services:
  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/postgres
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: postgres:alpine
    hostname: db
    restart: always
    volumes:
      - db:/var/lib/postgresql/data:Z
    env_file:
      - .db.env

  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always

  app:
    image: nextcloud:fpm-alpine
    hostname: app
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - POSTGRES_HOST=db
      - REDIS_HOST=redis
    env_file:
      - .db.env
    depends_on:
      - db
      - redis
      - proxy

  # Note: Nginx is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/nginx/
  web:
    image: nginx:alpine-slim
    hostname: web
    restart: always
    volumes:
      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro
      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
      - nextcloud:/var/www/html:z,ro
    environment:
      - VIRTUAL_HOST="{{ inventory_hostname | default('ansible_undefined_fact') }}"
      - LETSENCRYPT_HOST="{{ inventory_hostname | default('ansible_undefined_fact') }}"
      - LETSENCRYPT_EMAIL="admin@libre.audio"
    depends_on:
      - app
    networks:
      - proxy-tier
      - podman

  cron:
    image: nextcloud:fpm-alpine
    hostname: cron
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis

  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
  # https://hub.docker.com/r/nginxproxy/nginx-proxy
  proxy:
    build: ./proxy
    hostname: proxy
    restart: always
    ports:
      - 8080:80
      - 4443:443
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
      - /home/{{ user.name }}/nginx/certs:/etc/nginx/certs:z,ro
      -  /home/{{ user.name }}/nginx/vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - /run/user/{{ getent_passwd[user.name][2] }}/podman/podman.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier

volumes:
  db:
  nextcloud:
  html:

networks:
  podman:
  proxy-tier:
    network_mode: slirp4netns