65 lines
1.7 KiB
YAML
65 lines
1.7 KiB
YAML
---
|
|
version: "3.8"
|
|
|
|
# Matrix Authentication Service (MAS) — optional overlay for Element X / OIDC-native auth.
|
|
|
|
services:
|
|
mas:
|
|
image: ghcr.io/element-hq/matrix-authentication-service:1.14.0
|
|
command: ["server", "--config=/etc/mas/config.yaml"]
|
|
environment:
|
|
- DOMAIN
|
|
- SERVER_NAME
|
|
- STACK_NAME
|
|
networks:
|
|
- internal
|
|
configs:
|
|
- source: mas_config
|
|
target: /etc/mas/config.yaml
|
|
secrets:
|
|
- db_password
|
|
- mas_encryption
|
|
- mas_synapse_shared
|
|
- mas_signing_rsa
|
|
# Official image is distroless (no curl/wget); upstream suggests `mas-cli config check` for probes.
|
|
# See https://github.com/element-hq/matrix-authentication-service/issues/3741 — validates config, not HTTP.
|
|
# GET /health is still served (resource `health` in mas.config.yaml.tmpl) for probes from other images.
|
|
healthcheck:
|
|
test:
|
|
[
|
|
"CMD",
|
|
"/usr/local/bin/mas-cli",
|
|
"--config",
|
|
"/etc/mas/config.yaml",
|
|
"config",
|
|
"check",
|
|
]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 60s
|
|
deploy:
|
|
restart_policy:
|
|
condition: on-failure
|
|
|
|
app:
|
|
secrets:
|
|
- mas_synapse_shared
|
|
|
|
configs:
|
|
mas_config:
|
|
name: ${STACK_NAME}_mas_config_${MAS_CONFIG_VERSION}
|
|
file: mas.config.yaml.tmpl
|
|
template_driver: golang
|
|
|
|
secrets:
|
|
mas_encryption:
|
|
external: true
|
|
name: ${STACK_NAME}_mas_encryption_${SECRET_MAS_ENCRYPTION_VERSION}
|
|
mas_synapse_shared:
|
|
external: true
|
|
name: ${STACK_NAME}_mas_synapse_shared_${SECRET_MAS_SYNAPSE_SHARED_VERSION}
|
|
mas_signing_rsa:
|
|
external: true
|
|
name: ${STACK_NAME}_mas_signing_rsa_${SECRET_MAS_SIGNING_RSA_VERSION}
|