homeserver/docker-compose/nextcloud/docker-compose.yml.j2

version: '3.3'
services:
######## Datenbank ########
  nextcloud-db:
    image: mariadb:10
    container_name: nextcloud-db
    command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - db:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: {{ lookup('keepass', 'nextcloud_mysql_root_password', 'password') }}
      MYSQL_PASSWORD: {{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}
      MYSQL_DATABASE: nextcloud
      MYSQL_USER: nextcloud
      MYSQL_INITDB_SKIP_TZINFO: 1
    networks:
      - intern
    labels:
      com.centurylinklabs.watchtower.enable: true

######## Redis ########
  nextcloud-redis:
    image: redis:7-alpine
    container_name: nextcloud-redis
    hostname: nextcloud-redis
    networks:
      - intern
    restart: unless-stopped
    command: redis-server --requirepass {{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}
    labels:
      com.centurylinklabs.watchtower.enable: true

######## cron ########
  nextcloud-cron:
    container_name: nextcloud-cron
    image: registry.mgrote.net/nextcloud-cronjob:master
    restart: unless-stopped
    network_mode: none
    depends_on:
      - nextcloud-app
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      NEXTCLOUD_CONTAINER_NAME: nextcloud-app
      NEXTCLOUD_CRON_MINUTE_INTERVAL: 1
    labels:
      com.centurylinklabs.watchtower.enable: true

######## Nextcloud ########
  nextcloud-app:
    image: nextcloud:27
    container_name: nextcloud-app
    restart: unless-stopped
    depends_on:
      - nextcloud-db
      - nextcloud-redis
    environment:
        REDIS_HOST: nextcloud-redis
        REDIS_HOST_PASSWORD: {{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}
        MYSQL_DATABASE: nextcloud
        MYSQL_USER: nextcloud
        MYSQL_PASSWORD: {{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}
        MYSQL_HOST: nextcloud-db
        NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net"
        SMTP_HOST: mail-relay
        #SMTP_SECURE: tls
        SMTP_PORT: 25
        #SMTP_AUTHTYPE: LOGIN
        SMTP_NAME: info@mgrote.net
        #SMTP_PASSWORD: {{ lookup('keepass', 'strato_smtp_password', 'password') }}
        MAIL_FROM_ADDRESS: info@mgrote.net
        PHP_MEMORY_LIMIT: 1024M
        PHP_UPLOAD_LIMIT: 10G
        APACHE_DISABLE_REWRITE_IP: 1
        TRUSTED_PROXIES: "192.168.48.0/24" # Subnetz in dem sich traefik befindet
    volumes:
      - app:/var/www/html
      - data:/var/www/html/data
    networks:
      - intern
      - traefik
      - mail-relay
    labels:
      com.centurylinklabs.watchtower.enable: true
      com.centurylinklabs.watchtower.depends-on: nextcloud-redis,nextcloud-db

      traefik.http.routers.nextcloud.rule: Host(`nextcloud.mgrote.net`)
      traefik.enable: true
      traefik.http.routers.nextcloud.tls: true
      traefik.http.routers.nextcloud.tls.certresolver: resolver_letsencrypt
      traefik.http.routers.nextcloud.entrypoints: entry_https
      traefik.http.services.nextcloud.loadbalancer.server.port: 80

      traefik.http.middlewares.nextcloud-webdav.replacepathregex.regex: "^/.well-known/ca(l|rd)dav"
      traefik.http.middlewares.nextcloud-webdav.replacepathregex.replacement: "/remote.php/dav/"

      traefik.http.middlewares.nextcloud-hsts.headers.stsincludesubdomains: false
      traefik.http.middlewares.nextcloud-hsts.headers.stspreload: true
      traefik.http.middlewares.nextcloud-hsts.headers.stsseconds: 15552001
      traefik.http.middlewares.nextcloud-hsts.headers.isdevelopment: false

      traefik.http.routers.nextcloud.middlewares: nextcloud-hsts,nextcloud-webdav

######## Networks ########
networks:
  intern:
    driver: bridge
  traefik:
    external: true
  mail-relay:
    external: true
######## Volumes ########
volumes:
  db:
  app:
  data:

######## Doku ########
# Telefonregion
# docker exec --user www-data nextcloud-app php occ config:system:set default_phone_region --value="DE"
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`version: '3.3'`
			`services:`
			`######## Datenbank ########`
			`nextcloud-db:`
nextcloud: image tags (#488) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/488 2023-03-24 14:19:43 +01:00			`image: mariadb:10`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`container_name: nextcloud-db`
			`command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF`
			`restart: unless-stopped`
			`volumes:`
			`- /etc/localtime:/etc/localtime:ro`
			`- /etc/timezone:/etc/timezone:ro`
			`- db:/var/lib/mysql`
			`environment:`
move to containerized mail relayhost (#588) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/588 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-31 11:37:50 +01:00			`MYSQL_ROOT_PASSWORD: {{ lookup('keepass', 'nextcloud_mysql_root_password', 'password') }}`
			`MYSQL_PASSWORD: {{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}`
docker-compose: env (#493) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/493 2023-04-06 19:53:27 +02:00			`MYSQL_DATABASE: nextcloud`
			`MYSQL_USER: nextcloud`
			`MYSQL_INITDB_SKIP_TZINFO: 1`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`networks:`
			`- intern`
			`labels:`
docker-compose: `=` --> `:` (#513) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/513 2023-04-20 14:50:33 +02:00			`com.centurylinklabs.watchtower.enable: true`
Docker: Watchtower (#480) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/480 2023-03-21 19:00:37 +01:00
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`######## Redis ########`
			`nextcloud-redis:`
nextcloud: image tags (#488) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/488 2023-03-24 14:19:43 +01:00			`image: redis:7-alpine`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`container_name: nextcloud-redis`
			`hostname: nextcloud-redis`
			`networks:`
			`- intern`
			`restart: unless-stopped`
move to containerized mail relayhost (#588) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/588 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-31 11:37:50 +01:00			`command: redis-server --requirepass {{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`labels:`
docker-compose: `=` --> `:` (#513) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/513 2023-04-20 14:50:33 +02:00			`com.centurylinklabs.watchtower.enable: true`
Docker: Watchtower (#480) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/480 2023-03-21 19:00:37 +01:00
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`######## cron ########`
docker-compose: depends (#515) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/515 2023-04-20 21:10:10 +02:00			`nextcloud-cron:`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`container_name: nextcloud-cron`
nextcloud: change cron-image (#589) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/589 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-31 18:46:23 +01:00			`image: registry.mgrote.net/nextcloud-cronjob:master`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`restart: unless-stopped`
			`network_mode: none`
			`depends_on:`
remove docker networks: ignore_errors (#598) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/598 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-11-10 11:50:08 +01:00			`- nextcloud-app`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`volumes:`
remove docker networks: ignore_errors (#598) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/598 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-11-10 11:50:08 +01:00			`- /var/run/docker.sock:/var/run/docker.sock:ro`
			`- /etc/localtime:/etc/localtime:ro`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`environment:`
docker-compose: env (#493) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/493 2023-04-06 19:53:27 +02:00			`NEXTCLOUD_CONTAINER_NAME: nextcloud-app`
			`NEXTCLOUD_CRON_MINUTE_INTERVAL: 1`
Docker: Watchtower (#480) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/480 2023-03-21 19:00:37 +01:00			`labels:`
docker-compose: `=` --> `:` (#513) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/513 2023-04-20 14:50:33 +02:00			`com.centurylinklabs.watchtower.enable: true`
Docker: Watchtower (#480) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/480 2023-03-21 19:00:37 +01:00
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`######## Nextcloud ########`
			`nextcloud-app:`
move to containerized mail relayhost (#588) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/588 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-31 11:37:50 +01:00			`image: nextcloud:27`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`container_name: nextcloud-app`
			`restart: unless-stopped`
			`depends_on:`
			`- nextcloud-db`
			`- nextcloud-redis`
			`environment:`
			`REDIS_HOST: nextcloud-redis`
move to containerized mail relayhost (#588) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/588 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-31 11:37:50 +01:00			`REDIS_HOST_PASSWORD: {{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`MYSQL_DATABASE: nextcloud`
			`MYSQL_USER: nextcloud`
move to containerized mail relayhost (#588) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/588 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-31 11:37:50 +01:00			`MYSQL_PASSWORD: {{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`MYSQL_HOST: nextcloud-db`
			`NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net"`
move to containerized mail relayhost (#588) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/588 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-31 11:37:50 +01:00			`SMTP_HOST: mail-relay`
			`#SMTP_SECURE: tls`
			`SMTP_PORT: 25`
			`#SMTP_AUTHTYPE: LOGIN`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`SMTP_NAME: info@mgrote.net`
move to containerized mail relayhost (#588) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/588 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-31 11:37:50 +01:00			`#SMTP_PASSWORD: {{ lookup('keepass', 'strato_smtp_password', 'password') }}`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`MAIL_FROM_ADDRESS: info@mgrote.net`
			`PHP_MEMORY_LIMIT: 1024M`
			`PHP_UPLOAD_LIMIT: 10G`
			`APACHE_DISABLE_REWRITE_IP: 1`
traefik: nforwardauth (#518) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/518 2023-05-12 08:18:45 +02:00			`TRUSTED_PROXIES: "192.168.48.0/24" # Subnetz in dem sich traefik befindet`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`volumes:`
			`- app:/var/www/html`
			`- data:/var/www/html/data`
			`networks:`
			`- intern`
			`- traefik`
move to containerized mail relayhost (#588) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/588 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-31 11:37:50 +01:00			`- mail-relay`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`labels:`
docker-compose: `=` --> `:` (#513) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/513 2023-04-20 14:50:33 +02:00			`com.centurylinklabs.watchtower.enable: true`
			`com.centurylinklabs.watchtower.depends-on: nextcloud-redis,nextcloud-db`
Docker: Watchtower (#480) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/480 2023-03-21 19:00:37 +01:00
docker-compose: `=` --> `:` (#513) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/513 2023-04-20 14:50:33 +02:00			traefik.http.routers.nextcloud.rule: Host(`nextcloud.mgrote.net`)
			`traefik.enable: true`
			`traefik.http.routers.nextcloud.tls: true`
			`traefik.http.routers.nextcloud.tls.certresolver: resolver_letsencrypt`
			`traefik.http.routers.nextcloud.entrypoints: entry_https`
			`traefik.http.services.nextcloud.loadbalancer.server.port: 80`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00
docker-compose: `=` --> `:` (#513) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/513 2023-04-20 14:50:33 +02:00			`traefik.http.middlewares.nextcloud-webdav.replacepathregex.regex: "^/.well-known/ca(l\|rd)dav"`
			`traefik.http.middlewares.nextcloud-webdav.replacepathregex.replacement: "/remote.php/dav/"`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00
docker-compose: `=` --> `:` (#513) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/513 2023-04-20 14:50:33 +02:00			`traefik.http.middlewares.nextcloud-hsts.headers.stsincludesubdomains: false`
			`traefik.http.middlewares.nextcloud-hsts.headers.stspreload: true`
			`traefik.http.middlewares.nextcloud-hsts.headers.stsseconds: 15552001`
			`traefik.http.middlewares.nextcloud-hsts.headers.isdevelopment: false`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00
traefik: nextcloud remove error-pages (#517) --- caldav/carddav failed sonst Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/517 2023-04-21 11:53:59 +02:00			`traefik.http.routers.nextcloud.middlewares: nextcloud-hsts,nextcloud-webdav`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00
			`######## Networks ########`
			`networks:`
			`intern:`
			`driver: bridge`
			`traefik:`
			`external: true`
move to containerized mail relayhost (#588) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/588 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2023-10-31 11:37:50 +01:00			`mail-relay:`
			`external: true`
Umstellung auf neuen docker-Host + neue Deploy-Rolle (#407) Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/407 2022-08-25 22:22:11 +02:00			`######## Volumes ########`
			`volumes:`
			`db:`
			`app:`
			`data:`

			`######## Doku ########`
			`# Telefonregion`
			`# docker exec --user www-data nextcloud-app php occ config:system:set default_phone_region --value="DE"`