netshade/matrix-synapse-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Unknown update, not sure if it should be comitted.

Browse Source
This commit is contained in:
NetShade 2024-11-14 13:06:16 +01:00
parent 3784ba79a7
commit 64ae8344f2
4 changed files with 260 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
db.env
View File

@ -2,5 +2,5 @@ POSTGRES_PASSWORD=12345
POSTGRES_USER=synapse POSTGRES_USER=synapse
POSTGRES_DB=synapse_db POSTGRES_DB=synapse_db
PGDATA=/var/lib/postgresql/data/synapse PGDATA=/var/lib/postgresql/data/synapse
TZ=Europe/Athens TZ=Europe/Stockholm
POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C

186
docker-compose.bak Normal file
View File

@ -0,0 +1,186 @@
version: "3"
networks:
db:
proxy:
bots:
volumes:
db-data:
external: true
services:
## PROXY
proxy:
image: traefik:v2.4
container_name: proxy
restart: unless-stopped
command:
- --providers.docker=true
- --api.insecure=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --providers.file.filename=/root/.config/ssl.toml
- --entrypoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
- --serverstransport.insecureskipverify=true
volumes:
- ${CONF_PATH}/proxy/traefik-ssl.toml:/root/.config/ssl.toml
- ${CERT_PATH}:/certs
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- proxy
labels:
- traefik.docker.network=proxy
- traefik.http.routers.proxy.middlewares=proxy-https
- traefik.http.middlewares.proxy-https.redirectscheme.scheme=https
- traefik.http.routers.proxy.rule=Host(`proxy.${DOMAIN}`)
- traefik.http.services.proxy.loadbalancer.server.port=8080
- traefik.http.routers.proxy.tls=true
## DATABASE
db:
image: postgres:latest
container_name: db
restart: always
env_file:
- db.env
volumes:
- db-data:/var/lib/postgresql/data/synapse
networks:
- db
labels:
- traefik.enable=false
## HOMESERVER
homeserver:
image: matrixdotorg/synapse:latest
container_name: homeserver
restart: always
depends_on:
- db
env_file:
- synapse.env
volumes:
- ${CONF_PATH}/homeserver:/data
- ${DATA_PATH}/homeserver-media_store:/media_store
- ${CERT_PATH}:/certs
- ${CONF_PATH}/telegram-bridge/registration.yaml:/app_services/telegram-registration.yaml
- ${CONF_PATH}/facebook-bridge/registration.yaml:/app_services/facebook-registration.yaml
- ${CONF_PATH}/webhooks/appservice-registration-webhooks.yaml:/app_services/webhooks-registration.yaml
networks:
- db
- proxy
- bots
labels:
- traefik.docker.network=proxy
- traefik.http.routers.homeserver.rule=Host(`matrix.${DOMAIN}`)
- traefik.http.services.homeserver.loadbalancer.server.port=8448
- traefik.http.services.homeserver.loadbalancer.server.scheme=https
- traefik.http.middlewares.homeserver.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.routers.homeserver.middlewares=homeserver
- traefik.http.routers.homeserver.tls=true
## ELEMENT WEB CLIENT
webchat:
image: vectorim/element-web
container_name: webchat
restart: always
depends_on:
- homeserver
networks:
- proxy
labels:
- traefik.docker.network=proxy
- traefik.http.routers.webchat.rule=Host(`webchat.${DOMAIN}`)
- traefik.http.services.webchat.loadbalancer.server.port=80
- traefik.http.middlewares.webchat.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.routers.webchat.middlewares=webchat
- traefik.http.routers.webchat.tls=true
##SYNAPSE ADMIN
admin:
image: awesometechnologies/synapse-admin
container_name: admin
restart: always
networks:
- proxy
labels:
- traefik.docker.network=proxy
- traefik.http.routers.admin.rule=Host(`admin.${DOMAIN}`)
- traefik.http.services.admin.loadbalancer.server.port=80
- traefik.http.middlewares.admin.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.routers.admin.middlewares=admin
- traefik.http.routers.admin.tls=true
# BRIDGES
telegram-bridge:
container_name: telegram-bridge
image: dock.mau.dev/mautrix/telegram:latest
restart: always
depends_on:
- homeserver
volumes:
- ${CONF_PATH}/telegram-bridge:/data
networks:
- bots
labels:
- traefik.enable=false
facebook-bridge:
container_name: facebook-bridge
image: dock.mau.dev/mautrix/facebook:latest
restart: always
depends_on:
- homeserver
volumes:
- ${CONF_PATH}/facebook-bridge:/data
networks:
- bots
labels:
- traefik.enable=false
##WEBHOOKS
webhook-service:
container_name: webhook-service
image: turt2live/matrix-appservice-webhooks
restart: always
depends_on:
- homeserver
volumes:
- ${CONF_PATH}/webhooks:/data
networks:
- bots
- proxy
labels:
- traefik.docker.network=proxy
- traefik.http.routers.webhook-service.rule=Host(`webhooks.${DOMAIN}`)
- traefik.http.services.webhook-service.loadbalancer.server.port=29316
- traefik.http.middlewares.webhook-service.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.routers.webhook-service.middlewares=webhook-service
- traefik.http.routers.webhook-service.tls=true
## BOTS
maubot:
image: dock.mau.dev/maubot/maubot:latest
container_name: maubot
restart: always
depends_on:
- homeserver
volumes:
- ${CONF_PATH}/maubot:/data
networks:
- bots
- proxy
labels:
- traefik.docker.network=proxy
- traefik.http.routers.maubot.rule=Host(`maubot.${DOMAIN}`)
- traefik.http.services.maubot.loadbalancer.server.port=29316
- traefik.http.middlewares.maubot.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.routers.maubot.middlewares=maubot
- traefik.http.routers.maubot.tls=true

