mosskoi/MKs-Docker-Compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding untested changes and new dockers

Browse Source
This commit is contained in:
mk
2026-03-11 22:18:38 -03:00
parent fae6ea1abe
commit 52af4904da
34 changed files with 949 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
social/mastodon/.env.example Normal file
View File

@@ -0,0 +1,26 @@
PUID=1000
PGID=1001
TZ=America/Chicago
# Domain
LOCAL_DOMAIN=yourdomainhere
WEB_DOMAIN=yourdomainhere
# Database
DB_PASS=changeme
# Secrets (generate these - do not leave empty)
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
SECRET_KEY_BASE=
OTP_SECRET=
VAPID_PRIVATE_KEY=
VAPID_PUBLIC_KEY=
# SMTP
SMTP_SERVER=mail.example.com
SMTP_PORT=25
SMTP_LOGIN=
SMTP_PASSWORD=
SMTP_FROM_ADDRESS=notifications@yourdomainhere

73
social/mastodon/docker-compose.yml Normal file
View File

@@ -0,0 +1,73 @@
---
services:
mastodon:
depends_on:
- redis
- db
image: lscr.io/linuxserver/mastodon:latest
container_name: mastodon
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
- LOCAL_DOMAIN=${LOCAL_DOMAIN}
- REDIS_HOST=redis
- REDIS_PORT=6379
- DB_HOST=db
- DB_USER=mastodon
- DB_NAME=mastodon
- DB_PASS=${DB_PASS}
- DB_PORT=5432
- ES_ENABLED=false
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
- SECRET_KEY_BASE=${SECRET_KEY_BASE}
- OTP_SECRET=${OTP_SECRET}
- VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
- VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY}
- SMTP_SERVER=${SMTP_SERVER}
- SMTP_PORT=${SMTP_PORT}
- SMTP_LOGIN=${SMTP_LOGIN}
- SMTP_PASSWORD=${SMTP_PASSWORD}
- SMTP_FROM_ADDRESS=${SMTP_FROM_ADDRESS}
- S3_ENABLED=false
- WEB_DOMAIN=${WEB_DOMAIN}
- ES_HOST=es #optional
- ES_PORT=9200 #optional
- ES_USER=elastic #optional
- ES_PASS=elastic #optional
- S3_BUCKET= #optional
- AWS_ACCESS_KEY_ID= #optional
- AWS_SECRET_ACCESS_KEY= #optional
- S3_ALIAS_HOST= #optional
- SIDEKIQ_ONLY=false #optional
- SIDEKIQ_QUEUE= #optional
- SIDEKIQ_DEFAULT=false #optional
- SIDEKIQ_THREADS=5 #optional
- DB_POOL=5 #optional
- NO_CHOWN= #optional
- MASTODON_PROMETHEUS_EXPORTER_ENABLED= #optional
volumes:
- ./config:/config
ports:
- 88:80
- 448:443
- 9394:9394 #optional
restart: unless-stopped
redis:
image: redis:7-alpine
container_name: mastodon-redis
restart: unless-stopped
db:
image: postgres:14-alpine
container_name: mastodon-db
environment:
POSTGRES_DB: mastodon
POSTGRES_USER: mastodon
POSTGRES_PASSWORD: ${DB_PASS}
volumes:
- ./db:/var/lib/postgresql/data
restart: unless-stopped

5
social/matrix-discord-bridge/.env.example Normal file
View File

@@ -0,0 +1,5 @@
POSTGRES_PASSWORD=changeme
# Optional really
POSTGRES_USER=mautrix-discord
POSTGRES_DB=mautrix-discord

37
social/matrix-discord-bridge/docker-compose.yml Normal file
View File

@@ -0,0 +1,37 @@
version: "3.7"
services:
mautrix-discord:
container_name: mautrix-discord
image: dock.mau.dev/mautrix/discord:latest
restart: unless-stopped
volumes:
- ./data:/data
ports:
- "29334:29334"
networks:
synapse_default:
mautrix-discord-db:
image: docker.io/postgres:15-alpine
container_name: mautrix-discord-db
restart: always
environment:
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_DB=${POSTGRES_DB}
# ensure the database gets created correctly
# https://github.com/matrix-org/synapse/blob/master/docs/postgres.md#set-up-database
- POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
volumes:
# You may either store all the files in a local folder
- ./db:/var/lib/postgresql/data
ports:
- 5432:5432
networks:
synapse_default:
networks:
synapse_default:

12
social/matrix/.env.example Normal file
View File

@@ -0,0 +1,12 @@
# Synapse homeserver domain (cannot be changed after federation starts)
SYNAPSE_SERVER_NAME=matrix.example.com
TZ=UTC
# LiveKit JWT service credentials
# Generate a key/secret pair: https://docs.livekit.io/home/self-hosting/deployment/
LIVEKIT_KEY=changeme
LIVEKIT_SECRET=changeme
# Optional: override if livekit is not on localhost
# LIVEKIT_URL=ws://localhost:7880

