about summary refs log tree commit diff
path: root/deploy/docker-compose.yml
diff options
context:
space:
mode:
Diffstat (limited to 'deploy/docker-compose.yml')
-rw-r--r--deploy/docker-compose.yml225
1 files changed, 114 insertions, 111 deletions
diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml
index ed09d0c..c8a2cba 100644
--- a/deploy/docker-compose.yml
+++ b/deploy/docker-compose.yml
@@ -1,167 +1,170 @@
 version: '2.4'
 services:
 
-  nginx:
-    restart: always
-    image: nginx:mainline-alpine
-    ports:
-      - 80:80
-      - 443:443
-    environment:
-      - NGINX_HOST=plural.cafe
-    volumes:
-      - /etc/localtime:/etc/localtime:ro
-      - ./.docker/nginx/nginx.conf:/etc/nginx/conf.d/web.template:ro
-      - ./.acme.sh/${NGINX_HOST}_ecc/${NGINX_HOST}.cer:/etc/ssl/cert.pem:ro
-      - ./.acme.sh/${NGINX_HOST}_ecc/${NGINX_HOST}.key:/etc/ssl/privkey.pem:ro
-      - ./.acme.sh/${NGINX_HOST}_ecc/fullchain.cer:/etc/ssl/fullchain.pem:ro
-      - ./public:/var/www/html:ro
-    command: sh -c "envsubst \"`env | awk -F = '{printf \" $$%s\", $$1}'`\" < /etc/nginx/conf.d/web.template > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
-    networks:
-      - external_network
-      - mstweb_network
-      - mststreaming_network
-      - netdata_network
-
-  netdata:
-    restart: always
-    image: titpetric/netdata
-    cap_add:
-      - SYS_PTRACE
+  # automatically update images
+  watchtower:
+    image: containrrr/watchtower
+    restart: unless-stopped
     volumes:
-      - /etc/localtime:/etc/localtime:ro
-      - ./.docker/netdata:/etc/netdata
-      - /proc:/host/proc:ro
-      - /sys:/host/sys:ro
       - /var/run/docker.sock:/var/run/docker.sock
     networks:
-      - netdata_network
+      - external
 
+  # may not be necessary with recent docker, need to investigate
   ipv6nat:
+    image: robbertkl/ipv6nat
     restart: always
+    privileged: true
+    network_mode: host
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - /lib/modules:/lib/modules:ro
-    privileged: true
-    network_mode: host
-    image: robbertkl/ipv6nat
 
-  mstdb:
-    restart: always
-    image: postgres:9.6-alpine
-    networks:
-      - mstdb_network
+  logrotate:
+    image: blacklabelops/logrotate
+    restart: unless-stopped
+    environment:
+      - LOGS_DIRECTORIES=/var/lib/docker/containers
+      - LOGROTATE_INTERVAL=daily
+      - LOGROTATE_COPIES=90
     volumes:
       - /etc/localtime:/etc/localtime:ro
-      - ./.docker/mastodon/db:/var/lib/postgresql/data
+      - /var/lib/docker/containers:/var/lib/docker/containers
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "50m"
+        max-file: "3"
 
-  mstredis:
+  db:
     restart: always
-    image: redis:4-alpine
+    image: postgres:11-alpine
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "postgres"]
     networks:
-      - mstredis_network
+      - db_network
     volumes:
       - /etc/localtime:/etc/localtime:ro
-      - ./.docker/mastodon/redis:/data
+      - /etc/timezone:/etc/timezone:ro
+      - ./mastodon/db:/var/lib/postgresql/data
 
-  mstes:
+  redis:
     restart: always
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.2.3
-    environment:
-      - bootstrap.memory_lock=true
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
+    image: redis:alpine
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
     networks:
-      - mstes_network
+      - redis_network
     volumes:
       - /etc/localtime:/etc/localtime:ro
-      - ./.docker/mastodon/es:/usr/share/elasticsearch/data
+      - /etc/timezone:/etc/timezone:ro
+      - ./mastodon/redis:/data
 
-  mstweb:
-    image: pluralcafe/mastodon:stable
+  mastodon-web:
+    image: pluralcafe/mastodon:edge
+    healthcheck:
+      test: ["CMD-SHELL", "wget -q --spider --header 'x-forwarded-proto: https' --proxy=off localhost:3000/health || exit 1"]
     restart: always
-    env_file: ./.docker/mastodon/.env.production
-    environment:
-      - WEB_CONCURRENCY=1
-      - MAX_THREADS=15
-    command: sh -c "rm -f /mastodon/tmp/pids/server.pid; rake db:migrate; bundle exec rails s -p 3000 -b '0.0.0.0'"
+    env_file: ./mastodon/.env.production
+    command: sh -c "rm -f /mastodon/tmp/pids/server.pid; RAILS_ENV=production bundle exec rails db:migrate; bundle exec rails s -p 3000 -b '0.0.0.0'"
     networks:
-      - mstdb_network
-      - mstes_network
-      - mstredis_network
-      - mstweb_network
+      - db_network
+      - redis_network
+      - external
     depends_on:
-      - mstdb
-      - mstredis
-      - mstes
+      - ipv6nat
+      - db
+      - redis
+    ports:
+      - "127.0.0.1:3010:3000"
     volumes:
       - /etc/localtime:/etc/localtime:ro
-      - ./public/system:/mastodon/public/system
+      - /etc/timezone:/etc/timezone:ro
+      - ./html/system:/mastodon/public/system
 
-  mststreaming:
-    image: pluralcafe/mastodon:stable
+  mastodon-streaming:
+    image: pluralcafe/mastodon:edge
+    healthcheck:
+      test: ["CMD-SHELL", "wget -q --spider --header 'x-forwarded-proto: https' --proxy=off localhost:4000/api/v1/streaming/health || exit 1"]
     restart: always
-    env_file: .docker/mastodon/.env.production
+    env_file: ./mastodon/.env.production
     command: yarn start
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
     networks:
-      - mstdb_network
-      - mstredis_network
-      - mststreaming_network
+      - db_network
+      - redis_network
+      - external
     depends_on:
-      - mstdb
-      - mstredis
+      - db
+      - redis
+    ports:
+      - "127.0.0.1:3011:4000"
 
-  mstsidekiq:
-    image: pluralcafe/mastodon:stable
+  sidekiq:
+    image: pluralcafe/mastodon:edge
     restart: always
-    env_file: .docker/mastodon/.env.production
-    environment:
-      - DB_POOL=10
-    command: bundle exec sidekiq -q default -q mailers -q pull -q push
+    env_file: ./mastodon/.env.production
+    command: bundle exec sidekiq -q default -q mailers -q push -q pull -q scheduler
     depends_on:
-      - mstdb
-      - mstes
-      - mstredis
+      - ipv6nat
+      - db
+      - redis
     networks:
-      - external_network
-      - mstdb_network
-      - mstes_network
-      - mstredis_network
+      - external
+      - db_network
+      - redis_network
     volumes:
-      - ./public/system:/mastodon/public/system
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
+      - ./html/system:/mastodon/public/system
 
-  mstbarkeep:
+  # after the Twitter migration of november 2022, separating ingress only makes sense
+  sidekiq-ingress:
+    image: pluralcafe/mastodon:edge
+    restart: always
+    env_file: ./mastodon/.env.production
+    command: bundle exec sidekiq -q default -q ingress
+    depends_on:
+      - ipv6nat
+      - db
+      - redis
+    networks:
+      - external
+      - db_network
+      - redis_network
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
+      - ./html/system:/mastodon/public/system
+
+  barkeep:
     image: pluralcafe/barkeep
     restart: always
-    env_file: ./.docker/mastodon/.env.ambassador
+    env_file: ./mastodon/.env.ambassador
     command: yarn start
     depends_on:
-      - mstdb
+      - db
+      - ipv6nat
+      - mastodon-web
     networks:
-      - external_network
-      - mstdb_network
+      - external
+      - db_network
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
 
 networks:
-  external_network:
+  external:
     driver: bridge
     enable_ipv6: true
     ipam:
       driver: default
       config:
         - subnet: 172.18.0.0/16
-        - subnet: fd00:dead:beef::/48
-  mstdb_network:
-    internal: true
-  mstes_network:
-    internal: true
-  mstredis_network:
-    internal: true
-  mststreaming_network:
-    internal: true
-  mstweb_network:
-    internal: true
-  netdata_network:
+        - subnet: fd00:0000:0000::/48
+  db_network:
     internal: true
+  redis_network:
+      internal: true