version: "2.2" networks: orbeat: external: false volumes: db: external: false services: db: image: postgres:14 restart: always read_only: true security_opt: - no-new-privileges:true environment: - POSTGRES_USER=orbeat - POSTGRES_PASSWORD=orbeat - POSTGRES_DB=orbeat networks: - orbeat healthcheck: test: [ "CMD-SHELL", "pg_isready --dbname \"postgres://orbeat:orbeat@db/orbeat\"" ] interval: 10s timeout: 5s retries: 5 volumes: - db:/var/lib/postgresql/data:rw tmpfs: # For read-only filesystem, need to create a volume/tmpfs for PostgreSQL to run its much # needed configuration. The read-only flag does not make volumes and tmpfs read-only. - /tmp - /run - /run/postgresql orbeat: build: context: ./ dockerfile: Dockerfile restart: always read_only: true security_opt: - no-new-privileges:true networks: - orbeat volumes: - ${DATA_MOUNT_PATH}:${DATA_MOUNT_PATH}:ro - ${CERTIFICATE_PATH}:${CERTIFICATE_PATH}:ro - ${KEYPAIR_PATH}:${KEYPAIR_PATH}:ro depends_on: - db command: >- -certificate "${CERTIFICATE_PATH}" -keypair "${KEYPAIR_PATH}" -connstr "user=orbeat password=orbeat dbname=orbeat sslmode=disable host=db" -sni "${SNI}" -trusted_keys "${TRUSTED_KEYS}" -listen ":${LISTEN_PORT}" ${EXTRA_CMDLINE} tmpfs: - /tmp ports: - "${LISTEN_PORT}:${LISTEN_PORT}" - "${LISTEN_PORT}:${LISTEN_PORT}/udp" srg: image: srg build: https://git.gammaspectra.live/S.O.N.G/SynchRoGazer.git#master restart: "no" read_only: true security_opt: - no-new-privileges:true networks: - orbeat volumes: - ${DATA_MOUNT_PATH}:${DATA_MOUNT_PATH}:ro depends_on: - db entrypoint: >- /usr/bin/srg -format postgres -pg_table entries -pg_mode insert_binary -pg_row_size size -pg_connstr "user=orbeat password=orbeat dbname=orbeat sslmode=disable host=db" tmpfs: - /tmp