services:

  element:
    image: vectorim/element-web:latest
    container_name: element
    restart: unless-stopped
    volumes:
      - ./element/config.json:/app/config.json:Z
    networks:
      - element
    ports:
      - "127.0.0.1:81:80"
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
      - NET_BIND_SERVICE
    tmpfs:
      - /var/run:size=50M,mode=0770,noexec,nosuid,nodev
      - /var/cache/nginx:size=50M,mode=0770,noexec,nosuid,nodev

  matrix-to:
    image: ghcr.io/tommytran732/matrix.to
    container_name: matrix-to
    restart: unless-stopped
    networks:
      - matrix-to
    ports:
      - "127.0.0.1:5000:5000"
    user: 992:992
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL

  pantalaimon:
    image: matrixdotorg/pantalaimon:latest
    container_name: pantalaimon
    restart: unless-stopped
    volumes:
      - ./pantalaimon:/data
    networks:
      - pantalaimon
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL

  mjolnir:
    image: matrixdotorg/mjolnir:latest
    container_name: mjolnir
    restart: unless-stopped
    volumes:
      - ./mjolnir:/data
    depends_on:
      - pantalaimon
    networks:
      - pantalaimon
    ports:
      - "127.0.0.1:8081:8081"
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL

  syncv3:
    image: ghcr.io/matrix-org/sliding-sync:latest
    container_name: syncv3
    restart: unless-stopped
    env_file: ./syncv3.env
    volumes:
      - /var/run/postgresql:/var/run/postgresql:ro
    group_add:
      - "1006" # postgres-socket, https://github.com/docker/compose/issues/7277
    runtime: "runsc-kvm --host-uds=open"
    ports:
      - "127.0.0.1:8008:8008"
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL

  glassrom-pantalaimon:
    image: matrixdotorg/pantalaimon:latest
    container_name: glassrom-pantalaimon
    restart: unless-stopped
    volumes:
      - ./glassrom/pantalaimon:/data
    networks:
      - glassrom-pantalaimon
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL

  glassrom-mjolnir:
    image: matrixdotorg/mjolnir:latest
    container_name: glassrom-mjolnir
    restart: unless-stopped
    volumes:
      - ./glassrom/mjolnir:/data
    depends_on:
      - glassrom-pantalaimon
    networks:
      - glassrom-pantalaimon
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL

  honoroit-hssupport:
    image: registry.gitlab.com/etke.cc/honoroit:latest
    container_name: honoroit-hssupport
    restart: unless-stopped
    env_file: ./honoroit-hssupport.env
    volumes:
      - /var/run/postgresql:/var/run/postgresql:ro
    group_add:
      - "1006" # postgres-socket, https://github.com/docker/compose/issues/7277
    runtime: "runsc-kvm --host-uds=open"
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL

networks:
  element:
  matrix-to:
  pantalaimon:
  glassrom-pantalaimon: