services:

  element:
    image: ghcr.io/polarix-containers/element-web:latest
    container_name: element
    restart: unless-stopped
    volumes:
      - ./element/config.json:/app/config.json:ro,Z
    user: "101:101"
    networks:
      - element
    ports:
      - "127.0.0.1:81:8080"
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    tmpfs:
      - /etc/nginx/conf.d:size=50M,mode=0770,noexec,nosuid,nodev,uid=101
      - /var/cache/nginx:size=50M,mode=0770,noexec,nosuid,nodev,uid=101

  matrix-to:
    image: ghcr.io/tommytran732/matrix.to
    container_name: matrix-to
    restart: unless-stopped
    networks:
      - matrix-to
    ports:
      - "127.0.0.1:5000:5000"
    user: 992:992
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL

  pantalaimon:
    image: matrixdotorg/pantalaimon:latest
    container_name: pantalaimon
    restart: unless-stopped
    volumes:
      - ./pantalaimon:/data
    networks:
      - pantalaimon
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL

  mjolnir:
    image: matrixdotorg/mjolnir:v1.8.3 # https://github.com/matrix-org/mjolnir/issues/556
    container_name: mjolnir
    restart: unless-stopped
    volumes:
      - ./mjolnir:/data
    depends_on:
      - pantalaimon
    networks:
      - pantalaimon
    ports:
      - "127.0.0.1:8081:8081"
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL

  honoroit-hssupport:
    image: registry.gitlab.com/etke.cc/honoroit:latest
    container_name: honoroit-hssupport
    restart: unless-stopped
    env_file: ./honoroit-hssupport.env
    volumes:
      - /var/run/postgresql:/var/run/postgresql:ro
    group_add:
      - "1006" # postgres-socket, https://github.com/docker/compose/issues/7277
    runtime: "runsc-kvm --host-uds=open"
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL

networks:
  element:
  matrix-to:
  pantalaimon: