name: dawarich x-dawarich-image: &dawarich_image freikin/dawarich:1.8.1@sha256:7c70f2169e848ed77ae1cec01dd10ec4a73a70a785d4e4d248db1735c0bc25ed services: dawarich_db: image: postgis/postgis:17-3.5-alpine@sha256:fc07e7a034e013d50ada575673b798ca6277e000b8364e39e217f612d94bd9a5 container_name: dawarich_db restart: unless-stopped shm_size: 1G environment: TZ: ${TZ} POSTGRES_USER: ${POSTGRES_USER} POSTGRES_DB: ${POSTGRES_DB} POSTGRES_PASSWORD_FILE: /run/secrets/dawarich_postgres_password GRAFANA_DB_USER: ${GRAFANA_DB_USER} PGDATA: /var/lib/postgresql/data volumes: - dawarich_db_data:/var/lib/postgresql/data - dawarich_shared:/var/shared - ./postgres/initdb:/docker-entrypoint-initdb.d:ro networks: - backend_net secrets: - dawarich_postgres_password - dawarich_grafana_ro_password expose: - "5432" healthcheck: test: ["CMD-SHELL", "pg_isready -U \"$${POSTGRES_USER}\" -d \"$${POSTGRES_DB}\""] interval: 10s timeout: 10s retries: 5 start_period: 30s security_opt: - no-new-privileges:true dawarich_redis: image: redis:7-alpine@sha256:6ab0b6e7381779332f97b8ca76193e45b0756f38d4c0dcda72dbb3c32061ab99 container_name: dawarich_redis restart: unless-stopped command: - /bin/sh - -lc - | exec redis-server \ --save 900 1 \ --save 300 10 \ --appendonly no \ --requirepass "$$(cat /run/secrets/dawarich_redis_password)" volumes: - dawarich_redis_data:/data networks: - backend_net secrets: - dawarich_redis_password expose: - "6379" healthcheck: test: ["CMD-SHELL", "redis-cli -a \"$$(cat /run/secrets/dawarich_redis_password)\" --raw incr ping >/dev/null"] interval: 10s timeout: 10s retries: 5 start_period: 30s security_opt: - no-new-privileges:true dawarich_app: image: *dawarich_image container_name: dawarich_app restart: unless-stopped stdin_open: true tty: true entrypoint: - /bin/sh - -lc command: - | export DATABASE_PASSWORD="$$(cat /run/secrets/dawarich_postgres_password)" export REDIS_URL="redis://:$$(cat /run/secrets/dawarich_redis_password)@dawarich_redis:6379/0" export SECRET_KEY_BASE="$$(cat /run/secrets/dawarich_secret_key_base)" export METRICS_PASSWORD="$$(cat /run/secrets/dawarich_metrics_password)" exec web-entrypoint.sh bin/rails server -p 3000 -b :: environment: TZ: ${TZ} RAILS_ENV: production DATABASE_HOST: dawarich_db DATABASE_PORT: "5432" DATABASE_USERNAME: ${POSTGRES_USER} DATABASE_NAME: ${POSTGRES_DB} APPLICATION_HOSTS: ${APPLICATION_HOSTS} APPLICATION_PROTOCOL: https TIME_ZONE: ${TZ} SELF_HOSTED: "true" STORE_GEODATA: "true" RAILS_LOG_TO_STDOUT: "true" PROMETHEUS_EXPORTER_ENABLED: "true" METRICS_USERNAME: ${METRICS_USERNAME} SIDEKIQ_METRICS_URL: http://dawarich_sidekiq:9394/metrics BACKGROUND_PROCESSING_CONCURRENCY: ${BACKGROUND_PROCESSING_CONCURRENCY} RAILS_MAX_THREADS: ${RAILS_MAX_THREADS} volumes: - dawarich_public:/var/app/public - dawarich_watched:/var/app/tmp/imports/watched - dawarich_storage:/var/app/storage - dawarich_db_data:/dawarich_db_data:ro networks: - frontend_net - backend_net secrets: - dawarich_postgres_password - dawarich_redis_password - dawarich_secret_key_base - dawarich_metrics_password expose: - "3000" healthcheck: test: ["CMD-SHELL", "wget -qO - --header=\"Host: ${DAWARICH_HOST}\" --header=\"X-Forwarded-Proto: https\" http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"[[:space:]]*:[[:space:]]*\"ok\"'"] interval: 10s timeout: 10s retries: 30 start_period: 30s depends_on: dawarich_db: condition: service_healthy dawarich_redis: condition: service_healthy security_opt: - no-new-privileges:true labels: - traefik.enable=true - traefik.docker.network=frontend_net # Public API-key endpoints for mobile apps and Home Assistant