From f40eeff6bec7c105c5490b3e2b0f4eb8d85f7e51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20GUEZO?= Date: Sun, 1 Mar 2026 15:58:00 +0100 Subject: [PATCH] feat(docker-compose.yml): add a few new adjustment --- docker-compose.yml | 53 +++++++++++++++++++++++++++++++++++++++------- install.sh | 1 + 2 files changed, 46 insertions(+), 8 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index bb2d381..3b671f0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,4 @@ volumes: - ssl-data: { name: ssl } wireguard-data: { name: wireguard } portainer-data: { name: portainer } gitea-mirror-data: { name: gitea_mirror } @@ -9,6 +8,11 @@ networks: # Docker socket access socket-ro-bridge: { name: socket_ro_bridge, internal: true } socket-rw-bridge: { name: socket_rw_bridge, internal: true } + + matrix-internal: + internal: true + name: matrix_internal + # Public-facing network for Nginx Proxy and web services web-network: name: web_network @@ -69,9 +73,7 @@ services: DOCKER_HOST: tcp://socket-rw:2375 # Uses RW proxy to pause containers during backup volumes: - wireguard-data:/backup/wireguard:ro - - ./data/synapse:/backup/synapse:ro - - ssl-data:/backup/ssl:ro - - ./data/backup:/archive + - ./data/:/backup/data networks: - socket-rw-bridge - web-network @@ -88,7 +90,7 @@ services: - DOCKER_HOST=tcp://socket-ro:2375 # Discovers containers via RO proxy - ENABLE_IPV6=true volumes: - - ssl-data:/etc/nginx/certs:ro + - ./data/nginx/certs:/etc/nginx/certs:ro - ./data/nginx/default_html:/usr/share/nginx/html - ./data/nginx/vhost.d:/etc/nginx/vhost.d labels: @@ -109,7 +111,7 @@ services: - NGINX_PROXY_CONTAINER=nginx-proxy - DOCKER_HOST=tcp://socket-rw:2375 # Needs RW to restart Nginx after renewal volumes: - - ssl-data:/etc/nginx/certs + - ./data/nginx/certs:/etc/nginx/certs - ./data/nginx/vhost.d:/etc/nginx/vhost.d - ./data/nginx/default_html:/usr/share/nginx/html - ./data/nginx/acme_config:/etc/acme.sh @@ -180,27 +182,61 @@ services: networks: - web-network + db-matrix: + image: postgres:15-alpine + container_name: db-matrix + restart: unless-stopped + environment: + - POSTGRES_DB=synapse + - POSTGRES_USER=synapse + - POSTGRES_PASSWORD=${DB_PASSWORD} + volumes: + - ./data/matrix/postgres:/var/lib/postgresql/data + deploy: + resources: + limits: + memory: 200M + networks: + - matrix-internal + # Synapse: Matrix homeserver for decentralized communication synapse: image: matrixdotorg/synapse:latest container_name: synapse restart: unless-stopped + deploy: + resources: + limits: + memory: 800M + reservations: + memory: 400M volumes: - - ./data/synapse:/data + - ./data/matrix/synapse:/data environment: - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml - VIRTUAL_HOST=msg.${HOSTNAME} - LETSENCRYPT_HOST=msg.${HOSTNAME} - LETSENCRYPT_EMAIL=${EMAIL} - VIRTUAL_PORT=8008 + - SYNAPSE_POSTGRES_HOST=db-matrix + - SYNAPSE_POSTGRES_USER=synapse + - SYNAPSE_POSTGRES_PASSWORD=${DB_PASSWORD} + - SYNAPSE_POSTGRES_DB=synapse networks: - web-network + - matrix-internal + depends_on: + - db-matrix # Gitea: Self-hosted Git forge (Lightweight alternative to GitHub) gitea: image: gitea/gitea:latest container_name: gitea restart: unless-stopped + deploy: + resources: + limits: + memory: 512M environment: - VIRTUAL_HOST=git.${HOSTNAME} - LETSENCRYPT_HOST=git.${HOSTNAME} @@ -208,7 +244,7 @@ services: - VIRTUAL_PORT=3000 - GITEA__server__DOMAIN=git.${HOSTNAME} - GITEA__server__ROOT_URL=https://git.${HOSTNAME}/ - - DISABLE_REGISTRATION=true # Private instance security + # - DISABLE_REGISTRATION=true # Private instance security volumes: - ./data/gitea:/data - /etc/localtime:/etc/localtime:ro @@ -228,6 +264,7 @@ services: - LETSENCRYPT_EMAIL=${EMAIL} - VIRTUAL_PORT=4321 - BETTER_AUTH_SECRET=${GITHUB_AUTH_SECRET} + - BETTER_AUTH_TRUSTED_ORIGINS=https://mirror.${HOSTNAME} volumes: - gitea-mirror-data:/app/data networks: diff --git a/install.sh b/install.sh index 922981f..1e89f38 100644 --- a/install.sh +++ b/install.sh @@ -11,6 +11,7 @@ ENV_LIST=( "TELEGRAM_TOKEN" "TELEGRAM_CHAT_ID" "AWS" "ENDPOINT" "AWS_ACCESS_KEY_ID" "AWS_SECRET_ACCESS_KEY" "GITHUB_AUTH_SECRET" + "DB_PASSWORD" ) readonly REQ=(