---
version: '2.1'

networks:
  dmz:
    # defined by traefik service
    external: true
  back: {}

services:
  postgres:
    image: "postgres:11"
    restart: "unless-stopped"
    volumes:
      - "dbdata:/var/lib/postgresql/data"
    environment:
      POSTGRES_PASSWORD: "hunter2"
      POSTGRES_USER: "synapse"
      POSTGRES_INITDB_ARGS: "--encoding='UTF8' --lc-collate='C' --lc-ctype='C'"
    networks:
      back: {}

  redis:
    image: "redis"
    restart: "unless-stopped"
    networks:
      back: {}

  federation-sender:
    image: "matrixdotorg/synapse:latest"
    restart: "unless-stopped"
    healthcheck:
      disable: true
    volumes:
      - "data:/data"
    command: "run -m synapse.app.federation_sender --config-path=/data/homeserver.yaml --config-path=/data/federation-sender.yaml"
    networks:
      back: {}

  federation-receiver:
    image: "matrixdotorg/synapse:latest"
    restart: "unless-stopped"
    healthcheck:
      disable: true
    volumes:
      - "data:/data"
    command: "run -m synapse.app.generic_worker --config-path=/data/homeserver.yaml --config-path=/data/federation-receiver.yaml"
    networks:
      back: {}
      dmz: {}
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=dmz"

      - "traefik.http.routers.matrix-federation.rule=Host(`matrix.zknt.org`) && PathPrefix(
        `/_matrix/federation`,
        `/_matrix/key`
        )"
      - "traefik.http.routers.matrix-federation.tls=true"
      - "traefik.http.services.matrix-federation.loadbalancer.server.port=8084"
      - "traefik.http.routers.matrix-federation.service=matrix-federation"

  federation-client:
    image: "matrixdotorg/synapse:latest"
    restart: "unless-stopped"
    healthcheck:
      disable: true
    volumes:
      - "data:/data"
    command: "run -m synapse.app.generic_worker --config-path=/data/homeserver.yaml --config-path=/data/client.yaml"
    networks:
      back: {}
      dmz: {}
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=dmz"

      - "traefik.http.routers.matrix-client.rule=Host(`matrix.zknt.org`) && PathPrefix(
        `/_matrix/client/(v2_alpha|r0)/sync`,
        `/_matrix/client/(api/v1|v2_alpha|r0)/events`,
        `/_matrix/client/(api/v1|r0)/initialSync`,
        `/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync`,
        `/_matrix/client/(api/v1|r0|unstable)/publicRooms`,
        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members`,
        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*`,
        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members`,
        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state`,
        `/_matrix/client/(api/v1|r0|unstable)/account/3pid`,
        `/_matrix/client/(api/v1|r0|unstable)/devices`,
        `/_matrix/client/(api/v1|r0|unstable)/keys/query`,
        `/_matrix/client/(api/v1|r0|unstable)/keys/changes`,
        `/_matrix/client/versions`,
        `/_matrix/client/(api/v1|r0|unstable)/voip/turnServer`,
        `/_matrix/client/(api/v1|r0|unstable)/joined_groups`,
        `/_matrix/client/(api/v1|r0|unstable)/publicised_groups`,
        `/_matrix/client/(api/v1|r0|unstable)/publicised_groups/`,
        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/`,
        `/_matrix/client/(api/v1|r0|unstable)/joined_rooms`,
        `/_matrix/client/(api/v1|r0|unstable)/search`,
        `/_matrix/client/(api/v1|r0|unstable)/login`,
        `/_matrix/client/(r0|unstable)/register`,
        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/redact`,
        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/send`,
        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/`,
        `/_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)`,
        `/_matrix/client/(api/v1|r0|unstable)/join/`,
        `/_matrix/client/(api/v1|r0|unstable)/profile/`
        )"
      - "traefik.http.routers.matrix-client.tls=true"
      - "traefik.http.services.matrix-client.loadbalancer.server.port=8083"
      - "traefik.http.routers.matrix-client.service=matrix-client"

  synapse:
    image: "matrixdotorg/synapse:latest"
    restart: "unless-stopped"
    volumes:
      - "data:/data"
    environment:
      SYNAPSE_SERVER_NAME: "zknt.org"
      SYNAPSE_REPORT_STATS: "no"
    networks:
      dmz: {}
      back: {}
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=dmz"

      - "traefik.http.routers.matrix.rule=Host(`matrix.zknt.org`)"
      - "traefik.http.routers.matrix.tls=true"
      - "traefik.http.routers.matrix.tls.certresolver=leprod"
      - "traefik.http.services.matrix.loadbalancer.server.port=8008"
      - "traefik.http.routers.matrix.service=matrix"

      - "traefik.http.routers.matrix-admin.rule=Host(`matrix.zknt.org`) && PathPrefix(`/_synapse/admin/`)"
      - "traefik.http.routers.matrix-admin.tls=true"
      - "traefik.http.middlewares.matrix-admin-allow.ipwhitelist.sourcerange=172.27.0.0/16"
      - "traefik.http.routers.matrix-admin.middlewares=matrix-admin-allow@docker"

volumes:
  data:
  dbdata: