-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
321 lines (290 loc) · 9.52 KB
/
docker-compose.yml
File metadata and controls
321 lines (290 loc) · 9.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
services:
datastore_pool:
hostname: datastore_pool
image: ghcr.io/pgdogdev/pgdog:main
ports:
- "6432:6432"
depends_on:
datastore:
condition: service_healthy
networks:
- internal
environment:
RUST_LOG: debug
command:
- "/usr/local/bin/pgdog"
- "--config"
- "/etc/pgdog/pgdog.toml"
- "--users"
- "/etc/pgdog/users.toml"
- "run"
- "--min-pool-size=0"
configs:
- source: datastore_pool
target: /etc/pgdog/pgdog.toml
- source: datastore_pool_users
target: /etc/pgdog/users.toml
datastore:
hostname: datastore
image: postgres:latest
restart: always
environment:
POSTGRES_PASSWORD: s3cr3t
POSTGRES_USER: matrix
POSTGRES_DB: matrix
RUST_BACKTRACE: "1"
POSTGRES_LOG_STATEMENT: all
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U matrix" ]
interval: 2s
timeout: 3s
retries: 3
networks:
- internal
ports:
- "5431:5432"
cachestore:
hostname: cache
image: redis:latest
restart: always
networks:
- internal
ports:
- "6378:6379"
environment:
REDIS_ARGS: "--databases 10000 --requirepass s3cr3t --user matrix on >s3cr3t ~* +@all --maxmemory 512mb --maxmemory-policy allkeys-lru"
command: [
"redis-server",
"--databases", "10000",
"--requirepass", "s3cr3t",
"--user", "matrix", "on", ">s3cr3t", "~*", "+@all",
"--maxmemory", "512mb",
"--maxmemory-policy", "allkeys-lru"
]
healthcheck:
test: [ "CMD", "redis-cli", "-u", "redis://:s3cr3t@localhost:6379", "ping" ]
interval: 2s
timeout: 3s
retries: 3
tmpfs:
- /data:rw,noexec,nosuid,size=1G
queuestore:
hostname: queue
image: nats:2.11
restart: always
networks:
- internal
ports:
- "4221:4222"
command: [
"--js",
"-DVV",
"--user", "matrix",
"--pass", "s3cr3t"
]
matrix:
hostname: matrix
build:
context: .
args:
VERSION: ${VERSION}
ports:
- "8008:8008"
- "8448:8448"
depends_on:
datastore:
condition: service_healthy
cachestore:
condition: service_healthy
queuestore:
condition: service_started
networks:
- internal
restart: unless-stopped
environment:
DATABASE_URL: postgres://matrix:s3cr3t@datastore/matrix?sslmode=disable
CACHE_URI: redis://matrix:s3cr3t@cache:6379/0?protocol=3
QUEUE_URI: nats://matrix:s3cr3t@queue:4222
command: [ "--config", "/etc/matrix/config.yaml" ]
configs:
- source: matrix_key
target: /etc/matrix/key.pem
- source: matrix_config
target: /etc/matrix/config.yaml
configs:
datastore_pool:
name: pgdog.toml
content: |
[general]
host = "0.0.0.0"
port = 6432
workers = 2
pooler_mode = "transaction"
default_pool_size = 100
min_pool_size = 10
load_balancing_strategy = "least_active_connections"
passthrough_auth = "enabled_plain"
auth_type = "scram"
checkout_timeout = 5000
healthcheck_interval = 30000
[admin]
user = "matrix"
password = "s3cr3t"
[tcp]
retries = 3
time = 1000
interval = 1000
user_timeout = 1000
[[ databases ]]
name = "matrix"
role = "primary"
host = "datastore"
port = 5432
datastore_pool_users:
name: users.toml
content: |
# Catch-all user mapping; with passthrough_auth, actual credentials are used
[[users]]
name = "matrix"
database = "*"
# Optionally, override pool size per user:
# pool_size = 50
matrix_key:
name: key.pem
content: |
-----BEGIN MATRIX PRIVATE KEY-----
Key-ID: ed25519:iZSpbr
iZSpbrColI8H52Ix6qr/8gmcXQAcZoN9xXdwplTbq3I=
-----END MATRIX PRIVATE KEY-----
matrix_config:
