version: "3"

networks:
 db:
 proxy:
 bots:
volumes:
 db-data:
   external: true

services:

## PROXY
#  proxy:
#   image: traefik:v2.4
#   container_name: proxy
#   restart: unless-stopped
#   command:
#   - --providers.docker=true
#   - --api.insecure=true
#   - --entrypoints.web.address=:80
#   - --entrypoints.websecure.address=:443
#   - --entrypoints.web.http.redirections.entryPoint.to=websecure
#   - --providers.file.filename=/root/.config/ssl.toml
#   - --entrypoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
#   - --serverstransport.insecureskipverify=true
#   volumes:
#     - ${CONF_PATH}/proxy/traefik-ssl.toml:/root/.config/ssl.toml
#     - ${CERT_PATH}:/certs
#    - /var/run/docker.sock:/var/run/docker.sock
#   ports:
#     - 80:80
#     - 443:443
#     - 8080:8080
#   networks:
#     - proxy
#   labels:
#     - traefik.docker.network=proxy
#     - traefik.http.routers.proxy.middlewares=proxy-https
#     - traefik.http.middlewares.proxy-https.redirectscheme.scheme=https
#     - traefik.http.routers.proxy.rule=Host(`proxy.${DOMAIN}`)
#     - traefik.http.services.proxy.loadbalancer.server.port=8080
#     - traefik.http.routers.proxy.tls=true

## DATABASE
#  db:
#    image: postgres:latest
#    container_name: db
#    restart: always
#    env_file:
#     - db.env
#    volumes: 
#     - db-data:/var/lib/postgresql/data/synapse
#    networks:
#     - db
#    labels:
#      - traefik.enable=false
#    
## HOMESERVER
  synapse:
   image: matrixdotorg/synapse:latest
   container_name: synapse
   restart: unless-stopped
   env_file:
    - synapse.env
   volumes:
     - ${CONF_PATH}:/data
     - ${DATA_PATH}/media_store:/media_store
     - ${CERT_PATH}:/certs:ro
     - ${CONF_PATH}/telegram-bridge/registration.yaml:/app_services/telegram-registration.yaml
     - ${CONF_PATH}/facebook-bridge/registration.yaml:/app_services/facebook-registration.yaml
     - ${CONF_PATH}/webhooks/appservice-registration-webhooks.yaml:/app_services/webhooks-registration.yaml
   networks:
     - db
     - traefik-public
     - bots
   labels:
     - traefik.docker.network=traefik-public
     - traefik.http.routers.homeserver.rule=Host(`matrix.${DOMAIN}`)
     - traefik.http.services.homeserver.loadbalancer.server.port=8448
     - traefik.http.services.homeserver.loadbalancer.server.scheme=https
     - traefik.http.middlewares.homeserver.headers.customrequestheaders.X-Forwarded-Proto=https
     - traefik.http.routers.homeserver.middlewares=homeserver
     - traefik.http.routers.homeserver.tls=true

 ## ELEMENT WEB CLIENT    
  webchat:
   image: vectorim/element-web
   container_name: webchat
   restart: always
   depends_on: 
    - synapse
   networks:
     - traefik-public
   labels:
     - traefik.docker.network=traefik-public
     - traefik.http.routers.webchat.rule=Host(`webchat.${DOMAIN}`)
     - traefik.http.services.webchat.loadbalancer.server.port=80
     - traefik.http.middlewares.webchat.headers.customrequestheaders.X-Forwarded-Proto=https
     - traefik.http.routers.webchat.middlewares=webchat
     - traefik.http.routers.webchat.tls=true

##SYNAPSE ADMIN
  admin:
    image: awesometechnologies/synapse-admin
    container_name: admin
    restart: unless-stopped
    networks:
     - traefik-public
    labels:
     - traefik.docker.network=traefik-public
     - traefik.http.routers.admin.rule=Host(`admin.${DOMAIN}`)
     - traefik.http.services.admin.loadbalancer.server.port=80
     - traefik.http.middlewares.admin.headers.customrequestheaders.X-Forwarded-Proto=https
     - traefik.http.routers.admin.middlewares=admin
     - traefik.http.routers.admin.tls=true

   
# BRIDGES
  telegram-bridge:
    container_name: telegram-bridge
    image: dock.mau.dev/mautrix/telegram:latest
    restart: unless-stopped
    depends_on:
     - synapse
    volumes:
     - ${CONF_PATH}/telegram-bridge:/data
    networks:
     - bots
    labels:
      - traefik.enable=false
     
  facebook-bridge:
    container_name: meta-bridge
    image: dock.mau.dev/mautrix/meta:latest
    restart: unless-stopped
    depends_on:
     - synapse
    volumes:
     - ${CONF_PATH}/facebook-bridge:/data
    networks:
     - bots
    labels:
      - traefik.enable=false

##WEBHOOKS
  webhook-service:
    container_name: webhook-service
    image: turt2live/matrix-appservice-webhooks
    restart: always
    depends_on:
     - synapse
    volumes:
     - ${CONF_PATH}/webhooks:/data
    networks:
     - bots
     - traefik-public
    labels:
     - traefik.docker.network=public
     - traefik.http.routers.webhook-service.rule=Host(`webhooks.${DOMAIN}`)
     - traefik.http.services.webhook-service.loadbalancer.server.port=29316
     - traefik.http.middlewares.webhook-service.headers.customrequestheaders.X-Forwarded-Proto=https
     - traefik.http.routers.webhook-service.middlewares=webhook-service
     - traefik.http.routers.webhook-service.tls=true

## BOTS
  maubot:
    image: dock.mau.dev/maubot/maubot:latest
    container_name: maubot
    restart: always
    depends_on:
     - synapse
    volumes:
     - ${CONF_PATH}/maubot:/data
    networks:
     - bots
     - traefik-public
    labels:
     - traefik.docker.network=traefik-public
     - traefik.http.routers.maubot.rule=Host(`maubot.${DOMAIN}`)
     - traefik.http.services.maubot.loadbalancer.server.port=29316
     - traefik.http.middlewares.maubot.headers.customrequestheaders.X-Forwarded-Proto=https
     - traefik.http.routers.maubot.middlewares=maubot
     - traefik.http.routers.maubot.tls=true