--- version: '3.5' services: code: cap_add: - MKNOD image: registry.hub.docker.com/collabora/code:23.05.5.4.1 environment: aliasgroup1: https://nextcloud.shore.co.il:443 dictionaries: en_GB en_US he_IL extra_params: >- --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:net.post_allow.host[7]=172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3} --o:net.post_allow.host[8]=172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3} --o:net.post_allow.host[9]=172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3} --o:net.frame_ancestors=https://nextcloud.shore.co.il # yamllint disable-line rule:line-length password: &admin_password "${NEXTCLOUD_ADMIN_PASSWORD:-baz}" # pragma: allowlist secret server_name: code\.shore\.co\.il username: &admin_username admin # DONT_GEN_SSL_CERT: foo healthcheck: test: - CMD-SHELL - >- curl --fail http://localhost:9980/ || exit 1 restart: always tty: true crond: build: context: crond/ restart: always volumes: - /run/docker.sock:/run/docker.sock - /var/backups/nextcloud:/var/backups mysql: command: >- --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-read-only-compressed=OFF environment: MYSQL_DATABASE: &mysql_database nextcloud # yamllint disable-line rule:line-length MYSQL_PASSWORD: &mysql_password ${MYSQL_PASSWORD:-foo} # pragma: allowlist secret # yamllint disable-line rule:line-length MYSQL_ROOT_PASSWORD: &mysql_root_password ${MYSQL_ROOT_PASSWORD:-bar} # pragma: allowlist secret MYSQL_USER: &mysql_user nextcloud healthcheck: start_period: 1m test: - CMD-SHELL - >- mysql --user "$$MYSQL_USER" "--password=$$MYSQL_PASSWORD" --execute 'SHOW DATABASES;' || exit 1 image: registry.hub.docker.com/library/mariadb:10 restart: always volumes: - mysql:/var/lib/mysql nextcloud: depends_on: - mysql - redis - crond environment: MAIL_DOMAIN: shore.co.il MAIL_FROM_ADDRESS: noreply@shore.co.il MYSQL_DATABASE: *mysql_database MYSQL_HOST: mysql MYSQL_PASSWORD: *mysql_password # pragma: allowlist secret MYSQL_USER: *mysql_user NC_debug: "false" NC_default_phone_region: IL NEXTCLOUD_ADMIN_PASSWORD: *admin_password # pragma: allowlist secret NEXTCLOUD_ADMIN_USER: *admin_username NEXTCLOUD_TRUSTED_DOMAINS: '*.shore.co.il shore.co.il' OVERWRITEHOST: nextcloud.shore.co.il OVERWRITEPROTOCOL: https REDIS_HOST: redis # yamllint disable-line rule:line-length REDIS_HOST_PASSWORD: &redis_password "${REDIS_PASSWORD:-foo}" # pragma: allowlist secret SMTP_HOST: smtp TRUSTED_PROXIES: '172.16.0.0/12 192.168.0.0/16' healthcheck: start_period: 2m test: - CMD-SHELL - >- curl --fail --user "$$NEXTCLOUD_ADMIN_USER:$$NEXTCLOUD_ADMIN_PASSWORD" http://localhost/ocs/v2.php/apps/serverinfo/api/v1/info || exit 1 image: registry.hub.docker.com/library/nextcloud:28.0.0-apache restart: always volumes: - nextcloud:/var/www/html - _run_slapd:/run/slapd - _run_clamav:/run/clamav notifier: depends_on: - nextcloud environment: FLASK_ENV: development image: registry.shore.co.il/nextcloud-notifier restart: always volumes: - /run/docker.sock:/run/docker.sock redis: command: - redis-server - --requirepass - *redis_password # - --bind=127.0.0.1 # - --unixsocket=/run/redis/redis.sock # - --unixsocketperm=777 healthcheck: test: - CMD-SHELL - "{ echo PING | redis-cli; } || exit 1" image: registry.hub.docker.com/library/redis:6-alpine restart: always z-push: build: context: z-push restart: always volumes: mysql: nextcloud: _run_clamav: external: true name: run_clamav _run_slapd: external: true name: run_slapd networks: default: name: shore external: true