poixpixel-discord-bot/docker-compose.yml

services:
  postgres:
    image: postgres:17-alpine
    container_name: postgres
    restart: always
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB}
    volumes:
      - ./certs/psql-server.crt:/var/lib/postgresql/server.crt:ro
      - ./certs/psql-server.key:/var/lib/postgresql/server.key:ro
      - postgres_data:/var/lib/postgresql/data
    command: >
      postgres
      -c ssl=on
      -c ssl_cert_file=/var/lib/postgresql/server.crt
      -c ssl_key_file=/var/lib/postgresql/server.key
    healthcheck:
      test:
        [
          'CMD-SHELL',
          'PGPASSWORD=${POSTGRES_PASSWORD} pg_isready -U ${POSTGRES_USER} -h localhost -p 5432 --db=${POSTGRES_DB}',
        ]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - services

  valkey:
    image: valkey/valkey:8-alpine
    container_name: valkey
    restart: always
    ports:
      - '6379:6379'
    volumes:
      - ./certs/cache-server.crt:/certs/server.crt:ro
      - ./certs/cache-server.key:/certs/server.key:ro
      - ./certs/cache-ca.crt:/certs/ca.crt:ro
      - valkey_data:/data
    command: >
      valkey-server
      --requirepass ${VALKEY_PASSWORD}
      --tls-port 6379
      --port 0
      --tls-cert-file /certs/server.crt
      --tls-key-file /certs/server.key
      --tls-ca-cert-file /certs/ca.crt
    healthcheck:
      test: [
          'CMD-SHELL',
          'valkey-cli
          -a
          ${VALKEY_PASSWORD}
          --tls
          --cacert
          /certs/ca.crt
          --cert
          /certs/server.crt
          --key
          /certs/server.key
          ping',
        ]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - services

  pgbouncer:
    image: ghcr.io/ahmadk953/poixpixel-discord-bot-pgbouncer
    container_name: pgbouncer
    environment:
      DB_USER: ${POSTGRES_USER}
      DB_PASSWORD: ${POSTGRES_PASSWORD}
      DB_HOST: postgres
      AUTH_USER: ${POSTGRES_USER}
      AUTH_TYPE: scram-sha-256
      POOL_MODE: transaction
      ADMIN_USERS: ${POSTGRES_USER}
      CLIENT_TLS_SSLMODE: require
      CLIENT_TLS_CERT_FILE: /certs/server.crt
      CLIENT_TLS_KEY_FILE: /certs/server.key
      CLIENT_TLS_CA_FILE: /certs/ca.crt
      SERVER_TLS_SSLMODE: require
    ports:
      - '5432:5432'
    depends_on:
      - postgres
    volumes:
      - ./certs/pgbouncer-server.crt:/certs/server.crt:ro
      - ./certs/pgbouncer-server.key:/certs/server.key:ro
      - ./certs/pgbouncer-ca.crt:/certs/ca.crt:ro
    healthcheck:
      test:
        [
          'CMD-SHELL',
          'PGPASSWORD=${POSTGRES_PASSWORD} pg_isready -U ${POSTGRES_USER} -h localhost -p 5432 --db=${POSTGRES_DB}',
        ]
    networks:
      - services

volumes:
  postgres_data:
  valkey_data:

networks:
  services:
    driver: bridge