services:
  nextcloud-ts:
    image: tailscale/tailscale
    container_name: nextcloud-ts
    cap_add:
      - net_admin
    volumes:
      - ./tailscale/state:/var/lib/tailscale
      - ./serveconfig:/config
    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      - TS_AUTHKEY=${TS_AUTHKEY}
      - TS_EXTRA_ARGS=--advertise-tags=tag:nextcloud --reset
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_SERVE_CONFIG=/config/serve-config.json
      - TS_USERSPACE=false
    hostname: cloud
    restart: unless-stopped
    
  # Nextcloud
  nextcloud:
    image: nextcloud
    container_name: nextcloud
    restart: always
    network_mode: "service:nextcloud-ts"
    volumes:
      - ./nextcloud:/var/www/html
      - /mnt/usb-ssd-01/nextcloud/nextcloud-data:/var/www/html/data

      - /mnt/usb-ssd-01/metube:/mnt/metube
      - /mnt/usb-ssd-01/music:/mnt/music
      
      - /mnt/usb-ssd-01/nextcloud/ext1:/mnt/blender      
    environment:
      - REDIS_HOST=redis
      - PHP_MEMORY_LIMIT=4G
      - PHP_UPLOAD_LIMIT=64G
      - PHP_OPCACHE_ENABLE=1
      - PHP_OPCACHE_MEMORY_CONSUMPTION=256
      - PHP_OPCACHE_MAX_ACCELERATED_FILES=100000
      - TRUSTED_PROXIES=100.64.0.0/10 127.0.0.1
      - OVERWRITEPROTOCOL=https
      - OVERWRITEHOST=cloud.rufous-trench.ts.net
          
  redis:
    image: redis:alpine
    container_name: redis
    restart: always
    volumes:
      - ./redis:/data

  mariadb:
    image: mariadb:10.11
    container_name: nextcloud_db
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - ./mariadb:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_DATABASE=${MYSQL_DATABASE}
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}