x-transcoder: &transcoder-base build: ./transcoder image: ghcr.io/zoriya/kyoo_transcoder:edge networks: default: aliases: - transcoder restart: unless-stopped environment: - JWKS_URL=http://auth:4568/.well-known/jwks.json env_file: - ./.env volumes: - ${LIBRARY_ROOT}:/video:ro - ${CACHE_ROOT}:/cache - transcoder_metadata:/metadata labels: - "traefik.enable=true" - "traefik.http.routers.transcoder.rule=PathPrefix(`/video`)" - "traefik.http.routers.transcoder.middlewares=phantom-token" - "traefik.http.middlewares.phantom-token.forwardauth.address=http://auth:4568/auth/jwt" - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,Cookie,X-Api-Key" - "traefik.http.middlewares.phantom-token.forwardauth.authResponseHeaders=Authorization" services: front: build: ./front image: ghcr.io/zoriya/kyoo_front:edge restart: unless-stopped environment: - KYOO_URL=${KYOO_URL:-http://api:5000/api} labels: - "traefik.enable=true" - "traefik.http.routers.front.rule=PathPrefix(`/`)" - "traefik.http.services.front.loadbalancer.server.port=8901" auth: build: ./auth image: ghcr.io/zoriya/kyoo_auth:edge restart: unless-stopped depends_on: postgres: condition: service_healthy env_file: - ./.env labels: - "traefik.enable=true" - "traefik.http.routers.auth.rule=PathPrefix(`/auth/`) || PathPrefix(`/.well-known/`)" api: build: ./api restart: unless-stopped depends_on: postgres: condition: service_healthy environment: - JWT_ISSUER=${PUBLIC_URL} env_file: - ./.env volumes: - images:/app/images labels: - "traefik.enable=true" - "traefik.http.routers.api.rule=PathPrefix(`/api/`) || PathPrefix(`/swagger`)" - "traefik.http.routers.api.middlewares=phantom-token" - "traefik.http.middlewares.phantom-token.forwardauth.address=http://auth:4568/auth/jwt" - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,Cookie,X-Api-Key" - "traefik.http.middlewares.phantom-token.forwardauth.authResponseHeaders=Authorization" scanner: build: ./scanner image: ghcr.io/zoriya/kyoo_scanner:edge restart: unless-stopped env_file: - ./.env environment: # Use this env var once we use mTLS for auth # - KYOO_URL=${KYOO_URL:-http://api:3567/api} - KYOO_URL=${KYOO_URL:-http://traefik:8901/api} - KYOO_APIKEY=scanner-$KEIBI_APIKEY_SCANNER - JWKS_URL=http://auth:4568/.well-known/jwks.json - JWT_ISSUER=${PUBLIC_URL} volumes: - ${LIBRARY_ROOT}:/video:ro labels: - "traefik.enable=true" - "traefik.http.routers.scanner.rule=PathPrefix(`/scanner/`)" - "traefik.http.routers.scanner.middlewares=phantom-token" - "traefik.http.middlewares.phantom-token.forwardauth.address=http://auth:4568/auth/jwt" - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,Cookie,X-Api-Key" - "traefik.http.middlewares.phantom-token.forwardauth.authResponseHeaders=Authorization" transcoder: <<: *transcoder-base profiles: ["", "cpu"] transcoder-nvidia: <<: *transcoder-base deploy: resources: reservations: devices: - capabilities: [gpu] driver: cdi device_ids: - nvidia.com/gpu=all environment: - GOCODER_HWACCEL=nvidia profiles: ["nvidia"] transcoder-vaapi: <<: *transcoder-base devices: - /dev/dri:/dev/dri environment: - GOCODER_HWACCEL=vaapi - GOCODER_VAAPI_RENDERER=${GOCODER_VAAPI_RENDERER:-/dev/dri/renderD128} profiles: ["vaapi"] # qsv is the same setup as vaapi but with the hwaccel env var different transcoder-qsv: <<: *transcoder-base devices: - /dev/dri:/dev/dri environment: - GOCODER_HWACCEL=qsv - GOCODER_VAAPI_RENDERER=${GOCODER_VAAPI_RENDERER:-/dev/dri/renderD128} profiles: ["qsv"] traefik: image: traefik:v3.5 restart: unless-stopped command: - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--entryPoints.web.address=:8901" - "--accesslog=true" ports: - "8901:8901" volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" postgres: image: postgres:15 restart: unless-stopped env_file: - ./.env volumes: - db:/var/lib/postgresql/data environment: - POSTGRES_USER=$PGUSER - POSTGRES_PASSWORD=$PGPASSWORD - POSTGRES_DB=$PGDATABASE - POSTGRES_HOST_AUTH_METHOD=trust healthcheck: test: ["CMD-SHELL", "pg_isready -U ${PGUSER} -d ${PGDATABASE}"] interval: 5s timeout: 5s retries: 5 volumes: db: images: transcoder_metadata: