services:
  # Note: MariaDB is an external service. You can find more information about the configuration here:
  # https://docs.linuxserver.io/images/docker-mariadb/#environment-variables-e
  db:
    image: mariadb:10.11
    command: --transaction-isolation=READ-COMMITTED
    restart: always
    volumes:
      - db:/var/lib/mysql:Z
    environment:
      - MYSQL_ROOT_PASSWORD=
      - MARIADB_AUTO_UPGRADE=1
      - MARIADB_DISABLE_UPGRADE_BACKUP=1
    env_file:
      - db.env

  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://redis.io/docs/latest/operate/oss_and_stack/install/install-stack/docker/#configuration
  redis:
    image: redis:alpine
    restart: always

  app:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - MYSQL_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
      - db
      - redis
      - proxy

  # Note: Nginx is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/nginx/
  web:
    image: nginx:alpine
    restart: always
    volumes:
      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
      - nextcloud:/var/www/html:z,ro
    environment:
      - VIRTUAL_HOST=
      - LETSENCRYPT_HOST=
      - LETSENCRYPT_EMAIL=
    depends_on:
      - app
    networks:
      - proxy-tier
      - default

  cron:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis

  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
  # https://hub.docker.com/r/nginxproxy/nginx-proxy
  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
      - certs:/etc/nginx/certs:z,ro
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - /var/run/docker.sock:/tmp/docker.sock:z,ro
    networks:
      - proxy-tier

  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
  # https://github.com/nginx-proxy/acme-companion/tree/main/docs#readme
  letsencrypt-companion:
    image: nginxproxy/acme-companion
    restart: always
    environment:
      - DEFAULT_EMAIL=
    volumes:
      - certs:/etc/nginx/certs:z
      - acme:/etc/acme.sh:z
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - /var/run/docker.sock:/var/run/docker.sock:z,ro
    networks:
      - proxy-tier
    depends_on:
      - proxy

# self signed, outdated. 
#  omgwtfssl:
#    image: paulczar/omgwtfssl
#    restart: "no"
#    volumes:
#      - certs:/certs
#    environment:
#      - SSL_SUBJECT=servhostname.local
#      - CA_SUBJECT=my@example.com
#      - SSL_KEY=/certs/servhostname.local.key
#      - SSL_CSR=/certs/servhostname.local.csr
#      - SSL_CERT=/certs/servhostname.local.crt
#    networks:
#      - proxy-tier

volumes:
  db:
  nextcloud:
  certs:
  acme:
  vhost.d:
  html:

networks:
  proxy-tier: