networks:
  default:
    name: traefik_default
    external: true

services:
  nextcloud-db:
    env_file: live.env
    image: mariadb:10.11
    container_name: nextcloud-db
    command:
       --transaction-isolation=READ-COMMITTED --log-bin=ROW
       --log_bin_trust_function_creators=true
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
    networks:
      - default
    ports:
      - 3306:3306
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - ${NEXTCLOUD_ROOT}/mariadb:/var/lib/mysql
      - ${NEXTCLOUD_ROOT}/mariadb-conf/docker.cnf:/etc/mysql/conf.d/docker.cnf:ro

  nextcloud-redis:
    image: redis:6-alpine
    container_name: nextcloud-redis
    command: redis-server --requirepass ${REDIS_HOST_PASSWORD}
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
    networks:
      - default
    restart: unless-stopped
    volumes:
      - ${NEXTCLOUD_ROOT}/redis:/data
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro

  nextcloud-app:
    depends_on:
      - nextcloud-db
      - nextcloud-redis
    container_name: nextcloud-app
    command: >
      bash -c 'chown -R www-data:www-data ${NEXTCLOUD_DATA_DIR} && chown -R www-data:www-data /var/www/html && chmod 755 ${NEXTCLOUD_DATA_DIR}/.ocdata && /entrypoint.sh apache2-foreground'
    env_file: live.env
    environment:
      - NEXTCLOUD_TRUSTED_DOMAINS='${NEXTCLOUD_FQDN}'
      - NEXTCLOUD_DATA_DIR='${NEXTCLOUD_DATA_DIR}'
    extra_hosts:
      - "${NEXTCLOUD_FQDN}:${TRAEFIK_CONTAINER_IP}"
      - "${COLLABORA_FQDN}:${TRAEFIK_CONTAINER_IP}"
    build:
      context: ./
      dockerfile: Dockerfile
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
      # Routes
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.${DOMAIN}`)"
      - "traefik.http.routers.nextcloud.tls=true"
      - "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
      # HSTS and Cal Dav
      - "traefik.http.middlewares.nc-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
      - "traefik.http.middlewares.nc-rep.redirectregex.replacement=https://$$1/remote.php/dav/"
      - "traefik.http.middlewares.nc-rep.redirectregex.permanent=true"
      - "traefik.http.middlewares.nc-header.headers.referrerPolicy=no-referrer"
      - "traefik.http.middlewares.nc-header.headers.stsSeconds=31536000"
      - "traefik.http.middlewares.nc-header.headers.forceSTSHeader=true"
      - "traefik.http.middlewares.nc-header.headers.stsPreload=true"
      - "traefik.http.middlewares.nc-header.headers.stsIncludeSubdomains=true"
      - "traefik.http.middlewares.nc-header.headers.browserXssFilter=true"
      - "traefik.http.middlewares.nc-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.nextcloud.middlewares=nc-rep,nc-header"
    networks:
      - default
    restart: unless-stopped
    volumes:
      - ${NEXTCLOUD_ROOT}/html:/var/www/html
      - ${NEXTCLOUD_ROOT}/data:${NEXTCLOUD_DATA_DIR}

  nextcloud-cron:
    image: nextcloud:28
    container_name: nextcloud-cron
    command: >
      bash -c 'chown -R www-data:www-data ${NEXTCLOUD_DATA_DIR} && chown -R www-data:www-data /var/www/html && chmod 755 ${NEXTCLOUD_DATA_DIR}/.ocdata && /entrypoint.sh apache2-foreground'
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
    restart: unless-stopped
    volumes:
      - ${NEXTCLOUD_ROOT}/html:/var/www/html
      - ${NEXTCLOUD_ROOT}/data:${NEXTCLOUD_DATA_DIR}
    entrypoint: /cron.sh
    depends_on:
      - nextcloud-db
      - nextcloud-redis
      - nextcloud-collabora

  nextcloud-coturn:
      image: coturn/coturn:4
      container_name: nextcloud-coturn
      restart: unless-stopped
      ports:
       - "3478:3478/tcp"
       - "3478:3478/udp"
      networks:
        - default
      command:
        - -n
        - --log-file=stdout
        - --min-port=49160
        - --max-port=49200
        - --realm=${NEXTCLOUD_FQDN}
        - --use-auth-secret
        - --static-auth-secret=${COTURN_SECRET}

  nextcloud-collabora:
    image: collabora/code:23.05.9.1.1
    container_name: nextcloud-collabora
    env_file: live.env
    extra_hosts:
      - "${NEXTCLOUD_FQDN}:${TRAEFIK_CONTAINER_IP}"
      - "${COLLABORA_FQDN}:${TRAEFIK_CONTAINER_IP}"
    hostname: collabora.sporada.eu
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
      # Routes
      - "traefik.enable=true"
      - "traefik.http.routers.collabora.entrypoints=websecure"
      - "traefik.http.routers.collabora.rule=Host(`collabora.${DOMAIN}`)"
      - "traefik.http.routers.collabora.tls.certresolver=myresolver"
      - "traefik.http.services.collabora.loadbalancer.server.port=9980"
    restart: unless-stopped
    networks:
      - default
    ports:
      - "9980:9980"
    environment:
      - domain=${COLLABORA_DOMAIN}
      - server_name=${COLLABORA_FQDN}
      - username=${COLLABORA_USERNAME}
      - password=${COLLABORA_PASSWORD}
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true
      - VIRTUAL_PROTO=https
      - VIRTUAL_PORT=9980
      - VIRTUAL_HOST=${COLLABORA_FQDN}
    cap_add:
      - MKNOD
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro