feat: rework compose config to be more modular

[no-ci]

.gitignore

@@ -9,3 +9,4 @@
 /node_modules
 /site
 /src
+/compose.override.yaml

compose-config/build.yaml

@@ -0,0 +1,25 @@
+---
+# Enable [docker compose build] for building local version of Pixelfed
+
+services:
+  web:
+    build: &build
+      dockerfile: docker/Dockerfile
+      context: ../
+      target: ${DOCKER_APP_RUNTIME}-runtime
+      cache_from:
+        - "type=registry,ref=${DOCKER_APP_IMAGE}:${DOCKER_APP_TAG}"
+      args:
+        APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}"
+        BUILD_FRONTEND: "${DOCKER_APP_BUILD_FRONTEND:-0}"
+        PHP_BASE_TYPE: "${DOCKER_APP_BASE_TYPE}"
+        PHP_DEBIAN_RELEASE: "${DOCKER_APP_DEBIAN_RELEASE}"
+        PHP_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_EXTENSIONS_EXTRA:-}"
+        PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}"
+        PHP_VERSION: "${DOCKER_APP_PHP_VERSION:?error}"
+
+  worker:
+    build: *build
+
+  cron:
+    build: *build

compose-config/db/expose.yaml

@@ -0,0 +1,4 @@
+services:
+  db:
+    ports:
+      - "${DOCKER_DB_HOST_PORT:?error}:${DOCKER_DB_CONTAINER_PORT:?error}"

compose-config/db/service.yaml

@@ -0,0 +1,54 @@
+services:
+  db:
+    image: ${DOCKER_DB_IMAGE:?error}
+    container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-db"
+    command: ${DOCKER_DB_COMMAND:-}
+    restart: unless-stopped
+    profiles:
+      - ${DOCKER_DB_PROFILE:-}
+    environment:
+      TZ: "${TZ:?error}"
+      # MySQL (Oracle) - "Environment Variables" at https://hub.docker.com/_/mysql
+      MYSQL_ROOT_PASSWORD: "${DOCKER_DB_ROOT_PASSWORD:?error}"
+      MYSQL_USER: "${DB_USERNAME:?error}"
+      MYSQL_PASSWORD: "${DB_PASSWORD:?error}"
+      MYSQL_DATABASE: "${DB_DATABASE:?error}"
+      # MySQL (MariaDB) - "Start a mariadb server instance with user, password and database" at https://hub.docker.com/_/mariadb
+      MARIADB_ROOT_PASSWORD: "${DOCKER_DB_ROOT_PASSWORD:?error}"
+      MARIADB_USER: "${DB_USERNAME:?error}"
+      MARIADB_PASSWORD: "${DB_PASSWORD:?error}"
+      MARIADB_DATABASE: "${DB_DATABASE:?error}"
+      # PostgreSQL - "Environment Variables" at https://hub.docker.com/_/postgres
+      POSTGRES_USER: "${DB_USERNAME:?error}"
+      POSTGRES_PASSWORD: "${DB_PASSWORD:?error}"
+      POSTGRES_DB: "${DB_DATABASE:?error}"
+    volumes:
+      - "../../${DOCKER_DB_HOST_DATA_PATH:?error}:${DOCKER_DB_CONTAINER_DATA_PATH:?error}"
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "healthcheck.sh",
+          "--su-mysql",
+          "--connect",
+          "--innodb_initialized",
+        ]
+      interval: "${DOCKER_DB_HEALTHCHECK_INTERVAL:?error}"
+      retries: 2
+      timeout: 5s
+
+  cron:
+    # https://docs.docker.com/reference/compose-file/services/#depends_on
+    depends_on:
+      db:
+        condition: "service_healthy"
+
+  worker:
+    depends_on:
+      db:
+        condition: "service_healthy"
+
+  web:
+    depends_on:
+      db:
+        condition: "service_healthy"

compose-config/proxy/acme.yaml

@@ -0,0 +1,28 @@
+# Proxy companion for managing LetsEncrypt SSL certificates
+#
+# You can disable this service by setting [DOCKER_PROXY_ACME_PROFILE="disabled"]
+# in your [.env] file - the setting is near the bottom of the file.
+#
+# See: https://github.com/nginx-proxy/acme-companion/tree/main/docs
+
+services:
+  proxy-acme:
+    image: nginxproxy/acme-companion:2.5
+    container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-proxy-acme"
+    restart: unless-stopped
+    profiles:
+      - ${DOCKER_PROXY_ACME_PROFILE:-}
+    environment:
+      DEBUG: 0
+      DEFAULT_EMAIL: "${DOCKER_PROXY_LETSENCRYPT_EMAIL:?error}"
+      NGINX_PROXY_CONTAINER: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-proxy"
+    depends_on:
+      proxy:
+        condition: "service_healthy"
+    volumes:
+      - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy-acme:/etc/acme.sh"
+      - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/certs:/etc/nginx/certs"
+      - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/conf.d:/etc/nginx/conf.d"
+      - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/vhost.d:/etc/nginx/vhost.d"
+      - "${DOCKER_ALL_HOST_DATA_ROOT_PATH}/proxy/html:/usr/share/nginx/html"
+      - "${DOCKER_PROXY_HOST_DOCKER_SOCKET_PATH}:/var/run/docker.sock:ro"

