{pkgs, ...}: { project.name = "matrix"; networks.dmz = { name = "dmz"; external = true; }; networks.transport = {}; services = { synapse.service = { image = "matrixdotorg/synapse:v1.104.0"; container_name = "synapse"; labels = { "traefik.enable" = "true"; "traefik.http.services.synapse.loadbalancer.server.port" = "8008"; "traefik.http.routers.synapse.service" = "synapse"; "traefik.http.routers.synapse.entrypoints" = "websecure"; "traefik.http.routers.synapse.rule" = "Host(`synapse.ghoscht.com`)"; "traefik.docker.network" = "dmz"; "traefik.http.routers.synapse.tls" = "true"; "traefik.http.routers.synapse.tls.certresolver" = "letsencrypt"; "traefik.http.services.synapse-external.loadbalancer.server.port" = "8008"; "traefik.http.routers.synapse-external.service" = "synapse-external"; "traefik.http.routers.synapse-external.rule" = "Host(`synapse.ghoscht.com`)"; "traefik.http.routers.synapse-external.entrypoints" = "websecure-external"; "traefik.http.routers.synapse-external.tls" = "true"; "traefik.http.routers.synapse-external.tls.certresolver" = "letsencrypt"; }; volumes = [ "/storage/dataset/docker/matrix/synapse_data:/data" ]; env_file = [ "/home/ghoscht/.docker/matrix/synapse.env" ]; environment = { UID = "1000"; GID = "1000"; TZ = "Europe/Berlin"; }; restart = "unless-stopped"; networks = [ "dmz" "transport" ]; }; postgres.service = { image = "postgres:14"; env_file = [ "/home/ghoscht/.docker/matrix/synapse.env" ]; volumes = [ "/storage/dataset/docker/matrix/synapse_db:/var/lib/postgresql/data" ]; restart = "unless-stopped"; networks = [ "transport" ]; }; matrix-nginx.service = { container_name = "matrix-nginx"; image = "nginx:1.25.4"; volumes = [ "/storage/dataset/docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf" "/storage/dataset/docker/matrix/nginx_data/www:/var/www/" ]; labels = { "traefik.enable" = "true"; "traefik.http.services.matrix.loadbalancer.server.port" = "80"; "traefik.http.routers.matrix.service" = "matrix"; "traefik.http.routers.matrix.entrypoints" = "websecure"; "traefik.http.routers.matrix.rule" = "Host(`matrix.ghoscht.com`)"; "traefik.docker.network" = "dmz"; "traefik.http.routers.matrix.tls" = "true"; "traefik.http.routers.matrix.tls.certresolver" = "letsencrypt"; "traefik.http.services.matrix-external.loadbalancer.server.port" = "80"; "traefik.http.routers.matrix-external.service" = "matrix-external"; "traefik.http.routers.matrix-external.rule" = "Host(`matrix.ghoscht.com`)"; "traefik.http.routers.matrix-external.entrypoints" = "websecure-external"; "traefik.http.routers.matrix-external.tls" = "true"; "traefik.http.routers.matrix-external.tls.certresolver" = "letsencrypt"; }; restart = "unless-stopped"; networks = [ "transport" "dmz" ]; }; element.service = { image = "vectorim/element-web:v1.11.64"; volumes = [ "/storage/dataset/docker/matrix/element_data/element-config.json:/app/config.json" ]; labels = { "traefik.enable" = "true"; "traefik.http.routers.element.entrypoints" = "websecure"; "traefik.http.routers.element.rule" = "Host(`chat.ghoscht.com`)"; "traefik.docker.network" = "dmz"; "traefik.http.routers.element.tls" = "true"; "traefik.http.routers.element.tls.certresolver" = "letsencrypt"; }; restart = "unless-stopped"; networks = [ "dmz" ]; }; }; }