142
docker-compose.yml
View File

@ -11,91 +11,89 @@ volumes:
services: services:
## PROXY ## PROXY
proxy: # proxy:
image: traefik:v2.4 # image: traefik:v2.4
container_name: proxy # container_name: proxy
restart: unless-stopped # restart: unless-stopped
command: # command:
- --providers.docker=true # - --providers.docker=true
- --api.insecure=true # - --api.insecure=true
- --entrypoints.web.address=:80 # - --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443 # - --entrypoints.websecure.address=:443
- --entrypoints.web.http.redirections.entryPoint.to=websecure # - --entrypoints.web.http.redirections.entryPoint.to=websecure
- --providers.file.filename=/root/.config/ssl.toml # - --providers.file.filename=/root/.config/ssl.toml
- --entrypoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 # - --entrypoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
- --serverstransport.insecureskipverify=true # - --serverstransport.insecureskipverify=true
volumes: # volumes:
- ${CONF_PATH}/proxy/traefik-ssl.toml:/root/.config/ssl.toml # - ${CONF_PATH}/proxy/traefik-ssl.toml:/root/.config/ssl.toml
- ${CERT_PATH}:/certs # - ${CERT_PATH}:/certs
- /var/run/docker.sock:/var/run/docker.sock # - /var/run/docker.sock:/var/run/docker.sock
ports: # ports:
- 80:80 # - 80:80
- 443:443 # - 443:443
- 8080:8080 # - 8080:8080
networks: # networks:
- proxy # - proxy
labels: # labels:
- traefik.docker.network=proxy # - traefik.docker.network=proxy
- traefik.http.routers.proxy.middlewares=proxy-https # - traefik.http.routers.proxy.middlewares=proxy-https
- traefik.http.middlewares.proxy-https.redirectscheme.scheme=https # - traefik.http.middlewares.proxy-https.redirectscheme.scheme=https
- traefik.http.routers.proxy.rule=Host(`proxy.${DOMAIN}`) # - traefik.http.routers.proxy.rule=Host(`proxy.${DOMAIN}`)
- traefik.http.services.proxy.loadbalancer.server.port=8080 # - traefik.http.services.proxy.loadbalancer.server.port=8080
- traefik.http.routers.proxy.tls=true # - traefik.http.routers.proxy.tls=true
## DATABASE ## DATABASE
db: # db:
image: postgres:latest # image: postgres:latest
container_name: db # container_name: db
restart: always # restart: always
env_file: # env_file:
- db.env # - db.env
volumes: # volumes:
- db-data:/var/lib/postgresql/data/synapse # - db-data:/var/lib/postgresql/data/synapse
networks: # networks:
- db # - db
labels: # labels:
- traefik.enable=false # - traefik.enable=false
#
## HOMESERVER ## HOMESERVER
homeserver: synapse:
image: matrixdotorg/synapse:latest image: matrixdotorg/synapse:latest
container_name: homeserver container_name: synapse
restart: always restart: unless-stopped
depends_on:
- db
env_file: env_file:
- synapse.env - synapse.env
volumes: volumes:
- ${CONF_PATH}/homeserver:/data - ${CONF_PATH}:/data
- ${DATA_PATH}/homeserver-media_store:/media_store - ${DATA_PATH}/media_store:/media_store
- ${CERT_PATH}:/certs - ${CERT_PATH}:/certs:ro
