version: "3.7"
 
services:
  nextcloud:
    image: nextcloud:latest
    depends_on:
      - maindb
    secrets:
      - db_root_password
    environment:
      - MYSQL_HOST=maindb:3306
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=root
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
      - DOMAIN=${DOMAIN}
    volumes:
      - /mnt/nextcloud:/var/www/html:cached
      - /mnt/nextapps:/var/www/html/custom_apps:cached
      - /mnt/nextdata:/var/www/html/data:cached
      - /mnt/nextconfig:/var/www/html/config:cached
    networks:
      - proxy
      - internal
    deploy:
      placement:
        constraints: [node.role == worker]
      replicas: 1
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.routers.nextcloud.tls=true"
        - "traefik.http.routers.nextcloud.entrypoints=websecure"
        - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
        - "traefik.http.routers.invoiceninja.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.invoiceninja.tls.certresolver=${LETS_ENCRYPT_ENV}"

secrets:
  db_root_password:    
    external: true 
    name: ${STACK_NAME}_db_root_passwd_${DB_ROOT_PASSWD_VERSION}

volumes:
  nextcloud:
  nextapps:
  nextdata:
  nextconfig:

networks:
  proxy:
    external: true
  internal: