tailnet/nextcloud/docker-compose.yml.checkpoint

services:
  ts-nextcloud:
    image: tailscale/tailscale:latest
    container_name: ts-nextcloud
    restart: unless-stopped
    hostname: ${TS_HOSTNAME}
    environment:
      - TS_AUTHKEY
      - TS_EXTRA_ARGS
      - TS_SERVE_CONFIG=/ts/serve.json
    volumes:
      - tailscale:/var/lib/tailscale
    devices:
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - net_admin
      - sys_module
    configs:
      - source: ts-config
        target: /ts/serve.json
  caddy:
    build:
      context: .
      dockerfile: Caddy.Dockerfile
    restart: always
    #ports:
    #  - "80:80"
    #  - "443:443"
    volumes:
      - caddy_certs:/certs
      - caddy_data:/data
      - caddy_config:/config
      #- tailscale_sock:/var/run/tailscale:ro
    configs:
      - source: caddy-config
        target: /etc/caddy/Caddyfile
    network_mode: service:ts-nextcloud

  nextcloud-aio-mastercontainer:
    image: ghcr.io/nextcloud-releases/all-in-one:latest
    container_name: nextcloud-aio-mastercontainer
    restart: always
    init: true
    environment:
      APACHE_PORT: 11000
      APACHE_IP_BINDING: 0.0.0.0
      APACHE_ADDITIONAL_NETWORK: ""
      SKIP_DOMAIN_VALIDATION: "false"
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    expose:
      - "8080"

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer
  caddy_certs:
  caddy_data:
  caddy_config:
  tailscale:

configs:
  caddy-config:
    content: |
      {
          layer4 {
              127.0.0.1:3478 {
                  route {
                      proxy {
                          upstream nextcloud-aio-talk:3478
                      }
                  }
              }
              127.0.0.1:3479 {
                  route {
                      proxy {
                          upstream nextcloud-aio-talk:3479
                      }
                  }
              }
          }
      }
      https://${NC_DOMAIN} {
          reverse_proxy nextcloud-aio-apache:11000 {
              header_up X-Forwarded-Proto "https"
              header_up Host {host}
          }
      }
      http://{$NC_DOMAIN} {
          reverse_proxy nextcloud-aio-apache:11000 {
              header_up X-Forwarded-Proto "http"
              header_up Host {host}
          }
      }
  ts-config:
    content: |
      {
        "TCP": {
          "443": {
            "HTTPS": true
          }
        },
        "Web": {
          "$${TS_CERT_DOMAIN}:443": {
            "Handlers": {
              "/": {
                "Proxy": "http://127.0.0.1:11000"
              }
            }
          }
        },
        "AllowFunnel": {
          "$${TS_CERT_DOMAIN}:443": ${TS_ALLOW_FUNNEL:-false}
        }
      }