ansible/roles/docker/templates/gotosocial-compose.yml.j2

services:
  gotosocial:
    image: docker.io/superseriousbusiness/gotosocial:0.19.1
    container_name: gotosocial
    user: 1000:1000
    extra_hosts:
      - '{{ subdomains.auth }}:{{ docker.hairpin_ip }}'
    environment:
      GTS_HOST: {{ subdomains.social }}
      GTS_DB_TYPE: sqlite
      GTS_DB_ADDRESS: /gotosocial/storage/sqlite.db
      GTS_WAZERO_COMPILATION_CACHE: /gotosocial/.cache
      GTS_LETSENCRYPT_ENABLED: "false"
      GTS_LETSENCRYPT_EMAIL_ADDRESS: ""
      GTS_TRUSTED_PROXIES: "{{ docker.hairpin_ip }}"
      GTS_ACCOUNT_DOMAIN: {{ primary_domain }}
      GTS_OIDC_ENABLED: "true"
      GTS_OIDC_IDP_NAME: "Authentik"
      GTS_OIDC_ISSUER: https://{{ subdomains.auth }}/application/o/gotosocial/
      GTS_OIDC_CLIENT_ID: {{ vault_gotosocial.oidc.client_id }}
      GTS_OIDC_CLIENT_SECRET: {{ vault_gotosocial.oidc.client_secret }}
      GTS_OIDC_LINK_EXISTING: "true"
      GTS_HTTP_CLIENT: "20s"
      GTS_SMTP_HOST: "{{ smtp.host }}"
      GTS_SMTP_PORT: "587"
      GTS_SMTP_USERNAME: "{{ smtp.username }}"
      GTS_SMTP_PASSWORD: {{ vault_smtp.password }}
      GTS_SMTP_FROM: "social@{{ email_domains.updates }}"
      TZ: UTC
    volumes:
      - gotosocial:/gotosocial/storage
    restart: "always"
    labels:
      docker-volume-backup.stop-during-backup: true
      glance.name: GoToSocial
      glance.icon: si:mastodon
      glance.url: https://{{ subdomains.social }}/
      glance.description: Fediverse server
      glance.id: gotosocial
    
  backup:
    image: offen/docker-volume-backup:v2
    restart: always
    labels:
      glance.parent: gotosocial
      glance.name: Backup
      mag37.dockcheck.update: true
    environment:
      BACKUP_FILENAME: gts-backup-%Y-%m-%dT%H-%M-%S.tar.gz
      BACKUP_CRON_EXPRESSION: "0 9 * * *"
      BACKUP_PRUNING_PREFIX: gts-
      BACKUP_RETENTION_DAYS: 7
      AWS_S3_BUCKET_NAME: tsolbackups
      AWS_ENDPOINT: s3.us-west-004.backblazeb2.com 
      AWS_ACCESS_KEY_ID: {{ vault_backup.access_key_id }}
      AWS_SECRET_ACCESS_KEY: {{ vault_backup.secret_access_key }}
    volumes:
      - gotosocial:/backup/gts-app-backup:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro

volumes:
  gotosocial:
    driver: local

networks:
  default:
    external: true
    name: {{ docker.network_name }}