83 lines
2.1 KiB
YAML
83 lines
2.1 KiB
YAML
version: "2.2"
|
|
|
|
networks:
|
|
orbeat:
|
|
external: false
|
|
|
|
volumes:
|
|
db:
|
|
external: false
|
|
|
|
services:
|
|
db:
|
|
image: postgres:14
|
|
restart: always
|
|
read_only: true
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
environment:
|
|
- POSTGRES_USER=orbeat
|
|
- POSTGRES_PASSWORD=orbeat
|
|
- POSTGRES_DB=orbeat
|
|
networks:
|
|
- orbeat
|
|
healthcheck:
|
|
test: [ "CMD-SHELL", "pg_isready --dbname \"postgres://orbeat:orbeat@db/orbeat\"" ]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
volumes:
|
|
- db:/var/lib/postgresql/data:rw
|
|
tmpfs:
|
|
# For read-only filesystem, need to create a volume/tmpfs for PostgreSQL to run its much
|
|
# needed configuration. The read-only flag does not make volumes and tmpfs read-only.
|
|
- /tmp
|
|
- /run
|
|
- /run/postgresql
|
|
orbeat:
|
|
build:
|
|
context: ./
|
|
dockerfile: Dockerfile
|
|
restart: always
|
|
read_only: true
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
networks:
|
|
- orbeat
|
|
volumes:
|
|
- ${DATA_MOUNT_PATH}:${DATA_MOUNT_PATH}:ro
|
|
- ${CERTIFICATE_PATH}:${CERTIFICATE_PATH}:ro
|
|
- ${KEYPAIR_PATH}:${KEYPAIR_PATH}:ro
|
|
depends_on:
|
|
- db
|
|
command: >-
|
|
-certificate "${CERTIFICATE_PATH}" -keypair "${KEYPAIR_PATH}"
|
|
-connstr "user=orbeat password=orbeat dbname=orbeat sslmode=disable host=db"
|
|
-sni "${SNI}"
|
|
-trusted_keys "${TRUSTED_KEYS}"
|
|
-listen ":${LISTEN_PORT}"
|
|
${EXTRA_CMDLINE}
|
|
tmpfs:
|
|
- /tmp
|
|
ports:
|
|
- "${LISTEN_PORT}:${LISTEN_PORT}"
|
|
- "${LISTEN_PORT}:${LISTEN_PORT}/udp"
|
|
srg:
|
|
image: srg
|
|
build: https://git.gammaspectra.live/S.O.N.G/SynchRoGazer.git#master
|
|
restart: "no"
|
|
read_only: true
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
networks:
|
|
- orbeat
|
|
volumes:
|
|
- ${DATA_MOUNT_PATH}:${DATA_MOUNT_PATH}:ro
|
|
depends_on:
|
|
- db
|
|
entrypoint: >-
|
|
/usr/bin/srg
|
|
-format postgres -pg_table entries -pg_mode insert_binary -pg_row_size size
|
|
-pg_connstr "user=orbeat password=orbeat dbname=orbeat sslmode=disable host=db"
|
|
tmpfs:
|
|
- /tmp |