# Example: Nextcloud with LemonSec
# Add this to your docker-compose.yml or run separately

version: "3.8"

networks:
  services:
    external: true  # Use the existing network from main compose

volumes:
  nextcloud-data:
  nextcloud-db:

services:
  nextcloud-db:
    image: mariadb:10.11
    container_name: nextcloud-db
    restart: unless-stopped
    networks:
      - services
    environment:
      - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_MYSQL_ROOT_PASSWORD}
      - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PASSWORD}
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    volumes:
      - nextcloud-db:/var/lib/mysql
    labels:
      - "traefik.enable=false"

  nextcloud:
    image: nextcloud:29-apache
    container_name: nextcloud
    restart: unless-stopped
    networks:
      - services
    environment:
      - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PASSWORD}
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=nextcloud-db
      - NEXTCLOUD_TRUSTED_DOMAINS=cloud.lemonlink.eu
      - OVERWRITEPROTOCOL=https
      - OVERWRITEHOST=cloud.lemonlink.eu
      - OVERWRITECLIURL=https://cloud.lemonlink.eu
    volumes:
      - nextcloud-data:/var/www/html
    depends_on:
      - nextcloud-db
    labels:
      - "traefik.enable=true"
      # External access
      - "traefik.http.routers.nextcloud.rule=Host(`cloud.lemonlink.eu`)"
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.routers.nextcloud.tls.certresolver=letsencrypt"
      - "traefik.http.routers.nextcloud.middlewares=authelia@docker,nextcloud-dav"
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
      # Nextcloud DAV fix
      - "traefik.http.middlewares.nextcloud-dav.redirectregex.permanent=true"
      - "traefik.http.middlewares.nextcloud-dav.redirectregex.regex=^https://(.*)/.well-known/(card|cal)dav"
      - "traefik.http.middlewares.nextcloud-dav.redirectregex.replacement=https://$${1}/remote.php/dav/"