networks:
  default:

volumes:
  keycloak_data:
  portainer_data:
  mysql_data:
  nextcloud_data:

services:
  traefik:
    container_name: neah-traefik
    image: traefik:latest
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--providers.docker.exposedbydefault=false"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik:/etc/traefik
    networks:
      - default
    restart: unless-stopped

  portainer:
    container_name: neah-portainer
    image: portainer/portainer-ce:latest
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_data:/data
      - "./portainer_password:/portainer_password"
    ports:
      - "9000:9000"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.neah-portainer.rule=Host(`${PORTAINER_HOST}.${MAIN_DOMAIN}`)"
      - "traefik.http.services.neah-portainer.loadbalancer.server.port=9000"
    command: --admin-password-file '/portainer_password'
    networks:
      - default
    restart: unless-stopped

  front:
    container_name: neah-front
    build:
      context: ./front
      dockerfile: Dockerfile
    environment:
      - NODE_ENV=production
    ports:
      - "3000:3000"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.neah-front.rule=Host(`${MAIN_DOMAIN}`)"
      - "traefik.http.services.neah-front.loadbalancer.server.port=3000"
    extra_hosts:
      - "${KEYCLOAK_HOST}.${MAIN_DOMAIN}:${KEYCLOAK_HOST_IP}"
    networks:
      - default
    restart: unless-stopped

  keycloak:
    container_name: neah-keycloak
    image: quay.io/keycloak/keycloak:latest
    command: ["start"]
    environment:
      KC_BOOTSTRAP_ADMIN_USERNAME: ${KEYCLOAK_USER}
      KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_PASSWORD}
      KEYCLOAK_ADMIN: ${KEYCLOAK_USER}
      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_PASSWORD}
      KC_PROXY: edge
      KC_HOSTNAME_STRICT: false
      KC_HOSTNAME_STRICT_HTTPS: false
    ports:
      - "8090:8080"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.neah-keycloak.rule=Host(`${KEYCLOAK_HOST}.${MAIN_DOMAIN}`)"
      - "traefik.http.services.neah-keycloak.loadbalancer.server.port=8080"
    volumes:
      - keycloak_data:/opt/keycloak/data
    networks:
      - default
    restart: unless-stopped

  mysql:
    container_name: neah-mysql
    image: mysql:latest
    environment:
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
      MYSQL_DATABASE: ${MYSQL_DATABASE}
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
    command:
      - --transaction-isolation=READ-COMMITTED
      - --binlog-format=ROW
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
      interval: 10s
      timeout: 5s
      retries: 5
    volumes:
      - mysql_data:/var/lib/mysql
    networks:
      - default
    restart: unless-stopped

  nextcloud:
    container_name: neah-nextcloud
    image: nextcloud:latest
    environment:
      MYSQL_HOST: mysql
      MYSQL_DATABASE: ${NEXTCLOUD_MYSQL_DATABASE}
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
      NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER}
      NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
      PHP_MEMORY_LIMIT: 512M
      PHP_UPLOAD_LIMIT: 512M
    volumes:
      - nextcloud_data:/var/www/html
    ports:
      - "8081:80"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.neah-nextcloud.rule=Host(`cloud.${MAIN_DOMAIN}`)"
      - "traefik.http.routers.neah-nextcloud.entrypoints=websecure"
      - "traefik.http.routers.neah-nextcloud.tls=true"
      - "traefik.http.services.neah-nextcloud.loadbalancer.server.port=80"
    networks:
      - default
    depends_on:
      mysql:
        condition: service_healthy
    restart: unless-stopped