pushes. - traefik.http.routers.dawarich-api.rule=Host(`${DAWARICH_HOST}`) && (Path(`/api/v1/health`) || Path(`/api/v1/owntracks/points`) || Path(`/api/v1/overland/batches`) || Path(`/api/v1/traccar/points`)) - traefik.http.routers.dawarich-api.entrypoints=websecure - traefik.http.routers.dawarich-api.tls=true - traefik.http.routers.dawarich-api.tls.certresolver=le - traefik.http.routers.dawarich-api.priority=100 - traefik.http.routers.dawarich-api.middlewares=secure-headers@file - traefik.http.routers.dawarich-api.service=dawarich # UI and all other routes require Authelia ForwardAuth. - traefik.http.routers.dawarich.rule=Host(`${DAWARICH_HOST}`) - traefik.http.routers.dawarich.entrypoints=websecure - traefik.http.routers.dawarich.tls=true - traefik.http.routers.dawarich.tls.certresolver=le - traefik.http.routers.dawarich.priority=10 - traefik.http.routers.dawarich.middlewares=authelia@file,secure-headers@file - traefik.http.routers.dawarich.service=dawarich - traefik.http.services.dawarich.loadbalancer.server.port=3000 dawarich_sidekiq: image: *dawarich_image container_name: dawarich_sidekiq restart: unless-stopped stdin_open: true tty: true entrypoint: - /bin/sh - -lc command: - | export DATABASE_PASSWORD="$$(cat /run/secrets/dawarich_postgres_password)" export REDIS_URL="redis://:$$(cat /run/secrets/dawarich_redis_password)@dawarich_redis:6379/0" export SECRET_KEY_BASE="$$(cat /run/secrets/dawarich_secret_key_base)" export METRICS_PASSWORD="$$(cat /run/secrets/dawarich_metrics_password)" exec sidekiq-entrypoint.sh sidekiq environment: TZ: ${TZ} RAILS_ENV: production DATABASE_HOST: dawarich_db DATABASE_PORT: "5432" DATABASE_USERNAME: ${POSTGRES_USER} DATABASE_NAME: ${POSTGRES_DB} APPLICATION_HOSTS: ${APPLICATION_HOSTS} APPLICATION_PROTOCOL: https TIME_ZONE: ${TZ} SELF_HOSTED: "true" STORE_GEODATA: "true" RAILS_LOG_TO_STDOUT: "true" PROMETHEUS_EXPORTER_ENABLED: "true" PROMETHEUS_EXPORTER_PORT: "9394" METRICS_USERNAME: ${METRICS_USERNAME} BACKGROUND_PROCESSING_CONCURRENCY: ${BACKGROUND_PROCESSING_CONCURRENCY} RAILS_MAX_THREADS: ${RAILS_MAX_THREADS} volumes: - dawarich_public:/var/app/public - dawarich_watched:/var/app/tmp/imports/watched - dawarich_storage:/var/app/storage networks: - backend_net secrets: - dawarich_postgres_password - dawarich_redis_password - dawarich_secret_key_base - dawarich_metrics_password expose: - "9394" healthcheck: test: ["CMD-SHELL", "pgrep -f sidekiq >/dev/null"] interval: 10s timeout: 10s retries: 30 start_period: 30s depends_on: dawarich_db: condition: service_healthy dawarich_redis: condition: service_healthy dawarich_app: condition: service_healthy security_opt: - no-new-privileges:true networks: frontend_net: external: true backend_net: external: true volumes: dawarich_db_data: driver: local driver_opts: type: none o: bind device: /mnt/user/appdata/dawarich/postgres17 dawarich_redis_data: driver: local driver_opts: type: none o: bind device: /mnt/user/appdata/dawarich/redis dawarich_shared: driver: local driver_opts: type: none o: bind device: /mnt/user/appdata/dawarich/shared dawarich_public: driver: local driver_opts: type: none o: bind device: /mnt/user/appdata/dawarich/public dawarich_watched: driver: local driver_opts: type: none o: bind device: /mnt/user/appdata/dawarich/watched dawarich_storage: driver: local driver_opts: type: none o: bind device: /mnt/user/appdata/dawarich/storage secrets: dawarich_postgres_password: file: /mnt/user/appdata/secrets/dawarich_postgres_password.txt dawarich_redis_password: file: /mnt/user/appdata/secrets/dawarich_redis_password.txt dawarich_secret_key_base: file: /mnt/user/appdata/secrets/dawarich_secret_key_base.txt dawarich_metrics_password: file: /mnt/user/appdata/secrets/dawarich_metrics_password.txt dawarich_grafana_ro_password: file: /mnt/user/appdata/secrets/dawarich_grafana_ro_password.txt