# https://github.com/nextcloud/docker?tab=readme-ov-file#running-this-image-with-docker-compose
# https://www.linuxbabe.com/redhat/install-nextcloud-rhel-8-centos-8-nginx-lemp

name: nextcloud

secrets:
  nextcloud_postgresql_database:
    file: ${SECRETSDIR}/nextcloud_postgresql_database
  nextcloud_postgresql_password:
    file: ${SECRETSDIR}/nextcloud_postgresql_password
  nextcloud_postgresql_username:
    file: ${SECRETSDIR}/nextcloud_postgresql_username
  nextcloud_admin_password:
    file: ${SECRETSDIR}/nextcloud_admin_password
  nextcloud_admin_username:
    file: ${SECRETSDIR}/nextcloud_admin_username
  nextcloud_redis_password:
    file: ${SECRETSDIR}/nextcloud_redis_password

networks:
  traefik-net:
    external: true
  postgres-net:
    external: true
#  backend:
#    driver: bridge
#    parent: eth1

# This server has no working outgoing internet connection:
# might need to emply firewall markings
# https://stackoverflow.com/questions/51312310/connecting-to-hosts-secondary-ip-from-inside-docker-container/51312755#51312755
# https://williamsbdev.com/posts/docker-connection-marking/
services:
  app:
#    image: nextcloud:30.0.0-fpm
    image: nextcloud:fpm-alpine
    hostname: nextcloud_app
    env_file: .nextcloud.env
    restart: unless-stopped
    depends_on:
      postgresql:
        condition: service_healthy
      redis: 
        condition: service_started
    secrets:
      - nextcloud_postgresql_database
      - nextcloud_postgresql_password
      - nextcloud_postgresql_username
      - nextcloud_admin_username
      - nextcloud_admin_password
      - nextcloud_redis_password
    volumes:
      - "${DATADIR}/appdata:/var/www/html:rw,z"
      - "${DATADIR}/custom_apps:/var/www/html/custom_apps"
      - "${DATADIR}/config:/var/www/html/config"
      - "${DATADIR}/themes:/var/www/html/themes"
      - "${DATADIR}/nginx/ssl:/etc/ssl/nginx"
      - "${BULKSTOREDIR}/data:/var/www/html/data"
    networks:
      - traefik-net
      - postgres-net
#      - backend
    environment:
      POSTGRES_DB_HOST: nextcloud_postgresql

  web:
    image: nginx
    hostname: nextcloud
    env_file: .nginx.env
    restart: unless-stopped
    links:
      - app
    volumes:
      - "${STACKSDIR}/nginx.conf:/etc/nginx/nginx.conf:ro"
    volumes_from:
      - app
    networks:
#      backend:
#        aliases: ["nextcloud_web"]
      traefik-net: {}
    labels:
      - traefik.enable=true
      - traefik.docker.network=traefik-net
      #
      - "traefik.http.middlewares.${APPLICATION_NAME}-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.${APPLICATION_NAME}-https-redirect.redirectscheme.permanent=true"
      #
      - "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${WEBUI_PORT}"
      #
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web"
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=${APPLICATION_NAME}-https-redirect"
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
      #
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure"
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true"
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=sthomeresolver"
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc"

# https://stackoverflow.com/questions/66738931/how-to-set-password-for-redis-server
# I managed to set the password permanently for the default user. Adding these 2 parameters in the file "redis.conf" requirepass newpass123 masterauth newpass123 And in the file "sentinel.conf" sentinel auth-pass mymaster newpass123 Thanks – 
#user14867757
# CommentedMar 24, 2021 at 4:19
  redis:
    image: docker.io/library/redis:alpine
    #command: --save 60 1 --loglevel warning 
    command: sh -c "redis-server --requirepass ${REDIS_PASSWORD}"  && --save 60 1  && --loglevel warning
    env_file: .redis.env
    restart: unless-stopped
    expose:
      - ${REDIS_PORT}
#    healthcheck:
#      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
#      start_period: 20s
#      interval: 30s
#      retries: 5
#      timeout: 3s
    secrets:
      - nextcloud_redis_password
    networks:
      postgres-net:
        aliases: ["nextcloud_redis"]
    volumes:
      - "$DATADIR/redis/data:/data"
      
  postgresql:
    image: postgres:16-alpine
    hostname: nextcloud_postgresql
    shm_size: 128mb
    restart: unless-stopped
    env_file: .postgresql.env
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    networks:
      - postgres-net
    secrets:
      - nextcloud_postgresql_database
      - nextcloud_postgresql_password
      - nextcloud_postgresql_username
    volumes:
      - "${DATADIR}/pgdata:/var/lib/postgresql/data"
      - "${DATADIR}/pgbackups:/mnt/backups"