nix-config/hosts/franz/arion/matrix/arion-compose.nix

95 lines
2.8 KiB
Nix
Raw Normal View History

{pkgs, ...}: {
project.name = "matrix";
networks.dmz = {
name = "dmz";
external = true;
};
networks.transport = {};
services = {
synapse.service = {
image = "matrixdotorg/synapse:v1.104.0";
container_name = "synapse";
labels = {
"traefik.enable" = "true";
"traefik.http.routers.synapse.entrypoints" = "websecure";
"traefik.http.routers.synapse.rule" = "Host(`synapse.ghoscht.com`)";
"traefik.docker.network" = "dmz";
"traefik.http.routers.synapse.tls" = "true";
"traefik.http.routers.synapse.tls.certresolver" = "letsencrypt";
};
volumes = [
"/storage/dataset/docker/matrix/synapse_data:/data"
];
env_file = [
"/home/ghoscht/.docker/matrix/synapse.env"
];
environment = {
UID = "1000";
GID = "1000";
TZ = "Europe/Berlin";
};
dns = ["1.1.1.2" "1.0.0.2" "176.103.130.130" "176.103.130.131" "9.9.9.9" "149.112.112.112" "208.67.222.222" "208.67.220.220"];
restart = "unless-stopped";
networks = [
"dmz"
"transport"
];
};
postgres.service = {
image = "postgres:14";
env_file = [
"/home/ghoscht/.docker/matrix/synapse.env"
];
volumes = [
"/storage/dataset/docker/matrix/synapse_db:/var/lib/postgresql/data"
];
restart = "unless-stopped";
networks = [
"transport"
];
};
matrix-nginx.service = {
container_name = "matrix-nginx";
image = "nginx:1.25.4";
volumes = [
"/storage/dataset/docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
"/storage/dataset/docker/matrix/nginx_data/www:/var/www/"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.matrix.entrypoints" = "websecure";
"traefik.http.routers.matrix.rule" = "Host(`matrix.ghoscht.com`)";
"traefik.docker.network" = "dmz";
"traefik.http.routers.matrix.tls" = "true";
"traefik.http.routers.matrix.tls.certresolver" = "letsencrypt";
};
restart = "unless-stopped";
networks = [
"transport"
"dmz"
];
};
element.service = {
image = "vectorim/element-web:v1.11.64";
volumes = [
"/storage/dataset/docker/matrix/element_data/element-config.json:/app/config.json"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.element.entrypoints" = "websecure";
"traefik.http.routers.element.rule" = "Host(`chat.ghoscht.com`)";
"traefik.docker.network" = "dmz";
"traefik.http.routers.element.tls" = "true";
"traefik.http.routers.element.tls.certresolver" = "letsencrypt";
};
restart = "unless-stopped";
networks = [
"dmz"
];
};
};
}