- ${CONF_PATH}/telegram-bridge/registration.yaml:/app_services/telegram-registration.yaml - ${CONF_PATH}/telegram-bridge/registration.yaml:/app_services/telegram-registration.yaml
- ${CONF_PATH}/facebook-bridge/registration.yaml:/app_services/facebook-registration.yaml - ${CONF_PATH}/facebook-bridge/registration.yaml:/app_services/facebook-registration.yaml
- ${CONF_PATH}/webhooks/appservice-registration-webhooks.yaml:/app_services/webhooks-registration.yaml - ${CONF_PATH}/webhooks/appservice-registration-webhooks.yaml:/app_services/webhooks-registration.yaml
networks: networks:
- db - db
- proxy - traefik-public
- bots - bots
labels: labels:
- traefik.docker.network=proxy - traefik.docker.network=traefik-public
- traefik.http.routers.homeserver.rule=Host(`matrix.${DOMAIN}`) - traefik.http.routers.homeserver.rule=Host(`matrix.${DOMAIN}`)
- traefik.http.services.homeserver.loadbalancer.server.port=8448 - traefik.http.services.homeserver.loadbalancer.server.port=8448
- traefik.http.services.homeserver.loadbalancer.server.scheme=https - traefik.http.services.homeserver.loadbalancer.server.scheme=https
- traefik.http.middlewares.homeserver.headers.customrequestheaders.X-Forwarded-Proto=https - traefik.http.middlewares.homeserver.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.routers.homeserver.middlewares=homeserver - traefik.http.routers.homeserver.middlewares=homeserver
- traefik.http.routers.homeserver.tls=true - traefik.http.routers.homeserver.tls=true
## ELEMENT WEB CLIENT ## ELEMENT WEB CLIENT
webchat: webchat:
image: vectorim/element-web image: vectorim/element-web
container_name: webchat container_name: webchat
restart: always restart: always
depends_on: depends_on:
- homeserver - synapse
networks: networks:
- proxy - traefik-public
labels: labels:
- traefik.docker.network=proxy - traefik.docker.network=traefik-public
- traefik.http.routers.webchat.rule=Host(`webchat.${DOMAIN}`) - traefik.http.routers.webchat.rule=Host(`webchat.${DOMAIN}`)
- traefik.http.services.webchat.loadbalancer.server.port=80 - traefik.http.services.webchat.loadbalancer.server.port=80
- traefik.http.middlewares.webchat.headers.customrequestheaders.X-Forwarded-Proto=https - traefik.http.middlewares.webchat.headers.customrequestheaders.X-Forwarded-Proto=https
@ -106,11 +104,11 @@ services:
admin: admin:
image: awesometechnologies/synapse-admin image: awesometechnologies/synapse-admin
container_name: admin container_name: admin
restart: always restart: unless-stopped
networks: networks:
- proxy - traefik-public
labels: labels:
- traefik.docker.network=proxy - traefik.docker.network=traefik-public
- traefik.http.routers.admin.rule=Host(`admin.${DOMAIN}`) - traefik.http.routers.admin.rule=Host(`admin.${DOMAIN}`)
- traefik.http.services.admin.loadbalancer.server.port=80 - traefik.http.services.admin.loadbalancer.server.port=80
