Client-Ansible-Setup/services/service_nextcloud/docker-compose.yml

# {{ ansible_managed }}
services:

  # Gluetun is used to connect container to VPN
  nextcloud-gluetun:
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - VPN_ENDPOINT_IP={{ proxy_server_ip }}
      - VPN_ENDPOINT_PORT={{ proxy_server_vpn_port }}
      - WIREGUARD_PUBLIC_KEY={{ vpn_server_pubkey }}
      - WIREGUARD_PRIVATE_KEY={{ nextcloud_service_privkey }}
      - WIREGUARD_ADDRESSES=10.0.0.5/32
      - FIREWALL_VPN_INPUT_PORTS=11000,80
      - FIREWALL_INPUT_PORTS=11000,80,9000,6379,5432
    volumes:
      # Custom IPTables forwarding rules to forward TCP(web) traffic from port 11000 to port 80
      - ./post-rules.txt:/iptables/post-rules.txt
    ports:
      - "11000:11000"
    deploy:
      resources:
        limits:
          cpus: '0.10'
          memory: 512M

  nextcloud-cache:
    network_mode: "service:nextcloud-gluetun"
    image: redis:alpine
    restart: always
    mem_limit: 2048m
    mem_reservation: 512m
    command: redis-server --requirepass {{ service_nextcloud_postgres_pass }}
    deploy:
      resources:
        limits:
          cpus: '0.10'
          memory: 2048M

  nextcloud-db:
    network_mode: "service:nextcloud-gluetun"
    image: postgres:16-alpine
    restart: always
    volumes:
      - ./nextcloud-database:/var/lib/postgresql/data:Z
      - /etc/localtime:/etc/localtime:ro
    environment:
      - POSTGRES_PASSWORD={{ service_nextcloud_postgres_pass }}
      - POSTGRES_DB=nextcloud
      - POSTGRES_USER=nextcloud
    deploy:
      resources:
        limits:
          cpus: '0.10'
          memory: 128M

  nextcloud:
    network_mode: "service:nextcloud-gluetun"
    image: nextcloud
    restart: always
      #    links:
      #      - nextcloud-db
    volumes:
      - /nextcloud-data:/var/www/html
    environment:
      - REDIS_HOST=127.0.0.1
      - REDIS_HOST_PASSWORD={{ service_nextcloud_postgres_pass }}
      - POSTGRES_PASSWORD={{ service_nextcloud_postgres_pass }}
      - POSTGRES_DB=nextcloud
      - POSTGRES_USER=nextcloud
      - POSTGRES_HOST=127.0.0.1
      # For reverse proxies
      - TRUSTED_PROXIES=10.0.0.1
      - OVERWRITEHOST=nextcloud.{{ domain_name }}
      - OVERWRITEPROTOCOL=https
      - OVERWRITECLIURL=https://nextcloud.{{ domain_name }}
    deploy:
      resources:
        limits:
          cpus: '0.25'
          memory: 512M