version: '2'

services:
  {{- if eq .Values.COLLABORA "true"}}
  collabora:
    image: collabora/code:latest
    cap_add:
      - MKNOD # Ability to create special files (https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities)
    dns: # Using Cloudflare DNS
      - 1.1.1.1
      - 1.0.0.1
    environment:
      domain: collabora.${TRAEFIK_HOST}
    expose:
      - "9980"
    labels:
      io.rancher.container.pull_image: always
      {{- if .Values.HOST_LABEL}}
      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
      {{- end}}
      traefik.enable: false
    restart: on-failure
  {{- end}}
  cron:
    image: nextcloud:fpm-alpine
    dns: # Using Cloudflare DNS
      - 1.1.1.1
      - 1.0.0.1
    entrypoint: |
      #!/bin/sh
      set -eu

      exec busybox crond -f -l 0 -L /dev/stdout
    restart: on-failure
    user: www-data
    volumes_from:
      - nextcloud
  nextcloud:
    image: nextcloud:fpm-alpine
    dns: # Using Cloudflare DNS
      - 1.1.1.1
      - 1.0.0.1
    environment:
      MYSQL_HOST: mysql
      MYSQL_DATABASE: nextcloud_db
      MYSQL_USER: nextcloud_user
      MYSQL_PASSWORD: ${DB_USER_PASS}
      NEXTCLOUD_ADMIN_USER: ${NC_ADMIN}
      NEXTCLOUD_ADMIN_PASSWORD: ${NC_ADMIN_PASS}
    expose:
      - "80"
      - "9000"
    labels:
      io.rancher.container.pull_image: always
      {{- if .Values.HOST_LABEL}}
      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
      {{- end}}
      io.rancher.sidekicks: cron
      traefik.enable: false
    links:
      - cron
      - mysql
      {{- if eq .Values.REDIS "true"}}
      - redis
      {{- end}}
    restart: on-failure
    volumes:
      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
      - /RancherCattle/${DATA_DIR}/Configuration/Nextcloud:/var/www/html/config # Nextcloud configuration files
      - /RancherCattle/${DATA_DIR}/Apps:/var/www/html/custom_apps # Nextcloud apps
      - /RancherCattle/${DATA_DIR}/Nextcloud:/var/www/html # Nextcloud site
      - /RancherCattle/${DATA_DIR}/UserData:/var/www/html/data # Users' data file
    volumes_from:
      - nginx
  nginx:
    image: nginx:latest # Can't use ":alpine" until I have a way to get the "www-data" user added automatically. (Project for another time)
    dns: # Using Cloudflare DNS
      - 1.1.1.1
      - 1.0.0.1
    labels:
      io.rancher.container.pull_image: always
      {{- if .Values.HOST_LABEL}}
      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
      {{- end}}
      traefik.enable: true
      ### Start Nextcloud Segment
      traefik.nextcloud.frontend.entryPoints: http,https
      traefik.nextcloud.frontend.headers.forceSTSHeader: true
      traefik.nextcloud.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
      traefik.nextcloud.frontend.headers.SSLRedirect: true
      traefik.nextcloud.frontend.headers.STSPreload: true
      traefik.nextcloud.frontend.headers.STSSeconds: 15552000
      traefik.nextcloud.frontend.rule: Host:${TRAEFIK_HOST}
      traefik.nextcloud.port: "80"
      ### End Nextcloud Segment
      ### Start Collabora Segment
      traefik.collabora.frontend.entryPoints: http,https
      traefik.collabora.frontend.headers.forceSTSHeader: true
      traefik.collabora.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
      traefik.collabora.frontend.headers.SSLRedirect: true
      traefik.collabora.frontend.headers.STSPreload: true
      traefik.collabora.frontend.headers.STSSeconds: 15552000
      traefik.collabora.frontend.rule: Host:collabora.${TRAEFIK_HOST}
      traefik.collabora.port: "81"
      ### End Collabora Segment
    links:
      {{- if eq .Values.COLLABORA "true"}}
      - collabora
      {{- end}}
      - nextcloud
    networks:
      - public-proxy
    {{- if .Values.WEB_PORT}}
    ports:
      - "${WEB_PORT}:80"
    {{- end}}
    restart: on-failure
    volumes:
      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
      - /RancherCattle/${DATA_DIR}/Configuration/NGINX:/etc/nginx # NGINX configuration files
  mysql:
    image: mysql:5
    dns: # Using Cloudflare DNS
      - 1.1.1.1
      - 1.0.0.1
    environment:
      MYSQL_DATABASE: nextcloud_db
      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS}
      MYSQL_USER: nextcloud_user
      MYSQL_PASSWORD: ${DB_USER_PASS}
    labels:
      io.rancher.container.pull_image: always
      {{- if .Values.HOST_LABEL}}
      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
      {{- end}}
      traefik.enable: false
    networks:
      db-admin:
        aliases:
          - nextcloud
    restart: on-failure
    volumes:
      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
      - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql
  {{- if eq .Values.REDIS "true"}}
  redis:
    image: redis:alpine
    dns: # Using Cloudflare DNS
      - 1.1.1.1
      - 1.0.0.1
    labels:
      io.rancher.container.pull_image: always
      {{- if .Values.HOST_LABEL}}
      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
      {{- end}}
      traefik.enable: false
    restart: on-failure
    volumes:
      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
  {{- end}}

networks:
  db-admin: 
    external: true # Created by Adminer or phpMyAdmin stack
  public-proxy:
    external: true # Created by Traefik stack