version: "3.8"
services:
  app:
    image: nextcloud:21.0.3
    depends_on:
      - db
    secrets:
      - db_password
      - admin_password
    environment:
      - DOMAIN=${DOMAIN}
      - STACK_NAME=${STACK_NAME}
      - MYSQL_HOST=db
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
      - NEXTCLOUD_ADMIN_USER=${ADMIN_USER}
      - NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin_password
      - NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN}
      - APACHE_DISABLE_REWRITE_IP=1
      - TRUSTED_PROXIES=traefik
      - SMTP_HOST
      - MAIL_FROM_ADDRESS
      - MAIL_DOMAIN
      - SMTP_AUTHTYPE=PLAIN
    volumes:
      - nextcloud:/var/www/html/
      - nextapps:/var/www/html/custom_apps:cached
      - nextdata:/var/www/html/data:cached
      - nextconfig:/var/www/html/config:cached
      - ${EXTRA_VOLUME}
    networks:
      - proxy
      - internal
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost"]
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 1m
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
        - coop-cloud.${STACK_NAME}.app.version=21.0.3-87bd33d3
  db:
    image: "mariadb:10.5"
    environment:
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
    secrets:
      - db_root_password
      - db_password
    volumes:
      - "mariadb:/var/lib/mysql"
    networks:
      - internal
    healthcheck:
      test: 'mysql -p"$$(tr -d "\n" < /run/secrets/db_root_password)"'
      interval: 20s
      timeout: 2s
      retries: 3
      start_period: 30s
    deploy:
      labels: ["coop-cloud.${STACK_NAME}.db.version=10.5-9c681cef"]
  cron:
    image: nextcloud:21.0.3
    volumes:
      - nextcloud:/var/www/html/
      - nextapps:/var/www/html/custom_apps:cached
      - nextdata:/var/www/html/data:cached
      - nextconfig:/var/www/html/config:cached
      - ${EXTRA_VOLUME}
    networks:
      - internal
    entrypoint: /cron.sh
    deploy:
      labels: ["coop-cloud.${STACK_NAME}.cron.version=21.0.3-87bd33d3"]
secrets:
  db_root_password:
    external: true
    name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
  db_password:
    external: true
    name: ${STACK_NAME}_db_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
  admin_password:
    external: true
    name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}
volumes:
  nextcloud:
  nextapps:
  nextdata:
  nextconfig:
  mariadb:
networks:
  proxy:
    external: true
  internal: