version: "3.9"

volumes:
  traefik:
  nextcloud:
  db:
        
services:
  reverse-proxy:
    restart: always
    # The official v2 Traefik docker image
    image: traefik:v2.7
    # Enables the web UI and tells Traefik to listen to docker //--api.insecure=true 
    command: 
     - "--api=true"
     - "--api.dashboard=true"
     - "--accesslog"
     - "--log.level=DEBUG"
     - "--providers.docker"
     - "--providers.docker.endpoint=unix:///var/run/docker.sock"
     - "--providers.docker.swarmMode=true"
     - "--entrypoints.web.address=:80"
     #- "--entrypoints.websecure.address=:443"
     #- "--certificatesresolvers.letsencrypt.acme.email=jason@jasonplayne.com"
     #- "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme.json"
     #- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
     #- "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      
    ports:
      # The HTTP port
      - "80:80"
      - "443:443"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
      - traefik:/etc/traefik
    deploy:
      mode: replicated
      replicas: 1
      endpoint_mode: vip
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.dashboard.rule=Host(`10.10.20.197`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
        - "traefik.http.routers.dashboard.service=api@internal"
        - "traefik.http.routers.dashboard.entrypoints=web"
        #- "traefik.http.routers.dashboard.middlewares=ipwhitelist"
        #- "traefik.http.middlewares.dashboard.ipwhitelist.sourcerange=`127.0.0.1/32, 10.10.20.0/24`"
        # Dummy service for Swarm port detection. The port can be any valid integer value.
        - "traefik.http.services.dashboard-svc.loadbalancer.server.port=9999"
    
      placement:
        constraints:
          - node.role == manager
      resources:
        limits:
          memory: 1G
  
  postgres:
    image: postgres
    restart: always
    environment:
      POSTGRES_USER: nextcloud
      POSTGRES_PASSWORD: disgrace-quickstep-fleshy
    volumes:
      - db:/var/lib/postgresql/data
    ports:
     - "5432"
    deploy:
      labels:
        - traefik.enable=false
      mode: replicated
      replicas: 1
      resources:
        limits:
          memory: 2G
  
  nextcloud:
    image: nextcloud:stable-apache
    restart: always
    ports:
      - "8001:80"
    labels:
      - traefik.http.routers.nextcloud.rule=Host(`cloud.playne.au`)
    deploy:
      mode: replicated
      replicas: 1
      labels:
        - traefik.enable=true
        - traefik.http.routers.nextcloud.rule=Host(`cloud.playne.au`)
        #- traefik.http.routers.nextcloud.tls=true
        #- traefik.http.routers.nextcloud.tls.certresolver=letsencrypt
        #- traefik.http.routers.nextcloud.entrypoints=websecure
        - traefik.http.routers.nextcloud.entrypoints=web
        - traefik.http.services.nextcloud.loadbalancer.server.port=8001
      resources:
        limits:
          memory: 2G