services:
  db:
    image: {{ nextcloud_postgres_image }}
    restart: always
    environment:
      POSTGRES_DB: {{ nextcloud_postgres_db }}
      POSTGRES_USER: {{ nextcloud_postgres_user }}
      POSTGRES_PASSWORD: {{ nextcloud_postgres_password }}
    volumes:
      - {{ nextcloud_docker_volume_dir }}/postgresql/:/var/lib/postgresql/
      - ./init-db.sql:/docker-entrypoint-initdb.d/init-db.sql:ro
    networks:
      - {{ nextcloud_backend_network }}

  redis:
    image: {{ nextcloud_redis_image }}
    restart: always
    command: ["redis-server", "--appendonly", "yes"]
    volumes:
      - {{ nextcloud_docker_volume_dir }}/redis/data:/data
    networks:
      - {{ nextcloud_backend_network }}

  nginx:
    image: nginx:alpine
    restart: always
    depends_on:
      - nextcloud
    volumes:
      - {{ nextcloud_docker_volume_dir }}/nextcloud/:/var/www/html:ro
      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
    networks:
      - {{ nextcloud_backend_network }}
      - {{ nextcloud_traefik_network }}
    labels:
      - traefik.enable=true
      - traefik.docker.network={{ nextcloud_traefik_network }}
      - traefik.http.routers.{{ nextcloud_service_name }}.rule=Host(`{{ nextcloud_domain }}`)
{% if nextcloud_use_ssl %}
      - traefik.http.routers.{{ nextcloud_service_name }}.entrypoints=websecure
      - traefik.http.routers.{{ nextcloud_service_name }}.tls=true
{% else %}
      - traefik.http.routers.{{ nextcloud_service_name }}.entrypoints=web
{% endif %}

  nextcloud-cron:
    image: {{ nextcloud_image }}
    restart: always
    depends_on:
      - nextcloud
    entrypoint: /cron.sh
    environment:
      POSTGRES_HOST: db
      POSTGRES_DB: {{ nextcloud_postgres_db }}
      POSTGRES_USER: {{ nextcloud_postgres_user }}
      POSTGRES_PASSWORD: {{ nextcloud_postgres_password }}
      NEXTCLOUD_ADMIN_USER: {{ nextcloud_admin_user }}
      NEXTCLOUD_ADMIN_PASSWORD: {{ nextcloud_admin_password }}
      REDIS_HOST: redis
      PHP_MEMORY_LIMIT: {{ nextcloud_memory_limit_mb }}M
      PHP_UPLOAD_LIMIT: {{  nextcloud_upload_limit_mb }}M
      OVERWRITEPROTOCOL: https
      OVERWRITEHOST: {{ nextcloud_domain }}
      TRUSTED_PROXIES: "172.18.0.0/16 172.16.9.88/16 172.16.17.0/24 172.16.9.88"
    volumes:
      - {{ nextcloud_docker_volume_dir }}/nextcloud/:/var/www/html
    networks:
      - {{ nextcloud_backend_network }}

  nextcloud:
    image: {{ nextcloud_image }}
    scale: {{ nextcloud_scale_factor }}
    restart: always
    depends_on:
      - db
      - redis
    environment:
      POSTGRES_HOST: db
      POSTGRES_DB: {{ nextcloud_postgres_db }}
      POSTGRES_USER: {{ nextcloud_postgres_user }}
      POSTGRES_PASSWORD: {{ nextcloud_postgres_password }}
      NEXTCLOUD_ADMIN_USER: {{ nextcloud_admin_user }}          
      NEXTCLOUD_ADMIN_PASSWORD: {{ nextcloud_admin_password }}  
      REDIS_HOST: redis
      PHP_MEMORY_LIMIT: {{ nextcloud_memory_limit_mb }}M
      PHP_UPLOAD_LIMIT: {{  nextcloud_upload_limit_mb }}M
      OVERWRITEPROTOCOL: https
      OVERWRITEHOST: {{ nextcloud_domain }}
      TRUSTED_PROXIES: "172.18.0.0/16 172.16.9.88/16 172.16.17.0/24 172.16.9.88"
{% if nextcloud_use_s3_storage %}
      OBJECTSTORE_S3_KEY: {{ nextcloud_s3_key }}
      OBJECTSTORE_S3_SECRET: {{ nextcloud_s3_secret }}
      OBJECTSTORE_S3_REGION: {{ nextcloud_s3_region }}
      OBJECTSTORE_S3_BUCKET: {{ nextcloud_s3_bucket }}
      OBJECTSTORE_S3_HOST: {{ nextcloud_s3_host }}
      OBJECTSTORE_S3_PORT: {{ nextcloud_s3_port }}
      OBJECTSTORE_S3_SSL: {{ nextcloud_s3_ssl }}
      OBJECTSTORE_S3_USEPATH_STYLE: {{ nextcloud_s3_usepath_style }}
      OBJECTSTORE_S3_AUTOCREATE: {{ nextcloud_s3_autocreate }}
{% endif %}
    volumes:
      - {{ nextcloud_docker_volume_dir }}/nextcloud/:/var/www/html
    networks:
      - {{ nextcloud_backend_network }}

{% if nextcloud_enable_collabora %}
  collabora:
    image: {{ nextcloud_collabora_image }}
    restart: always
    environment:
      domain: ^{{ nextcloud_domain | replace('.', '\\.') }}$
      extra_params: >-
        --o:ssl.enable=false
        --o:ssl.termination=true
        --o:net.frame_ancestors=https://{{ nextcloud_domain }}
    cap_add:
      - MKNOD
    networks:
      - {{ nextcloud_traefik_network }}
    labels:
      - traefik.enable=true
      - traefik.docker.network={{ nextcloud_traefik_network }}
      - traefik.http.routers.{{ nextcloud_collabora_service_name }}.rule=Host(`{{ nextcloud_collabora_domain }}`)
      - traefik.http.services.{{ nextcloud_collabora_service_name }}.loadbalancer.server.port=9980
{% if nextcloud_use_ssl %}
      - traefik.http.routers.{{ nextcloud_collabora_service_name }}.entrypoints=websecure
      - traefik.http.routers.{{ nextcloud_collabora_service_name }}.tls=true
{% else %}
      - traefik.http.routers.{{ nextcloud_collabora_service_name }}.entrypoints=web
{% endif %}

{% endif %}

networks:
  {{ nextcloud_backend_network }}:
  {{ nextcloud_traefik_network }}:
    external: true