services:
  opencloud:
    image: {{ opencloud_image }}
    container_name: {{ opencloud_service_name }}
    restart: unless-stopped
    entrypoint:
      - /bin/sh
    command: ["-c", "opencloud init || true; opencloud server"]
    volumes:
      - {{ opencloud_docker_volume_dir }}/config:/etc/ocis
      - {{ opencloud_docker_volume_dir }}/data:/var/lib/ocis
    environment:
{% if opencloud_use_ssl %}
      OC_URL: "https://{{ opencloud_domain }}"
{% else %}
      OC_URL: "http://{{ opencloud_domain }}"
{% endif %}
      OC_INSECURE: "true"
      OC_LOG_LEVEL: "{{ opencloud_log_level }}"
      PROXY_TLS: "false"
{% if opencloud_csp_extra_connect_src | length > 0 %}
      PROXY_CSP_CONFIG_FILE_OVERRIDE_LOCATION: "/etc/ocis/csp-override.yaml"
{% endif %}
      IDM_ADMIN_PASSWORD: "{{ opencloud_admin_password }}"
{% if opencloud_oidc_issuer %}
      OC_OIDC_ISSUER: "{{ opencloud_oidc_issuer }}"
      OC_OIDC_CLIENT_ID: "{{ opencloud_oidc_client_id }}"
{% if opencloud_oidc_client_secret %}
      OC_OIDC_CLIENT_SECRET: "{{ opencloud_oidc_client_secret }}"
{% endif %}
      PROXY_OIDC_REWRITE_WELLKNOWN: "{{ opencloud_oidc_rewrite_wellknown | string | lower }}"
      PROXY_USER_OIDC_CLAIM: "{{ opencloud_oidc_user_claim }}"
      PROXY_USER_CS3_CLAIM: "{{ opencloud_oidc_user_cs3_claim }}"
      PROXY_AUTOPROVISION_ACCOUNTS: "{{ opencloud_oidc_autoprovision_accounts | string | lower }}"
{% if opencloud_oidc_account_edit_url %}
      WEB_OPTION_ACCOUNT_EDIT_LINK_HREF: "{{ opencloud_oidc_account_edit_url }}"
{% endif %}
{% endif %}
    networks:
      - {{ opencloud_traefik_network }}
{% if opencloud_extra_hosts is defined and opencloud_extra_hosts | length > 0 %}
    extra_hosts:
{% for host in opencloud_extra_hosts %}
      - "{{ host }}"
{% endfor %}
{% endif %}
    labels:
      - traefik.enable=true
      - traefik.docker.network={{ opencloud_traefik_network }}
      - traefik.http.routers.{{ opencloud_service_name }}.rule=Host(`{{ opencloud_domain }}`)
{% if opencloud_use_ssl %}
      - traefik.http.routers.{{ opencloud_service_name }}.entrypoints=websecure
      - traefik.http.routers.{{ opencloud_service_name }}.tls=true
{% else %}
      - traefik.http.routers.{{ opencloud_service_name }}.entrypoints=web
{% endif %}
      - traefik.http.services.{{ opencloud_service_name }}.loadbalancer.server.port={{ opencloud_port }}

networks:
  {{ opencloud_traefik_network }}:
    external: true