2024-04-20 20:12:58 +02:00
|
|
|
{pkgs, ...}: {
|
|
|
|
project.name = "matrix";
|
|
|
|
|
|
|
|
networks.dmz = {
|
|
|
|
name = "dmz";
|
|
|
|
external = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
networks.transport = {};
|
|
|
|
|
|
|
|
services = {
|
|
|
|
synapse.service = {
|
|
|
|
image = "matrixdotorg/synapse:v1.104.0";
|
|
|
|
container_name = "synapse";
|
|
|
|
labels = {
|
|
|
|
"traefik.enable" = "true";
|
2024-05-06 19:49:27 +02:00
|
|
|
|
|
|
|
"traefik.http.services.synapse.loadbalancer.server.port" = "8008";
|
|
|
|
"traefik.http.routers.synapse.service" = "synapse";
|
2024-04-20 20:12:58 +02:00
|
|
|
"traefik.http.routers.synapse.entrypoints" = "websecure";
|
|
|
|
"traefik.http.routers.synapse.rule" = "Host(`synapse.ghoscht.com`)";
|
|
|
|
"traefik.docker.network" = "dmz";
|
|
|
|
"traefik.http.routers.synapse.tls" = "true";
|
|
|
|
"traefik.http.routers.synapse.tls.certresolver" = "letsencrypt";
|
2024-05-06 19:49:27 +02:00
|
|
|
|
|
|
|
"traefik.http.services.synapse-external.loadbalancer.server.port" = "8008";
|
|
|
|
"traefik.http.routers.synapse-external.service" = "synapse-external";
|
|
|
|
"traefik.http.routers.synapse-external.rule" = "Host(`synapse.ghoscht.com`)";
|
|
|
|
"traefik.http.routers.synapse-external.entrypoints" = "websecure-external";
|
|
|
|
"traefik.http.routers.synapse-external.tls" = "true";
|
|
|
|
"traefik.http.routers.synapse-external.tls.certresolver" = "letsencrypt";
|
2024-04-20 20:12:58 +02:00
|
|
|
};
|
|
|
|
volumes = [
|
|
|
|
"/storage/dataset/docker/matrix/synapse_data:/data"
|
|
|
|
];
|
|
|
|
env_file = [
|
|
|
|
"/home/ghoscht/.docker/matrix/synapse.env"
|
|
|
|
];
|
|
|
|
environment = {
|
|
|
|
UID = "1000";
|
|
|
|
GID = "1000";
|
|
|
|
TZ = "Europe/Berlin";
|
|
|
|
};
|
|
|
|
restart = "unless-stopped";
|
|
|
|
networks = [
|
|
|
|
"dmz"
|
|
|
|
"transport"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
postgres.service = {
|
|
|
|
image = "postgres:14";
|
|
|
|
env_file = [
|
|
|
|
"/home/ghoscht/.docker/matrix/synapse.env"
|
|
|
|
];
|
|
|
|
volumes = [
|
|
|
|
"/storage/dataset/docker/matrix/synapse_db:/var/lib/postgresql/data"
|
|
|
|
];
|
|
|
|
restart = "unless-stopped";
|
|
|
|
networks = [
|
|
|
|
"transport"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
matrix-nginx.service = {
|
|
|
|
container_name = "matrix-nginx";
|
|
|
|
image = "nginx:1.25.4";
|
|
|
|
volumes = [
|
|
|
|
"/storage/dataset/docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
|
|
|
|
"/storage/dataset/docker/matrix/nginx_data/www:/var/www/"
|
|
|
|
];
|
|
|
|
labels = {
|
|
|
|
"traefik.enable" = "true";
|
2024-05-06 19:49:27 +02:00
|
|
|
|
|
|
|
"traefik.http.services.matrix.loadbalancer.server.port" = "80";
|
|
|
|
"traefik.http.routers.matrix.service" = "matrix";
|
2024-04-20 20:12:58 +02:00
|
|
|
"traefik.http.routers.matrix.entrypoints" = "websecure";
|
|
|
|
"traefik.http.routers.matrix.rule" = "Host(`matrix.ghoscht.com`)";
|
|
|
|
"traefik.docker.network" = "dmz";
|
|
|
|
"traefik.http.routers.matrix.tls" = "true";
|
|
|
|
"traefik.http.routers.matrix.tls.certresolver" = "letsencrypt";
|
2024-05-06 19:49:27 +02:00
|
|
|
|
|
|
|
"traefik.http.services.matrix-external.loadbalancer.server.port" = "80";
|
|
|
|
"traefik.http.routers.matrix-external.service" = "matrix-external";
|
|
|
|
"traefik.http.routers.matrix-external.rule" = "Host(`matrix.ghoscht.com`)";
|
|
|
|
"traefik.http.routers.matrix-external.entrypoints" = "websecure-external";
|
|
|
|
"traefik.http.routers.matrix-external.tls" = "true";
|
|
|
|
"traefik.http.routers.matrix-external.tls.certresolver" = "letsencrypt";
|
2024-04-20 20:12:58 +02:00
|
|
|
};
|
|
|
|
restart = "unless-stopped";
|
|
|
|
networks = [
|
|
|
|
"transport"
|
|
|
|
"dmz"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
element.service = {
|
|
|
|
image = "vectorim/element-web:v1.11.64";
|
|
|
|
volumes = [
|
|
|
|
"/storage/dataset/docker/matrix/element_data/element-config.json:/app/config.json"
|
|
|
|
];
|
|
|
|
labels = {
|
|
|
|
"traefik.enable" = "true";
|
|
|
|
"traefik.http.routers.element.entrypoints" = "websecure";
|
|
|
|
"traefik.http.routers.element.rule" = "Host(`chat.ghoscht.com`)";
|
|
|
|
"traefik.docker.network" = "dmz";
|
|
|
|
"traefik.http.routers.element.tls" = "true";
|
|
|
|
"traefik.http.routers.element.tls.certresolver" = "letsencrypt";
|
|
|
|
};
|
|
|
|
restart = "unless-stopped";
|
|
|
|
networks = [
|
|
|
|
"dmz"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|