version: "3.8"
services:
  web:
    image: nginx:1.21.6
    configs:
      - source: nginx_conf
        target: /etc/nginx/nginx.conf
    environment:
      - DOMAIN
      - STACK_NAME
    volumes:
      - nextcloud:/var/www/html/
      - nextapps:/var/www/html/custom_apps:cached
      - nextdata:/var/www/html/data:cached
      - nextconfig:/var/www/html/config:cached
      - ${EXTRA_VOLUME}
    networks:
      - proxy
      - internal
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"

  app:
    image: nextcloud:23.0.4-fpm
    depends_on:
      - db
    configs:
      - source: fpm_tune
        target: /usr/local/etc/php-fpm.d/fpm-tune.conf
    secrets:
      - db_password
      - admin_password
    environment:
      - DOMAIN
      - STACK_NAME
      - NEXTCLOUD_ADMIN_USER=${ADMIN_USER}
      - NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin_password
      - NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN}
      - TRUSTED_PROXIES=traefik
      - REDIS_HOST=cache
      - SMTP_HOST
      - MAIL_FROM_ADDRESS
      - MAIL_DOMAIN
      - SMTP_AUTHTYPE=PLAIN
      - OVERWRITEPROTOCOL=https
      - PHP_MEMORY_LIMIT=1G
    volumes:
      - nextcloud:/var/www/html/
      - nextapps:/var/www/html/custom_apps:cached
      - nextdata:/var/www/html/data:cached
      - nextconfig:/var/www/html/config:cached
      - ${EXTRA_VOLUME}
    networks:
      - internal
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      labels:
        - "coop-cloud.${STACK_NAME}.version=2.0.0+23.0.4-fpm"
        - "backupbot.backup=true"
        - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"


  cron:
    image: nextcloud:23.0.4-fpm
    volumes:
      - nextcloud:/var/www/html/
      - nextapps:/var/www/html/custom_apps:cached
      - nextdata:/var/www/html/data:cached
      - nextconfig:/var/www/html/config:cached
      - ${EXTRA_VOLUME}
    networks:
      - internal
    entrypoint: /cron.sh

  cache:
    image: redis:6.2.7-alpine
    networks:
      - internal
    volumes:
      - "redis:/data"

secrets:
  db_root_password:
    external: true
    name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
  db_password:
    external: true
    name: ${STACK_NAME}_db_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
  admin_password:
    external: true
    name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}

volumes:
  nextcloud:
  nextapps:
  nextdata:
  nextconfig:
  redis:

configs:
  nginx_conf:
    name: ${STACK_NAME}_nginx_${NGINX_CONF_VERSION}
    file: nginx.conf.tmpl
    template_driver: golang
  fpm_tune:
    name: ${STACK_NAME}_fpm_tune_${FPM_TUNE_VERSION}
    file: fpm-tune.ini

networks:
  proxy:
    external: true
  internal: