ai-tax-agent/infra/compose/nextcloud/compose.yaml

# /opt/compose/nextcloud/compose.yml
networks:
  frontend:
    external: true
  backend:
    external: true

volumes:
  nextcloud_html:
  nextcloud_data:
  nextcloud_config:
  nextcloud_apps:
  nextcloud_postgres:
  nextcloud_redis:

services:
  nextcloud-postgres:
    image: postgres:16-alpine
    container_name: nextcloud-postgres
    restart: unless-stopped
    environment:
      POSTGRES_DB: nextcloud
      POSTGRES_USER: nextcloud
      POSTGRES_PASSWORD: ${NEXTCLOUD_DB_PASSWORD}
    volumes:
      - nextcloud_postgres:/var/lib/postgresql/data
    networks: [backend]

  nextcloud-redis:
    image: redis:7-alpine
    container_name: nextcloud-redis
    restart: unless-stopped
    command:
      [
        "redis-server",
        "--appendonly",
        "yes",
        "--requirepass",
        "${REDIS_PASSWORD}",
      ]
    volumes:
      - nextcloud_redis:/data
    networks: [backend]

  nextcloud-server:
    image: nextcloud:apache
    container_name: nextcloud-server
    restart: unless-stopped
    depends_on: [nextcloud-postgres, nextcloud-redis]
    env_file:
      - ./.env
    environment:
      # DB
      POSTGRES_DB: nextcloud
      POSTGRES_USER: nextcloud
      POSTGRES_PASSWORD: ${NEXTCLOUD_DB_PASSWORD}
      POSTGRES_HOST: nextcloud-postgres
      # Initial admin (used only on first run)
      NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER}
      NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
      # Reverse frontend awareness
      NEXTCLOUD_TRUSTED_DOMAINS: cloud.harkon.co.uk
      OVERWRITEHOST: cloud.harkon.co.uk
      OVERWRITEPROTOCOL: https
      # Redis for locks/cache
      REDIS_HOST: nextcloud-redis
      REDIS_HOST_PASSWORD: ${REDIS_PASSWORD}
    volumes:
      - nextcloud_html:/var/www/html
      - nextcloud_data:/var/www/html/data
      - nextcloud_config:/var/www/html/config
      - nextcloud_apps:/var/www/html/custom_apps
    networks:
      - frontend # for Traefik
      - backend # for DB/Redis
    labels:
      - traefik.enable=true
      - traefik.http.routers.nextcloud.rule=Host(`cloud.harkon.co.uk`)
      - traefik.http.routers.nextcloud.entrypoints=websecure
      - traefik.http.routers.nextcloud.tls=true
      - traefik.http.routers.nextcloud.tls.certresolver=godaddy
      - traefik.http.services.nextcloud.loadbalancer.server.port=80
      - traefik.http.routers.nextcloud.service=nextcloud

  # Run background jobs as a separate container
  cron:
    image: nextcloud:apache
    container_name: nextcloud-cron
    restart: unless-stopped
    depends_on: [nc_db, nc_redis]
    entrypoint: /cron.sh
    environment:
      POSTGRES_DB: nextcloud
      POSTGRES_USER: nextcloud
      POSTGRES_PASSWORD: ${NEXTCLOUD_DB_PASSWORD}
      POSTGRES_HOST: db
      REDIS_HOST: redis
      REDIS_HOST_PASSWORD: ${REDIS_PASSWORD}
    volumes:
      - nextcloud_html:/var/www/html
      - nextcloud_data:/var/www/html/data
      - nextcloud_config:/var/www/html/config
      - nextcloud_apps:/var/www/html/custom_apps
    networks: [backend]