1
social/matrix/README.md Normal file
View File

@@ -0,0 +1 @@
Update livekit.yaml and nginx.conf with homeserver's name

66
social/matrix/docker-compose.yml Normal file
View File

@@ -0,0 +1,66 @@
services:
synapse:
image: matrixdotorg/synapse:latest
container_name: synapse
restart: unless-stopped
environment:
SYNAPSE_SERVER_NAME: ${SYNAPSE_SERVER_NAME}
SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
UID: "991"
GID: "991"
TZ: ${TZ:-UTC}
volumes:
- ./synapse:/data
ports:
# Client & federation API (put a reverse proxy in front for TLS)
- "8008:8008"
healthcheck:
test:
[
"CMD-SHELL",
"curl -fSs http://localhost:8008/health || exit 1",
]
interval: 15s
timeout: 5s
retries: 3
start_period: 30s
livekit:
image: livekit/livekit-server:latest
container_name: livekit
restart: unless-stopped
command: --config /etc/livekit.yaml
volumes:
- ./livekit/:/etc/
network_mode: "container:wireguard"
lk-jwt:
image: ghcr.io/element-hq/lk-jwt-service:latest
container_name: lk-jwt
restart: unless-stopped
environment:
LIVEKIT_URL: ${LIVEKIT_URL:-ws://localhost:7880}
LIVEKIT_KEY: ${LIVEKIT_KEY}
LIVEKIT_SECRET: ${LIVEKIT_SECRET}
LIVEKIT_JWT_BIND: ":8090"
LIVEKIT_INSECURE_SKIP_VERIFY_TLS: "true"
network_mode: "container:wireguard"
depends_on:
- livekit
lk-jwt-proxy:
image: nginx:alpine
container_name: lk-jwt-proxy
restart: unless-stopped
volumes:
- ./lk-jwt-proxy/:/etc/nginx/:ro
network_mode: "container:wireguard"
depends_on:
- lk-jwt
synapse-admin:
image: awesometechnologies/synapse-admin:latest
container_name: synapse-admin
restart: unless-stopped
ports:
- "8087:80"

150
social/matrix/homeserver.yml Normal file
View File

@@ -0,0 +1,150 @@
# Configuration file for Synapse.
# Config by Mosskoi
# This configuration intends on creating a private experience for matrix
# By default it disallows communication with federated services and other servers
# But by configuring a whitelist you can adds more servers to your network
# Make sure these other servers have the same whitelist server as you
# Matrix does not disallow
# * Server
server_name: "matrix.example.com"
public_baseurl: https://matrix.example.com/
serve_server_wellknown: true
extra_well_known_client_content:
org.matrix.msc4143.rtc_foci:
- type: livekit
livekit_service_url: https://livekit.example.com
# Currently unused
#ip_range_blacklist:
#- 127.0.0.0/8
#ip_range_whitelist:
#- 192.168.1.1
listeners:
- port: 8008
resources:
- compress: false
names:
- client
- federation
tls: false
type: http
x_forwarded: true
# * Homeserver blocking
require_membership_for_aliases: false
max_avatar_size: 5M
allowed_avatar_mimetypes:
- image/png
- image/jpeg
- image/webp
- image/gif
user_ips_max_age: 90d
# * TLS
# Currently not used
# federation_certificate_verification_whitelist:
#- lon.example.com
# * Federation
# Private federation system
federation_domain_whitelist:
- matrix.example.com
federation_metrics_domains:
- matrix.example.com
allow_profile_lookup_over_federation: false
allow_device_name_lookup_over_federation: false
federation:
client_timeout: 60s
max_short_retry_delay: 7s
max_long_retry_delay: 100s
max_short_retries: 3
max_long_retries: 7
destination_min_retry_interval: 10m
destination_retry_multiplier: 2
destination_max_retry_interval: 12h
database:
name: sqlite3
args:
database: /data/homeserver.db
log_config: "/data/matrix.example.com.log.config"
# * Logging
# * Rate limiting
rc_registration:
per_second: 0.1
burst_count: 2.0
# * Media Store
media_store_path: /data/media_store
max_pending_media_uploads: 10
#url_preview_enabled: true Must explicit blacklist
# * Captcha
# * TURN
matrix_rtc:
transports:
- type: livekit
livekit_service_url: https://livekit.example.com
# * Registration
enable_registration: true # Must be enabled for token registrations to work
enable_registration_without_verification: false
disable_msisdn_registration: true
enable_3pid_lookup: false
registration_requires_token: true
registration_shared_secret: REGISTRATION_SECRET
enable_set_displayname: true
enable_set_avatar_url: true
enable_3pids_changes: true
allow_guest_access: false
autocreate_auto_join_rooms: false
autocreate_auto_join_rooms_federated: false
auto_join_rooms_for_guests: false
# * User session management
login_via_existing_session:
enabled: true
require_ui_auth: false
token_timeout: 5m
# * API Configuration
#
macaroon_secret_key: "MACAROON_SECRET"
form_secret: "FROM_SECRET"
signing_key_path: "/data/matrix.example.com.signing.key"
# * Rooms
user_directory:
enabled: false
search_all_users: false
prefer_local_users: true
exclude_remote_users: false
show_locked_users: false
enable_room_list_search: true
# Guest sign-in
pid_file: /data/homeserver.pid
# Signing and secrets
report_stats: false
trusted_key_servers: []
# - server_name: "matrix.example.com"
experimental_features:
msc4143_enabled: true
# vim:ft=yaml
app_service_config_files:
- /data/registration.yaml

9
social/matrix/livekit/livekit.yaml Normal file
View File

@@ -0,0 +1,9 @@
port: 7880
rtc:
tcp_port: 7881
port_range_start: 50100
enabled: true
domain: livekit.example.com
tls_port: 5349
udp_port: 3478
external_tls: true

19
social/matrix/lk-jwt-proxy/nginx.conf Normal file
View File

@@ -0,0 +1,19 @@
events {
worker_connections 64;
}
http {
server {
listen 8091;
location / {
proxy_pass http://localhost:8090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
sub_filter_types application/json;
sub_filter 'ws://localhost:7880' 'wss://livekit.example.com';
sub_filter_once off;
}
}
}