ansible-en-role/templates/docker-compose.yaml.j2

version: "3.9"
services:
  traefik:
    image: "traefik:{{ traefik_version }}"
    network_mode: "host"
    restart: unless-stopped
    command:
      - "--log.level=INFO"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.external_node_health.address=:3080"
{% if enable_tls %}
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.en_resolver.acme.tlschallenge=true"
      - "--certificatesresolvers.en_resolver.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.myresolver.acme.email={{ acme_email }}"
{% endif %}
      - "--metrics.prometheus=true"
      - "--metrics.prometheus.entryPoint=metrics"
      - "--entryPoints.metrics.address=:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
{% if enable_tls %}
      - "./letsencrypt:/letsencrypt"
{% endif %}

  postgres:
    image: "postgres:{{ postgres_version }}"
    restart: unless-stopped
    healthcheck:
      interval: 1m
      timeout: 30s
      retries: 288000
      start_period: 4h
      test: psql -U postgres -c "select exists (select * from pg_stat_activity where datname = '{{ database_name }}' and application_name = 'pg_restore')" | grep -e ".f$"
    volumes:
      - "{{ storage_directory }}/postgres:/var/lib/postgresql/data"
      - "{{ storage_directory }}/pg_backups:/pg_backups"
      - ./restore_dump.sh:/docker-entrypoint-initdb.d/restore_dump.sh
    env_file:
      - postgres.env
    command:
      - postgres
      - -c
{% for argument in postgres_arguments %}
      - {{ argument }}
{% endfor %}
  external_node:
{% if not external_node_raw_docker_tag %}
    image: "matterlabs/external-node:v{{ external_node_version }}"
{% else %}
    image: "matterlabs/external-node:{{ external_node_raw_docker_tag }}"
{% endif %}
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.external_node_main.loadbalancer.server.port={{ rpc_http_port }}"
      - "traefik.http.routers.external_node_main.rule=PathPrefix(`/`)"
{% if enable_tls %}
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
      - "traefik.http.routers.whoami.rule=Host(`{{ domain_name }}`)"
{% else %}
      - "traefik.http.routers.external_node_main.entrypoints=web"
{% endif %}
      - "traefik.http.routers.external_node_main.service=external_node_main"

      - "traefik.http.services.external_node_health.loadbalancer.server.port={{ healthcheck_port }}"
      - "traefik.http.routers.external_node_health.rule=PathPrefix(`/`)"
      - "traefik.http.routers.external_node_health.entrypoints=external_node_health"
      - "traefik.http.routers.external_node_health.service=external_node_health"
{% if enable_basic_auth %}
      - "traefik.http.routers.external_node_main.middlewares=external_node_auth"
      - "traefik.http.middlewares.external_node_auth.basicauth.users={{ basic_auth_secret }}"
{% endif %}
    expose:
      - {{ rpc_http_port }}
      - {{ rpc_ws_port }}
      - {{ healthcheck_port }}
      - {{ metrics_port }}
{% if enable_consensus %}
      - {{ consensus_port }}
{% endif %}
    environment:
      ZKSYNC_HOME: "/"
      EN_STATE_CACHE_PATH: /db/state_keeper
      EN_MERKLE_TREE_PATH: /db/lightweight-new
      EN_HTTP_PORT: {{ rpc_http_port }}
      EN_WS_PORT: {{ rpc_ws_port }}
      EN_HEALTHCHECK_PORT: {{ healthcheck_port }}
      EN_PROMETHEUS_PORT: {{ metrics_port }}
      EN_THREADS_PER_SERVER: 64
      CHAIN_STATE_KEEPER_VALIDATION_COMPUTATIONAL_GAS_LIMIT: 2000000
      DATABASE_POOL_SIZE: 200
      EN_MAX_BLOCKS_PER_TREE_BATCH: 200
      MISC_LOG_FORMAT: json
      RUST_LOG: {{ rust_log }}
{% if enable_consensus %}
      EN_CONSENSUS_CONFIG_PATH: /etc/consensus_config.yaml
      EN_CONSENSUS_SECRETS_PATH: /run/secrets/consensus_secrets.yaml
{% endif %}
    healthcheck:
      test: [ "CMD", "curl", "-f", "http://localhost:{{ healthcheck_port }}/health" ]
      interval: 1m
      timeout: 30s
      retries: 60
      start_period: 1m
    volumes:
      - "{{ storage_directory }}/db:/db"
{% if enable_consensus %}
      - "consensus_config.yaml:/etc/consensus_config.yaml"
{% endif %}
    env_file:
      - "external_node.env"
      - "postgres.env"
    command:
{% if enable_snapshots_recovery %}
      - --enable-snapshots-recovery
{% endif %}
{% if enable_consensus %}
      - --enable-consensus
    secrets:
      - consensus_secrets
{% endif %}

{% if enable_consensus %}
secrets:
  consensus_secrets:
    file: consensus_secrets.yaml
{% endif %}