- traefik.http.middlewares.admin.headers.customrequestheaders.X-Forwarded-Proto=https - traefik.http.middlewares.admin.headers.customrequestheaders.X-Forwarded-Proto=https
@ -122,9 +120,9 @@ services:
telegram-bridge: telegram-bridge:
container_name: telegram-bridge container_name: telegram-bridge
image: dock.mau.dev/mautrix/telegram:latest image: dock.mau.dev/mautrix/telegram:latest
restart: always restart: unless-stopped
depends_on: depends_on:
- homeserver - synapse
volumes: volumes:
- ${CONF_PATH}/telegram-bridge:/data - ${CONF_PATH}/telegram-bridge:/data
networks: networks:
@ -133,11 +131,11 @@ services:
- traefik.enable=false - traefik.enable=false
facebook-bridge: facebook-bridge:
container_name: facebook-bridge container_name: meta-bridge
image: dock.mau.dev/mautrix/facebook:latest image: dock.mau.dev/mautrix/meta:latest
restart: always restart: unless-stopped
depends_on: depends_on:
- homeserver - synapse
volumes: volumes:
- ${CONF_PATH}/facebook-bridge:/data - ${CONF_PATH}/facebook-bridge:/data
networks: networks:
@ -151,14 +149,14 @@ services:
image: turt2live/matrix-appservice-webhooks image: turt2live/matrix-appservice-webhooks
restart: always restart: always
depends_on: depends_on:
- homeserver - synapse
volumes: volumes:
- ${CONF_PATH}/webhooks:/data - ${CONF_PATH}/webhooks:/data
networks: networks:
- bots - bots
- proxy - traefik-public
labels: labels:
- traefik.docker.network=proxy - traefik.docker.network=public
- traefik.http.routers.webhook-service.rule=Host(`webhooks.${DOMAIN}`) - traefik.http.routers.webhook-service.rule=Host(`webhooks.${DOMAIN}`)
- traefik.http.services.webhook-service.loadbalancer.server.port=29316 - traefik.http.services.webhook-service.loadbalancer.server.port=29316
- traefik.http.middlewares.webhook-service.headers.customrequestheaders.X-Forwarded-Proto=https - traefik.http.middlewares.webhook-service.headers.customrequestheaders.X-Forwarded-Proto=https
@ -171,14 +169,14 @@ services:
container_name: maubot container_name: maubot
restart: always restart: always
depends_on: depends_on:
- homeserver - synapse
volumes: volumes:
- ${CONF_PATH}/maubot:/data - ${CONF_PATH}/maubot:/data
networks: networks:
- bots - bots
- proxy - traefik-public
labels: labels:
- traefik.docker.network=proxy - traefik.docker.network=traefik-public
- traefik.http.routers.maubot.rule=Host(`maubot.${DOMAIN}`) - traefik.http.routers.maubot.rule=Host(`maubot.${DOMAIN}`)
- traefik.http.services.maubot.loadbalancer.server.port=29316 - traefik.http.services.maubot.loadbalancer.server.port=29316
- traefik.http.middlewares.maubot.headers.customrequestheaders.X-Forwarded-Proto=https - traefik.http.middlewares.maubot.headers.customrequestheaders.X-Forwarded-Proto=https

4
synapse.env
View File

@ -1,2 +1,2 @@
SYNAPSE_SERVER_NAME=matrix.ms.local SYNAPSE_SERVER_NAME=matrix.niefelheim.com
TZ=Europe/Athens TZ=Europe/Stockholm