ansible-role-nextcloud-docker/templates/docker-compose.nextcloud.yml.j2

version: '3'

networks:
  public:
    external:
      name: traefik_public

services:
  mysqldb:
    image: mariadb:10.4.11
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - mysqldb:/var/lib/mysql
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - db.env
{% if nextcloud_enable_restic_compose_backup %}
    labels:
      - "restic-compose-backup.mariadb=true"
{% endif %}
    restart: unless-stopped

  nextcloud-app:
    image: nextcloud:apache
    container_name: nextcloud-app
    networks:
      - public
      - default
    depends_on:
      - mysqldb
    volumes:
      - nextcloud:/var/www/html
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - nextcloud.env
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik_public"
      - "traefik.http.routers.nextcloud.rule=Host(`{{ nextcloud_virtual_host }}`)"
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.routers.nextcloud.tls=true"
      - "traefik.http.routers.nextcloud.tls.certresolver=defaultresolver"
      - "traefik.http.middlewares.nextcloud-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
      - "traefik.http.middlewares.nextcloud-rep.redirectregex.replacement=https://$$1/remote.php/dav/"
      - "traefik.http.middlewares.nextcloud-rep.redirectregex.permanent=true"
      - "traefik.http.middlewares.nextcloud-header.headers.stsIncludeSubdomains=true"
      - "traefik.http.middlewares.nextcloud-header.headers.stsSeconds=15552000"
      - "traefik.http.routers.nextcloud.middlewares=nextcloud-rep,nextcloud-header"
      - "traefik.frontend.headers.SSLRedirect=true"
      - "traefik.frontend.headers.browserXSSFilter=true"
      - "traefik.frontend.headers.contentTypeNosniff=true"
      - "traefik.frontend.headers.forceSTSHeader=true"
      - "traefik.frontend.headers.STSSeconds=315360000"
      - "traefik.frontend.headers.STSIncludeSubdomains=true"
      - "traefik.frontend.headers.STSPreload=true"
      - "traefik.frontend.headers.frameDeny=true"
      - "traefik.frontend.passHostHeader=true"
{% if nextcloud_enable_restic_compose_backup %}
      - "restic-compose-backup.volumes=true"
      - "restic-compose-backup.volumes.include=nextcloud"
{% endif %}
    restart: unless-stopped

{% if nextcloud_enable_restic_compose_backup %}
  # The backup service
  backup:
    image: zettaio/restic-compose-backup:0.4.2
    env_file:
      - restic-compose-backup.env
    volumes:
      # We need to communicate with docker
      - /var/run/docker.sock:/tmp/docker.sock:ro
      # Persistent storage of restic cache (greatly speeds up all restic operations)
      - backup-cache:/cache
{% endif %}

volumes:
  mysqldb:
  nextcloud:
{% if nextcloud_enable_restic_compose_backup %}
  backup-cache:
{% endif %}