version: '3.9'

services:
  nginx:
    build:
      context: ./compose/nginx
      dockerfile: Dockerfile
    ports:
      - "80:80"
      - "443:443"
    restart: always
    volumes:
      - ./compose/nginx/conf:/etc/nginx:ro

      # All mount points are read only (:ro) - file uploads/edits are processed inside service containers
      - nextcloud:/var/www/app/nextcloud:ro
      - ${nextcloud_data}:/var/www/app/nextcloud/data:ro

      - certbot_certs:/etc/letsencrypt:ro
    depends_on:
      - default_web_app
      - nextcloud
      - yopass
      - certbot
      - gitea
      - vardadienas

  default_web_app:
    build:
      context: ./projects/default
      dockerfile: Dockerfile
    restart: unless-stopped
    security_opt:
      - no-new-privileges

  redis:
    image: redis:alpine
    restart: always

  nextcloud:
    build:
      context: ./compose/nextcloud
      dockerfile: Dockerfile
    env_file: .env_nextcloud
    volumes:
      - nextcloud:/var/www/html
      # Using path from variable "nextcloud_data" to place data at different disk,
      #   which isn't easily accomplished from compose
      - ${nextcloud_data}:/var/www/html/data
    restart: always
    links:
      - pgdb
      - redis

  pgdb:
    image: postgres:13-alpine
    restart: always
    volumes:
      - ./compose/pgdb/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d:ro
      - pgdb:/var/lib/postgresql/data
    env_file:
      - .env_db

  yopass:
    image: jhaals/yopass
    restart: always
    command: "--redis=redis://redis:6379/1 --database=redis"
    depends_on:
      - redis

  vardadienas:
    image: registry.72.lv/flask-namedays:latest
    restart: always

  certbot:
    image: certbot/dns-digitalocean:latest
    entrypoint: /cb_init.sh
    restart: unless-stopped
    volumes:
      - ./compose/certbot/init.sh:/cb_init.sh
      - certbot_certs:/etc/letsencrypt
      - /var/log/letsencrypt
    env_file:
      - .env_certbot

  gitea:
    image: gitea/gitea:latest-rootless
    restart: always
    volumes:
      - gitea-data:/var/lib/gitea
      - gitea-config:/etc/gitea
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "22:2222"
    environment:
      - USER_UID=1000
      - USER_GID=1000
    env_file:
      - .env_gitea

  qbit:
    image: lscr.io/linuxserver/qbittorrent
    environment:
      - PUID=1000
      - PGID=1001
      - TZ=UTC
    volumes:
      - /config  # persistent unnamed storage
      - ${torrent_path}:/downloads
    ports:
      - "30000:30000"
      - "30000:30000/udp"
    restart: unless-stopped


volumes:
  # named persistent volumes
  nextcloud: {} # nextcloud configuration
  pgdb: {}
  certbot_certs: {}
  registry: {}
  gitea-data: {}
  gitea-config: {}
  qbit_config: {}