services: navidrome: image: deluan/navidrome:latest container_name: navidrome restart: unless-stopped expose: - "4533" environment: # Navidrome's database connection URL now references the secret for the password # The secret file content will be mounted at /run/secrets/navidrome_db_password ND_DATABASE_URL: "postgres://navidrome:$(cat /run/secrets/navidrome_db_password)@navidromedb:5432/navidrome_db?sslmode=disable" # Other Navidrome environment variables... ND_SESSIONTIMEOUT: 24h ND_ENABLETRANSCODING: "true" # ND_SCANSCHEDULE: 1h # ND_LOGLEVEL: info # ND_BASEURL: "" volumes: - "/opt/navidrome/data:/data" - "/opt/music:/music:ro" user: "1000:1000" # Ensure this user has proper permissions on host volumes networks: - web depends_on: - navidromedb # --- Declare the secret for Navidrome to use --- secrets: - navidrome_db_password # This name refers to the secret defined at the bottom nginx-proxy-manager: image: jc21/nginx-proxy-manager:latest container_name: nginx-proxy-manager restart: unless-stopped ports: - "80:80" - "443:443" - "81:81" volumes: - "/opt/npm/data:/data" - "/opt/npm/letsencrypt:/etc/letsencrypt" networks: - web - gitea navidromedb: image: postgres:13 container_name: navidromedb restart: unless-stopped mem_limit: 2048m environment: POSTGRES_DB: "navidrome_db" POSTGRES_USER: "navidrome" # --- Use the secret for the PostgreSQL root password --- # The secret file content will be mounted at /run/secrets/postgres_root_password POSTGRES_PASSWORD_FILE: "/run/secrets/postgres_root_password" # Use _FILE suffix for secret files volumes: - "/opt/postgres/data:/var/lib/postgresql/data" networks: - web # --- Declare the secret for Postgres to use --- secrets: - postgres_root_password # This name refers to the secret defined at the bottom gitea: image: docker.gitea.com/gitea:1.25.2 container_name: gitea environment: - USER_UID=1100 - USER_GID=1100 restart: always networks: - gitea volumes: - /opt/gitea/data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - /home/git/.ssh:/data/git/.ssh ports: - "3000:3000" - "127.0.0.1:222:22" synapse-db: image: postgres:15 container_name: synapse-db restart: unless-stopped environment: POSTGRES_DB: synapse POSTGRES_USER: synapse POSTGRES_PASSWORD_FILE: /run/secrets/synapse_db_password volumes: - synapse_db_data:/var/lib/postgresql/data secrets: - synapse_db_password networks: - web synapse: image: matrixdotorg/synapse:latest container_name: synapse restart: unless-stopped depends_on: - synapse-db environment: SYNAPSE_SERVER_NAME: "matrix.fscotto.duckdns.org" SYNAPSE_REPORT_STATS: "no" SYNAPSE_NO_TLS: "true" POSTGRES_PASSWORD_FILE: /run/secrets/synapse_db_password SYNAPSE_CONFIG_DIR: /data volumes: - synapse_data:/data expose: - "8008" secrets: - synapse_db_password networks: - web coturn: image: coturn/coturn container_name: coturn restart: unless-stopped volumes: - ./turnserver.conf:/etc/turnserver.conf:ro networks: - web expose: - "3478/udp" - "3478/tcp" - "49152-49200/udp" element-web: image: vectorim/element-web:latest container_name: element-web restart: unless-stopped expose: - "80" volumes: - element_web_config:/app/config networks: - web networks: web: external: false gitea: external: false # --- Docker Secrets Definition --- secrets: navidrome_db_password: # This name is referenced by the 'navidrome' service file: ./navidrome_db_password.txt # Path to your secret file on the host postgres_root_password: # This name is referenced by the 'navidromedb' service file: ./postgres_root_password.txt # Path to your secret file on the host synapse_db_password: # This name is referenced by the 'synapse' service file: ./synapse_db_password.txt # Path to your secret file on the host volumes: synapse_db_data: synapse_data: element_web_config: