version: '3'

services:
  db:
    image: mariadb
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=
    env_file:
      - db.env

  app:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html
    environment:
      - MYSQL_HOST=db
    env_file:
      - db.env
    depends_on:
      - db

  web:
    build: ./web
    restart: always
    volumes:
      - nextcloud:/var/www/html:ro
    environment:
      - VIRTUAL_HOST=
    depends_on:
      - app
    networks:
      - proxy-tier
      - default

  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    volumes:
      - certs:/etc/nginx/certs:ro
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier
    depends_on:
      - omgwtfssl

  omgwtfssl:
    image: paulczar/omgwtfssl
    restart: "no"
    volumes:
      - certs:/certs
    environment:
      - SSL_SUBJECT=servhostname.local
      - CA_SUBJECT=my@example.com
      - SSL_KEY=/certs/servhostname.local.key
      - SSL_CSR=/certs/servhostname.local.csr
      - SSL_CERT=/certs/servhostname.local.crt
    networks:
      - proxy-tier

volumes:
  db:
  nextcloud:
  certs:
  vhost.d:
  html:

networks:
  proxy-tier: