services:
  reverse-proxy:
    image: ghcr.io/nginxinc/nginx-unprivileged:mainline-alpine-slim
    container_name: reverse_proxy
    restart: always
    ports:
      - "443:8443"
    volumes: 
     - ./config/nginx/synapse.conf:/etc/nginx/nginx.conf:ro
     - ./config/nginx/tls.conf:/etc/nginx/conf.d/tls.conf:ro
     - ./data/certs:/etc/nginx/ssl:ro
    networks:
     - frontend
  synapse:
    depends_on:
      - postgres  
    restart: always
    image: "ghcr.io/polarix-containers/synapse:latest"
    user: "${UID:-3000}:${GID:-3000}"
    container_name: "synapse"
    volumes:
      - ./config/synapse/homeserver.yaml:/config/homeserver.yaml:ro,z
      - ./data/synapse:/data:z
#      - ./data/certs:/certs:ro
    networks:
      backend:
      frontend:
        aliases:
          - synapse
    ports:
      - "8448:8448"
    secrets:
      - database.yml
      - experimental-synapse.homelab0ne.xyz.signing.key
    environment:
      SYNAPSE_SERVER_NAME: "experimental-synapse.homelab0ne.xyz"
      SYNAPSE_REPORT_STATS: "yes" 
      SYNAPSE_HTTP_PORT: "8448"
    command:
      - run
      - "--config-path"
      - "/config/homeserver.yaml"
      - "--config-path"
      - "/var/run/secrets/database.yml"
  acme.sh:
    command:
      - daemon
    container_name: acme.sh
    environment:
      DEDYN_TOKEN: "${DEDYN_TOKEN}"
    image: 'ghcr.io/polarix-containers/acme.sh:latest'
    restart: always
    volumes:
      - ./data/acme.sh:/acme.sh:Z
      - ./data/certs:/certs:z
  postgres:
    container_name: postgres
    image: cgr.dev/chainguard/postgres:latest
    volumes:
      - ./data/postgres:/var/lib/postgresql/data:Z
    restart: unless-stopped 
    environment:
      POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
    networks:
      - backend
networks:
  backend:
  frontend:
    driver: bridge
secrets:
  experimental-synapse.homelab0ne.xyz.signing.key:
    file: ./secrets/experimental-synapse.homelab0ne.xyz.signing.key
  database.yml:
    file: ./secrets/synapse_database.yaml