services:
  nextcloud-db:
    image: mariadb:10.11
    container_name: nextcloud-db
    restart: unless-stopped
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    environment:
      MYSQL_ROOT_PASSWORD: "{{ nextcloud_db_root_password }}"
      MYSQL_DATABASE: nextcloud
      MYSQL_USER: nextcloud
      MYSQL_PASSWORD: "{{ nextcloud_db_password }}"
    volumes:
      - {{ nextcloud_data_dir }}/db:/var/lib/mysql
    networks:
      - internal
    logging:
      driver: gelf
      options:
        gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
        tag: "nextcloud-db"

  nextcloud-redis:
    image: redis:alpine
    container_name: nextcloud-redis
    restart: unless-stopped
    networks:
      - internal

  nextcloud:
    image: nextcloud:{{ nextcloud_version }}
    container_name: nextcloud
    restart: unless-stopped
    depends_on:
      - nextcloud-db
      - nextcloud-redis
    environment:
      MYSQL_HOST: nextcloud-db
      MYSQL_DATABASE: nextcloud
      MYSQL_USER: nextcloud
      MYSQL_PASSWORD: "{{ nextcloud_db_password }}"
      REDIS_HOST: nextcloud-redis
      NEXTCLOUD_ADMIN_USER: "{{ nextcloud_admin_user }}"
      NEXTCLOUD_ADMIN_PASSWORD: "{{ nextcloud_admin_password }}"
      NEXTCLOUD_TRUSTED_DOMAINS: "{{ nextcloud_domain }}"
      OVERWRITEPROTOCOL: https
      OVERWRITECLIURL: "https://{{ nextcloud_domain }}"
      SMTP_HOST: "{{ smtp_host }}"
      SMTP_PORT: "{{ smtp_port }}"
      SMTP_NAME: "{{ smtp_user }}"
      SMTP_PASSWORD: "{{ smtp_password }}"
      MAIL_FROM_ADDRESS: "noreply"
      MAIL_DOMAIN: "{{ base_domain }}"
      OBJECTSTORE_S3_HOST: minio
      OBJECTSTORE_S3_PORT: 9000
      OBJECTSTORE_S3_SSL: "false"
      OBJECTSTORE_S3_BUCKET: "{{ minio_nextcloud_bucket }}"
      OBJECTSTORE_S3_KEY: "{{ minio_nextcloud_access_key }}"
      OBJECTSTORE_S3_SECRET: "{{ minio_nextcloud_secret_key }}"
      OBJECTSTORE_S3_USEPATH_STYLE: "true"
    volumes:
      - {{ nextcloud_data_dir }}/data:/var/www/html
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.rule=Host(`{{ nextcloud_domain }}`)"
      - "traefik.http.routers.nextcloud.tls=true"
      - "traefik.http.routers.nextcloud.tls.certresolver=letsencrypt"
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
      - "traefik.http.middlewares.nextcloud-redirect.redirectregex.permanent=true"
      - "traefik.http.middlewares.nextcloud-redirect.redirectregex.regex=https://(.*)/.well-known/(?:card|cal)dav"
      - "traefik.http.middlewares.nextcloud-redirect.redirectregex.replacement=https://$${1}/remote.php/dav"
      - "traefik.http.routers.nextcloud.middlewares=nextcloud-redirect"
    networks:
      - internal
      - {{ sovereign_network_name }}
    logging:
      driver: gelf
      options:
        gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
        tag: "nextcloud"

  nextcloud-cron:
    image: nextcloud:{{ nextcloud_version }}
    container_name: nextcloud-cron
    restart: unless-stopped
    volumes:
      - {{ nextcloud_data_dir }}/data:/var/www/html
    entrypoint: /cron.sh
    depends_on:
      - nextcloud-db
      - nextcloud-redis
    networks:
      - internal

networks:
  internal:
  {{ sovereign_network_name }}:
    external: true