--- version: "3.8" services: app: image: tootsuite/mastodon:v4.1.4 command: | bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" networks: &bothNetworks - proxy - internal deploy: update_config: failure_action: rollback order: start-first labels: - "traefik.enable=true" - "traefik.docker.network=proxy" - "traefik.http.services.${STACK_NAME}_web.loadbalancer.server.port=3000" - "traefik.http.routers.${STACK_NAME}_web.rule=Host(`${DOMAIN}`)" - "traefik.http.routers.${STACK_NAME}_web.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}_web.tls.certresolver=${LETS_ENCRYPT_ENV}" - "coop-cloud.${STACK_NAME}.version=0.1.2+v4.1.4" configs: &configs - source: entrypoint_sh target: /usr/local/bin/entrypoint.sh mode: 0555 entrypoint: &entrypoint /usr/local/bin/entrypoint.sh volumes: &appVolume - app:/opt/mastodon/public/system secrets: &secrets - db_password - otp_secret - secret_key_base - smtp_password - vapid_private_key environment: &env - ALLOW_ACCESS_TO_HIDDEN_SERVICE - ALTERNATE_DOMAINS - AUTHORIZED_FETCH - CACHE_REDIS_HOST - CACHE_REDIS_NAMESPACE - CACHE_REDIS_PORT - CACHE_REDIS_URL - DB_HOST - DB_NAME - DB_PORT - DB_USER - DEFAULT_LOCALE - EMAIL_DOMAIN_ALLOWLIST - EMAIL_DOMAIN_DENYLIST - ES_ENABLED - ES_HOST - ES_PORT - LDAP_BASE - LDAP_BIND_DN - LDAP_ENABLED - LDAP_HOST - LDAP_MAIL - LDAP_METHOD - LDAP_PASSWORD - LDAP_PORT - LDAP_SEARCH_FILTER - LDAP_UID - LDAP_UID_CONVERSTION_ENABLED - LIMITED_FEDERATION_MODE - LOCAL_DOMAIN - MAX_SESSION_ACTIVATIONS - OAUTH_REDIRECT_AT_SIGN_IN - OTP_SECRET_FILE=/run/secrets/otp_secret - PAPERCLIP_ROOT_PATH - PAPERCLIP_ROOT_URL - RAILS_ENV - RAILS_SERVE_STATIC_FILES - REDIS_HOST - REDIS_NAMESPACE - REDIS_PORT - REDIS_URL - SAML_ACS_URL - SAML_ATTRIBUTES_STATEMENTS_EMAIL - SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME - SAML_ATTRIBUTES_STATEMENTS_FULL_NAME - SAML_ATTRIBUTES_STATEMENTS_LAST_NAME - SAML_ATTRIBUTES_STATEMENTS_UID - SAML_ATTRIBUTES_STATEMENTS_VERIFIED - SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL - SAML_CERT - SAML_ENABLED - SAML_IDP_CERT - SAML_IDP_CERT_FINGERPRINT - SAML_IDP_SSO_TARGET_URL - SAML_ISSUER - SAML_NAME_IDENTIFIER_FORMAT - SAML_PRIVATE_KEY - SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED - SAML_SECURITY_WANT_ASSERTION_ENCRYPTED - SAML_SECURITY_WANT_ASSERTION_SIGNED - SAML_UID_ATTRIBUTE - SECRET_KEY_BASE_FILE=/run/secrets/secret_key_base - SINGLE_USER_MODE - SMTP_AUTH_METHOD - SMTP_CA_FILE - SMTP_DELIVERY_METHOD - SMTP_DOMAIN - SMTP_ENABLE_STARTTLS_AUTO - SMTP_FROM_ADDRESS - SMTP_LOGIN - SMTP_OPENSSL_VERIFY_MODE - SMTP_PASSWORD_FILE=/run/secrets/smtp_password - SMTP_PORT - SMTP_SERVER - SMTP_SSL - SMTP_TLS - STATSD_ADDR - STATSD_NAMESPACE - USER_ACTIVE_DAYS - VAPID_PRIVATE_KEY_FILE=/run/secrets/vapid_private_key - VAPID_PUBLIC_KEY - WEB_DOMAIN streaming: image: tootsuite/mastodon:v4.1.4 command: node ./streaming configs: *configs entrypoint: *entrypoint secrets: *secrets networks: *bothNetworks deploy: update_config: failure_action: rollback order: start-first labels: - "traefik.enable=true" - "traefik.docker.network=proxy" - "traefik.http.services.${STACK_NAME}_streaming.loadbalancer.server.port=4000" - "traefik.http.routers.${STACK_NAME}_streaming.rule=(Host(`${DOMAIN}`) && PathPrefix(`/api/v1/streaming`))" - "traefik.http.routers.${STACK_NAME}_streaming.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}_streaming.tls.certresolver=${LETS_ENCRYPT_ENV}" environment: *env volumes: *appVolume sidekiq: image: tootsuite/mastodon:v4.1.4 secrets: *secrets command: bundle exec sidekiq configs: *configs entrypoint: *entrypoint deploy: update_config: failure_action: rollback order: start-first networks: *bothNetworks volumes: *appVolume environment: *env db: image: postgres:15.3-alpine networks: &internalNetwork - internal volumes: - postgres:/var/lib/postgresql/data secrets: - db_password environment: - POSTGRES_DB=${DB_NAME} - POSTGRES_PASSWORD_FILE=/run/secrets/db_password - POSTGRES_USER=${DB_USER} redis: image: redis:7.0-alpine networks: *internalNetwork healthcheck: test: ["CMD", "redis-cli", "ping"] volumes: - redis:/data es: image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2 environment: - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - "cluster.name=es-mastodon" - "discovery.type=single-node" - "bootstrap.memory_lock=true" networks: - internal volumes: - es:/usr/share/elasticsearch/data ulimits: memlock: soft: -1 hard: -1 secrets: secret_key_base: name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION} external: true otp_secret: name: ${STACK_NAME}_otp_secret_${SECRET_OTP_SECRET_VERSION} external: true vapid_private_key: name: ${STACK_NAME}_vapid_private_key_${SECRET_VAPID_PRIVATE_KEY_VERSION} external: true db_password: name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} external: true smtp_password: name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION} external: true volumes: app: redis: postgres: es: networks: internal: proxy: external: true configs: entrypoint_sh: name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION} file: entrypoint.sh.tmpl template_driver: golang