---
version: '3.5'
services:
  proxy:
    build:
      context: ./
    # command: ["nginx", "-g", "daemon off;"]
    networks:
      - default
      - host
    restart: always
    volumes:
      - '/var/www/www.shore.co.il/.well-known/acme-challenge:/var/www/www.shore.co.il/.well-known/acme-challenge:ro'
      - '/var/ssl/site.key:/var/ssl/site.key:ro'
      - '/var/ssl/site.crt:/var/ssl/site.crt:ro'
      - '/var/ssl/dhparams:/var/ssl/dhparams:ro'

  vouch:
    environment:
      OAUTH_AUTH_URL: https://nextcloud.shore.co.il/apps/oauth2/authorize
      OAUTH_CALLBACK_URLS: https://vouch.shore.co.il/auth
      OAUTH_CLIENT_ID: "${VOUCH_OAUTH_CLIENT_ID}"
      # yamllint disable-line rule:line-length
      OAUTH_CLIENT_SECRET: "${VOUCH_OAUTH_CLIENT_SECRET}"  # pragma: allowlist secret
      OAUTH_PROVIDER: nextcloud
      OAUTH_SCOPES: 'openid,email.profile'
      OAUTH_TOKEN_URL: https://nextcloud.shore.co.il/apps/oauth2/api/v1/token
      # yamllint disable-line rule:line-length
      OAUTH_USER_INFO_URL: https://nextcloud.shore.co.il/ocs/v2.php/cloud/user?format=json
      VOUCH_DOMAINS: shore.co.il
      VOUCH_JWT_MAXAGE: 10080  # 1 week.
      VOUCH_JWT_SECRET: "${VOUCH_JWT_SECRET}"  # pragma: allowlist secret
    image: registry.hub.docker.com/voucher/vouch-proxy:alpine-0.23.1
    restart: always

networks:
  default:
    name: shore
  host:
    external: true
    name: host