compose-config/proxy/service.yaml

@@ -0,0 +1,52 @@
+# HTTP/HTTPS proxy
+#
+# Sits in front of the *real* webserver and manages SSL and (optionally)
+# load-balancing between multiple web servers
+#
+# You can disable this service by setting [DOCKER_PROXY_PROFILE="disabled"]
+# in your [.env] file - the setting is near the bottom of the file.
+#
+# This also disables the [proxy-acme] service, if this is not desired, change the
+# [DOCKER_PROXY_ACME_PROFILE] setting to an empty string [""]
+#
+# See: https://github.com/nginx-proxy/nginx-proxy/tree/main/docs
+
+services:
+  proxy:
+    image: nginxproxy/nginx-proxy:1.6
+    container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-proxy"
+    restart: unless-stopped
+    profiles:
+      - ${DOCKER_PROXY_PROFILE:-}
+    environment:
+      DOCKER_SERVICE_NAME: "proxy"
+    volumes:
+      - "../../${DOCKER_PROXY_HOST_DOCKER_SOCKET_PATH}:/tmp/docker.sock:ro"
+      - "../../${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/conf.d:/etc/nginx/conf.d"
+      - "../../${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/vhost.d:/etc/nginx/vhost.d"
+      - "../../${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/certs:/etc/nginx/certs"
+      - "../../${DOCKER_ALL_HOST_DATA_ROOT_PATH}/proxy/html:/usr/share/nginx/html"
+    ports:
+      - "${DOCKER_PROXY_HOST_PORT_HTTP}:80"
+      - "${DOCKER_PROXY_HOST_PORT_HTTPS}:443"
+    healthcheck:
+      test: "curl --fail https://${APP_DOMAIN}/api/service/health-check"
+      interval: "${DOCKER_PROXY_HEALTHCHECK_INTERVAL}"
+      retries: 2
+      timeout: 5s
+
+  web:
+    volumes:
+      - "../../${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/conf.d:/shared/proxy/conf.d"
+
+    environment:
+      LETSENCRYPT_HOST: "${DOCKER_PROXY_LETSENCRYPT_HOST:?error}"
+      LETSENCRYPT_EMAIL: "${DOCKER_PROXY_LETSENCRYPT_EMAIL:?error}"
+      LETSENCRYPT_TEST: "${DOCKER_PROXY_LETSENCRYPT_TEST:-}"
+      VIRTUAL_HOST: "${APP_DOMAIN}"
+      VIRTUAL_PORT: "80"
+
+    labels:
+      com.github.nginx-proxy.nginx-proxy.keepalive: 30
+      com.github.nginx-proxy.nginx-proxy.http2.enable: true
+      com.github.nginx-proxy.nginx-proxy.http3.enable: true

compose-config/redis/expose.yaml

@@ -0,0 +1,4 @@
+services:
+  redis:
+    ports:
+      - "${DOCKER_REDIS_HOST_PORT}:6379"

compose-config/redis/service.yaml

@@ -0,0 +1,34 @@
+services:
+  redis:
+    image: redis:${DOCKER_REDIS_VERSION}
+    container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-redis"
+    restart: unless-stopped
+    command: "${DOCKER_REDIS_CONFIG_FILE:-} --requirepass '${REDIS_PASSWORD:-}'"
+    profiles:
+      - ${DOCKER_REDIS_PROFILE:-}
+    environment:
+      TZ: "${TZ:?error}"
+      REDISCLI_AUTH: ${REDIS_PASSWORD:-}
+    volumes:
+      - "../../${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/redis:/etc/redis"
+      - "../../${DOCKER_REDIS_HOST_DATA_PATH}:/data"
+    healthcheck:
+      test: ["CMD", "redis-cli", "-p", "6379", "ping"]
+      interval: "${DOCKER_REDIS_HEALTHCHECK_INTERVAL:?error}"
+      retries: 2
+      timeout: 5s
+
+  cron:
+    depends_on:
+      redis:
+        condition: "service_healthy"
+
+  worker:
+    depends_on:
+      redis:
+        condition: "service_healthy"
+
+  web:
+    depends_on:
+      redis:
+        condition: "service_healthy"

compose-config/web/expose.yaml

@@ -0,0 +1,4 @@
+services:
+  web:
+    ports:
+      - "${DOCKER_WEB_PORT_EXTERNAL_HTTP}:80"

compose.override.yaml.example

@@ -0,0 +1,26 @@
+---
+include:
+  - path:
+    # Uncomment to add support for [docker compose build] for local images.
+    # - compose-config/build.yaml
+
+    # Uncomment to add nginx proxy in front of the [web] container.
+    # - compose-config/proxy/service.yaml
+
+    # Uncomment to add nginx acme (LetsEncrypt) support to [proxy] container.
+    # - compose-config/proxy/acme.yaml
+
+    # Uncomment to expose [web] container to the host directly.
+    # - compose-config/web/expose.yaml
+
+    # Comment to disable the included [redis] service.
+    - compose-config/redis/service.yaml
+
+    # Uncomment to expose the [redis] server to the host directly.
+    # - compose-config/redis/expose.yaml
+
+    # Comment to disable the included [db] service.
+    - compose-config/db/service.yaml
+
+    # Uncomment to expose the [db] server to the host directly.
+    # - compose-config/db/expose.yaml