services:
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: postgres:alpine
    hostname: db
    restart: always
    volumes:
      - db:/var/lib/postgresql/data:Z
    environment:
      - POSTGRES_DB=nextcloud
    env_file:
      - .db.env
    networks:
      - podman

  redis:
    image: redis:alpine
    hostname: redis
    restart: always
    networks:
      - podman

  app:
    image: nextcloud:stable-fpm
    hostname: app
    restart: always
    ports:
      - "9000:9000"
    volumes:
      - /home/{{ user.name }}/webroot:/var/www/html
    environment:
      - REDIS_HOST=redis
      - POSTGRES_HOST=db:5432
      - POSTGRES_DB=nextcloud
      - POSTGRES_USER=postgres
      - NEXTCLOUD_ADMIN_USER=admin
      - NEXTCLOUD_TRUSTED_DOMAINS={{ inventory_hostname | default('ansible_undefined_variable')}}
    env_file:
      - .db.env
    networks:
      podman:
        aliases:
          - "nextcloud.local"
    depends_on:
      - db
      - redis
      - proxy

  web:
    image: nginx:alpine-slim
    hostname: web
    restart: always
    volumes:
      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
      - /home/{{ user.name }}/web/nginx.conf:/etc/nginx/nginx.conf:ro
      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
      - /home/{{ user.name }}/webroot:/var/www/html:z,ro
    environment:
      - VIRTUAL_HOST={{ inventory_hostname | default('ansible_undefined_variable')}}
      - LETSENCRYPT_HOST={{ inventory_hostname | default('ansible_undefined_variable')}}
      - LETSENCRYPT_EMAIL="admin@libre.audio"
    depends_on:
      - app
    networks:
      - proxy-tier
      - podman

  cron:
    image: nextcloud:fpm-alpine
    hostname: cron
    restart: always
    volumes:
      - /home/{{ user.name }}/webroot:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    networks:
      - podman
    depends_on:
      - db
      - redis

  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
  proxy:
    image: nginxproxy/nginx-proxy:1.7-alpine
    hostname: proxy
    restart: always
    ports:
      - 8080:80
      - 4443:443
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
      - /home/{{ user.name }}/proxy/certs:/etc/nginx/certs:z,ro
      - /home/{{ user.name }}/proxy/conf.d:/etc/nginx/conf.d:z
      - /home/{{ user.name }}/proxy/vhost.d:/etc/nginx/vhost.d:z
      - proxy_html:/usr/share/nginx/html:z
      - /run/user/{{ getent_passwd[user.name][2] }}/podman/podman.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier

  acme-companion:
    image: nginxproxy/acme-companion:latest
    volumes:
      - proxy_html:/usr/share/nginx/html:z
      - /home/{{ user.name }}/nginx/certs:/etc/nginx/certs:z
      - /run/user/{{ getent_passwd[user.name][2] }}/podman/podman.sock:/var/run/docker.sock:ro
      - acme:/etc/acme.sh
    environment:
      DEFAULT_EMAIL: "admin@libre.audio"
      NGINX_PROXY_CONTAINER: "{{ user.name }}_proxy_1"
    networks:
      - proxy-tier
    depends_on:
      - proxy

volumes:
  acme:
  db:
  proxy_html:

networks:
  proxy-tier:
  podman: