services:

  nginx-proxy:
    build: ./nginx
    container_name: nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    restart: always
    #environment:
    #  - HTTPS_METHOD=noredirect
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d
      - ./nginx/vhost.d:/etc/nginx/vhost.d
      - ./nginx/bots.d:/etc/nginx/bots.d
      - ./nginx/certs:/etc/nginx/certs:rw
      - nginx:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./nginx/crontab:/etc/crontabs/root:ro

  acme-companion:
    image: nginxproxy/acme-companion:2.6.2
    container_name: nginx-proxy-acme
    environment:
      - DEFAULT_EMAIL=${EMAIL}
      # Uncomment this for testing
      #- LETSENCRYPT_TEST=true
    volumes_from:
      - nginx-proxy
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d
      - ./nginx/vhost.d:/etc/nginx/vhost.d
      - ./nginx/certs:/etc/nginx/certs:rw
      - nginx:/usr/share/nginx/html
      - acme:/etc/acme.sh
      - /var/run/docker.sock:/var/run/docker.sock:ro
    depends_on:
      - nginx-proxy
    restart: always

  portfolio:
    container_name: portfolio
    build: 
      context: ./portfolio
      args:
        - PASSWORD=${PASSWORD}
    volumes:
      - portfolio:/src/node_modules
      - ./portfolio/server/data:/src/server/data
    environment:
      - PASSWORD=${PASSWORD}
      - VIRTUAL_HOST=${DOMAIN},www.${DOMAIN}
      - VIRTUAL_PATH=/
      - VIRTUAL_PORT=5000
      - LETSENCRYPT_HOST=${DOMAIN},www.${DOMAIN},gitea.${DOMAIN}
      - LETSENCRYPT_EMAIL=${EMAIL}
    restart: always
    depends_on:
      nginx-proxy:
        condition: service_started


  forgejo:
    image: codeberg.org/forgejo/forgejo:7
    container_name: forgejo
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - FORGEJO__database__DB_TYPE=mysql
      - FORGEJO__database__HOST=mysql-forgejo
      - FORGEJO__database__NAME=forgejo
      - FORGEJO__database__USER=${USER}
      - FORGEJO__database__PASSWD=${PASSWORD}
      - FORGEJO__server__LANDING_PAGE=/${USER}
      - FORGEJO__attachment__MAX_SIZE=5000
      - FORGEJO__server__ROOT_URL=https://${DOMAIN}/code/
      - HTTP_PORT=4000
      - LFS_START_SERVER=true
      - DISABLE_REGISTRATION=true
      - RUN_MODE=prod
      - VIRTUAL_HOST=${DOMAIN},www.${DOMAIN},gitea.${DOMAIN} # this last one is for legacy support
      - VIRTUAL_PORT=4000
      - VIRTUAL_PATH=/code/
      - VIRTUAL_DEST=/
    restart: always
    volumes:
      - ./forgejo:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    depends_on:
      mysql-forgejo:
        condition: service_healthy

  mysql-forgejo:
    image: mariadb:10.11
    container_name: mysql-forgejo
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=${PASSWORD}
      - MYSQL_PASSWORD=${PASSWORD}
      - MYSQL_DATABASE=gitea
      - MYSQL_USER=${USER}
    volumes:
      - ./forgejo/mysql:/var/lib/mysql
    healthcheck:
      test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
      interval: 15s
      start_period: 20s

  nextcloud:
    image: nextcloud:31-apache
    container_name: nextcloud
    restart: always
    volumes:
      - ./nextcloud/html:/var/www/html
    environment:
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=${USER}
      - MYSQL_PASSWORD=${PASSWORD}
      - MYSQL_HOST=mysql-nextcloud
      - NEXTCLOUD_ADMIN_USER=${USER}
      - NEXTCLOUD_ADMIN_PASSWORD=${PASSWORD}
      - NEXTCLOUD_TRUSTED_DOMAINS=${DOMAIN} www.${DOMAIN}
      - NEXTCLOUD_EXTRA_APPS=calendar,richdocuments
      - APACHE_DISABLE_REWRITE_IP=1
      - TRUSTED_PROXIES=nginx-proxy
      - REDIS_HOST=redis
      - OVERWRITEHOST=${DOMAIN}
      - OVERWRITEWEBROOT=/cloud
      - OVERWRITEPROTOCOL=https
      - OVERWRITECLIURL=https://unboundedpress.org
      - VIRTUAL_HOST=${DOMAIN},www.${DOMAIN}
      - VIRTUAL_PATH=/cloud/
      - VIRTUAL_DEST=/
    depends_on:
      mysql-nextcloud:
        condition: service_healthy
      redis:
        condition: service_started

  collabora:
    image: collabora/code:latest
    container_name: collabora
    depends_on:
      nginx-proxy:
        condition: service_started
      nextcloud:
        condition: service_started
    cap_add:
     - MKNOD
    environment:
      - username=${USER}
      - password=${PASSWORD}
      - domain=${DOMAIN}
      - VIRTUAL_HOST=${DOMAIN},www.${DOMAIN}
      - VIRTUAL_PATH=/collab/
      - VIRTUAL_DEST=/
      # Extra parameters to Collabora, see also
      # https://www.collaboraoffice.com/code/nginx-reverse-proxy/:
      # SSL terminates at the proxy
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true
      # NOTE: The file nginx/vhosts.d/unboundedpress.org handles
      #       routing for collabora on production only

  cron-nextcloud:
    image: nextcloud:31-apache
    container_name: cron-nextcloud
    restart: always
    volumes:
      - ./nextcloud/html:/var/www/html
    entrypoint: /cron.sh
    environment:
      - NEXTCLOUD_EXTRA_APPS=calendar,richdocuments
      - REDIS_HOST=redis
    depends_on:
      mysql-nextcloud:
        condition: service_healthy
      redis:
        condition: service_started

  mysql-nextcloud:
    image: mariadb:10.11
    container_name: mysql-nextcloud
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=${PASSWORD}
      - MYSQL_PASSWORD=${PASSWORD}
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=${USER}
    volumes:
      - ./nextcloud/mysql:/var/lib/mysql
    healthcheck:
      test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
      interval: 15s
      start_period: 20s

  redis:
    image: redis:alpine
    container_name: redis
    restart: always
    volumes:
      - ./redis:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 30s
      timeout: 10s
      retries: 3

volumes:
  nginx:
  acme:
  portfolio: