services:
  db:
    image: mariadb:10.11
    restart: always
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    volumes:
      - db:/var/lib/mysql
    environment:
      - MARIADB_RANDOM_ROOT_PASSWORD=yes
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud

  redis:
    image: redis:alpine
    restart: always

  app:
    image: nextcloud:apache
    restart: always
    volumes:
      - ${STORAGE_LOCATION}:/var/www/html/data
      - nextcloud:/var/www/html
    environment:
      - VIRTUAL_HOST=${DOMAIN_NAME}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db
      - REDIS_HOST=redis
    depends_on:
      - db
      - redis
    networks:
      - proxy-tier
      - default

  cron:
    image: nextcloud:apache
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis

  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    environment:
      - DEFAULT_HOST=${DOMAIN_NAME}
    volumes:
      - certs:/etc/nginx/certs:z,ro
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - /var/run/docker.sock:/tmp/docker.sock:z,ro
    depends_on:
      - omgwtfssl
    networks:
      - proxy-tier

  omgwtfssl:
    image: csckcac/omgwtfssl
    restart: "no"
    volumes:
      - certs:/certs
    environment:
      - SSL_SUBJECT=${DOMAIN_NAME}
      - CA_SUBJECT=my@example.com
      - SSL_KEY=/certs/${DOMAIN_NAME}.key
      - SSL_CSR=/certs/${DOMAIN_NAME}.csr
      - SSL_CERT=/certs/${DOMAIN_NAME}.crt
    networks:
      - proxy-tier

volumes:
  nextcloud:
  db:
  certs:
  acme:
  vhost.d:
  html:

networks:
  proxy-tier: