/synapse:latest
|
|
restart: unless-stopped
|
|
entrypoint: ["/start.py", "run", "--config-path=/data/homeserver.yaml", "--config-path=/data/workers/synapse-federation-sender-1.yaml"]
|
|
healthcheck:
|
|
disable: true
|
|
networks:
|
|
- backend
|
|
volumes:
|
|
- ${VOLUME_PATH}/data/synapse:/data:rw # Replace VOLUME_PATH with the path to your Synapse volume
|
|
environment:
|
|
SYNAPSE_WORKER: synapse.app.federation_sender
|
|
secrets:
|
|
- synapse_signing_key
|
|
depends_on:
|
|
- synapse
|
|
|
|
matrix-authentication-service:
|
|
image: ghcr.io/element-hq/matrix-authentication-service:latest
|
|
restart: unless-stopped
|
|
ports:
|
|
- 8083:8080
|
|
volumes:
|
|
- ${VOLUME_PATH}/data/mas:/data:rw
|
|
networks:
|
|
- backend
|
|
# FIXME: do we also need to sync the db?
|
|
command: "server --config=/data/config.yaml"
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
init:
|
|
condition: service_completed_successfully
|
|
|
|
# as a basic local MTA
|
|
mailhog:
|
|
image: mailhog/mailhog:latest
|
|
restart: unless-stopped
|
|
ports:
|
|
- 8025:8025
|
|
- 1025:1025
|
|
networks:
|
|
- backend
|
|
|
|
element-web:
|
|
image: vectorim/element-web:latest
|
|
restart: unless-stopped
|
|
ports:
|
|
- 8080:80
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "curl -fSs http://localhost:8080/version || exit 1"]
|
|
start_period: "5s"
|
|
interval: "15s"
|
|
timeout: "5s"
|
|
networks:
|
|
- backend
|
|
volumes:
|
|
- ${VOLUME_PATH}/data/element-web/config.json:/app/config.json
|
|
depends_on:
|
|
init:
|
|
condition: service_completed_successfully
|
|
|
|
element-call:
|
|
image: ghcr.io/element-hq/element-call
|
|
restart: unless-stopped
|
|
ports:
|
|
- 8082:80
|
|
networks:
|
|
- backend
|
|
volumes:
|
|
- ${VOLUME_PATH}/data/element-call/config.json:/app/config.json
|
|
depends_on:
|
|
init:
|
|
condition: service_completed_successfully
|
|
|
|
# livekit-server:
|
|
# image: livekit/livekit-server:latest
|
|
# restart: unless-stopped
|
|
# ports:
|
|
# - 7880:7880 # HTTP API
|
|
# - 7881:7881 # WS signalling
|
|
# # - 50000-60000:50000-60000/tcp # TCP media
|
|
# # - 50000-60000:50000-60000/udp # UDP media
|
|
# networks:
|
|
# - backend
|
|
# depends_on:
|
|
# init:
|
|
# condition: service_completed_successfully
|