name: config.yaml
content: |
# The version of the configuration file.
version: 2
# Global Matrix configuration. This configuration applies to all components.
global:
# The domain name of this homeserver.
server_name: matrix.antinvestor.com
private_key: /etc/matrix/key.pem
key_validity_period: 168h0m0s
database:
max_open_conns: 90
max_idle_conns: 5
conn_max_lifetime: -1
cache:
max_age: 1h
# The server name to delegate server-server communications to, with optional port
# e.g. localhost:443
well_known_server_name: "docker.compose:8008"
# The base URL to delegate client-server communications to e.g. https://localhost
well_known_client_name: ""
jetstream:
addresses:
# - localhost:4222
# The prefix to use for stream names for this homeserver - really only useful
# if you are running more than one Dendrite server on the same NATS deployment.
topic_prefix: Dendrite
distributed_api:
enabled: false
profile_service_uri: "service-profile.core:50051"
partition_service_uri: "service-partition.core:50051"
embedded_config:
oauth2_service_uri: https://oauth2.chamamobile.com
oauth2_well_known_jwk: https://oauth2.chamamobile.com/.well-known/jwks.json
oauth2_service_admin_uri: http://auth-oauth2-hydra-admin.core:4445
oauth2_service_client_secret: b1QQBzBM04CDvEX9heDx
oauth2_service_audience: service_profile,service_partition,service_files,service_notification,service_payment,service_stawi
oauth2_jwt_verify_audience: service_matrix
oauth2_jwt_verify_issuer: https://oauth2.chamamobile.com/
# Configuration for the Client API.
client_api:
registration_disabled: true
guests_disabled: true
enable_registration_captcha: false
login_sso:
callback_url: "https://matrix.antinvestor.com/_matrix/v3/login/sso/callback"
default_provider: auth0
providers:
- id: auth0
name: "Auth0 Test Provider"
discovery_url: "https://dev-k5lry2vvfpplshdn.eu.auth0.com/.well-known/openid-configuration"
client_id: ersbEAybgJe0HWMBuR9Adw63oUVoboIf
client_secret: MGP_j3QKywtjNpwsD9pVa7gauB8KQMFdJKZDTB7uBRpvcMER5h4MZ8XzTJuG659g
jwt_login:
audience: matrix_service
# TURN server information that this homeserver should send to clients.
turn:
turn_user_lifetime: "5m"
turn_uris:
# - turn:turn.server.org?transport=udp
# - turn:turn.server.org?transport=tcp
turn_shared_secret: ""
# If your TURN server requires static credentials, then you will need to enter
# them here instead of supplying a shared secret. Note that these credentials
# will be visible to clients!
# turn_username: ""
# turn_password: ""
# Configuration for the Media API.
media_api:
# Storage path for uploaded media. May be relative or absolute.
base_path: /tmp/media_store
# The maximum allowed file size (in bytes) for media uploads to this homeserver
# (0 = unlimited). If using a reverse proxy, ensure it allows requests at least
#this large (e.g. the client_max_body_size setting in nginx).
max_file_size_bytes: 10485760
# Whether to dynamically generate thumbnails if needed.
dynamic_thumbnails: false
# The maximum number of simultaneous thumbnail generators to run.
max_thumbnail_generators: 10
# A list of thumbnail sizes to be generated for media content.
thumbnail_sizes:
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 640
height: 480
method: scale
# Configuration for enabling experimental MSCs on this homeserver.
mscs:
mscs:
# - msc2836 # (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836)
# Configuration for the Sync API.
sync_api:
# This option controls which HTTP header to inspect to find the real remote IP
# address of the client. This is likely required if Dendrite is running behind
# a reverse proxy server.
# real_ip_header: X-Real-IP
# Configuration for the full-text search engine.
search:
# Whether or not search is enabled.
enabled: false
# The path where the search index will be created in.
index_path: "/tmp/searchindex"
# The language most likely to be used on the server - used when indexing, to
# ensure the returned results match expectations. A full list of possible languages
# can be found at https://github.com/blevesearch/bleve/tree/master/analysis/lang
language: "en"
# Configuration for the User API.
user_api:
bcrypt_cost: 10
tracing:
enabled: false
jaeger:
serviceName: ""
disabled: false
rpc_metrics: false
tags: []
sampler: null
reporter: null
headers: null
baggage_restrictions: null
throttler: null
logging:
- type: std
level: info
networks:
internal:
attachable: true