services:

  web:
    image: nginx
    depends_on:
      - app
    volumes:
      - ${VOLUMES_PATH}/nextcloud_html:/var/www/html:ro
      - $PWD/nginx.conf:/etc/nginx/nginx.conf:ro
    restart: unless-stopped
    networks:
      - web
      - nextcloud
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.rule=Host(`cloud.${DOMAIN}`)"
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.routers.nextcloud.tls.certresolver=netcup"
      - "traefik.http.routers.nextcloud.tls.options=intermediate@file"
      - "traefik.http.middlewares.nextcloudHeader.headers.customRequestHeaders.X-Forwarded-Proto=https"
      - "traefik.http.middlewares.nextcloudHeader.headers.stsSeconds=15552000"
      - "traefik.http.middlewares.nextcloudHeader.headers.stsIncludeSubdomains=true"
      - "traefik.http.middlewares.nextcloudHeader.headers.stsPreload=true"
      - "traefik.http.middlewares.nextcloudHeader.headers.forceSTSHeader=true"
      - "traefik.http.routers.nextcloud.middlewares=nextcloudHeader"
      - "docker.group=netxtcloud"


  app:
    image: nextcloud:${NC_MAIN_VERSION}-fpm
    volumes:
      - ${VOLUMES_PATH}/nextcloud_html:/var/www/html
      - ${VOLUMES_PATH}/nextcloud_data:/var/www/html/data
    restart: unless-stopped
    networks:
      - nextcloud
    environment:
      - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS}
      - MYSQL_HOST=db
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_DATABASE=${MYSQL_DATABASE}
      - MYSQL_USER=${MYSQL_USER}
      - REDIS_HOST=redis
      - REDIS_HOST_PASSWORD=${REDIS_HOST_PASSWORD}
    depends_on:
      - db
      - redis
    labels:
      - "docker.group=netxtcloud"
  

  cron:
    image: nextcloud:${NC_MAIN_VERSION}
    restart: unless-stopped
    networks:
      - nextcloud
    volumes:
      - ${VOLUMES_PATH}/nextcloud_html:/var/www/html
      - ${VOLUMES_PATH}/nextcloud_data:/var/www/html/data
      - $PWD/crontab:/var/spool/cron/crontabs/www-data:ro
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
    labels:
      - "docker.group=netxtcloud"


  db:
    image: mariadb:10
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed
    volumes:
      - ${VOLUMES_PATH}/nextcloud_db:/var/lib/mysql
    restart: unless-stopped
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Berlin
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_DATABASE=${MYSQL_DATABASE}
      - MYSQL_USER=${MYSQL_USER}
    logging:
      driver: "json-file"
      options:
        max-size: "200k"
        max-file: "5"
    networks:
      - nextcloud
      - mariadb
    labels: 
      - "docker.group=netxtcloud"


  adminer:
    image: adminer
    restart: unless-stopped
    networks:
       - web
       - mariadb
    environment:
      - ADMINER_DEFAULT_SERVER=db
      - ADMINER_DESIGN=flat
    depends_on:
      - db
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.adminer.rule=Host(`adminer.${DOMAIN}`)"
      - "traefik.http.routers.adminer.entrypoints=websecure"
      - "traefik.http.routers.adminer.tls.certresolver=netcup"
      - "traefik.http.routers.adminer.tls.options=intermediate@file"
      - "traefik.http.routers.adminer.middlewares=adminerauth"
      - "traefik.http.middlewares.adminerauth.basicauth.users=${HTPASSWD_ADMINER}"
      - "docker.group=netxtcloud"


  redis:
    image: redis:alpine
    restart: unless-stopped
    command: redis-server --requirepass ${REDIS_HOST_PASSWORD}
    networks:
      - nextcloud
    volumes:
      - ${VOLUMES_PATH}/nextcloud_redis:/data
    labels: 
      - "docker.group=netxtcloud"


  collabora:
    image: collabora/code
    networks:
       - nextcloud
       - web
    cap_add:
      - MKNOD
    expose:
      - 9980
    environment:
      - domain=cloud.${DOMAIN}
      - username=${COLLABORA_ADMIN_USER}
      - password=${COLLABORA_ADMIN_PASSWORD}
      - "extra_params=--o:ssl.enable=false --o:ssl.termination=true"
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.collabora.rule=Host(`collabora.${DOMAIN}`)"
      - "traefik.http.routers.collabora.entrypoints=websecure"
      - "traefik.http.routers.collabora.tls.certresolver=netcup"
      - "traefik.http.routers.collabora.tls.options=intermediate@file"
      - "traefik.http.services.collabora.loadbalancer.server.port=9980"
      - "docker.group=netxtcloud"


  drawio-export:
    image: jgraph/export-server
    expose:
      - "8000"
    networks:
      - nextcloud
    volumes:
      - ${VOLUMES_PATH}/nextcloud_fonts:/usr/share/fonts/drawio 
    restart: unless-stopped
    labels:
      - "docker.group=netxtcloud"


  drawio:
    image: jgraph/drawio
    networks:
      - web
      - nextcloud
    depends_on:
      - drawio-export
    environment:
      - VIRTUAL_HOST=drawio.${DOMAIN}
      - VIRTUAL_PORT=8080
      - LETS_ENCRYPT_ENABLED=false
      - EXPORT_URL=http://drawio-export:8000/
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.drawio.rule=Host(`drawio.${DOMAIN}`)"
      - "traefik.http.routers.drawio.entrypoints=websecure"
      - "traefik.http.routers.drawio.tls.certresolver=netcup"
      - "traefik.http.routers.drawio.tls.options=intermediate@file"
      - "traefik.http.services.drawio.loadbalancer.server.port=8080"
      - "docker.group=netxtcloud"

networks:
  web:
    external: true
  nextcloud:
  mariadb: