[Quadlet]
DefaultDependencies=false

[Unit]
Description=Nextcloud

[Container]
Image=docker.io/library/nextcloud:{{ version['containers']['nextcloud'] }}
ContainerName=nextcloud
HostName=nextcloud

PublishPort={{ services['nextcloud']['ports']['http'] }}:80

Volume=%h/containers/nextcloud/ssl:/etc/ssl/nextcloud:ro
Volume=%h/data/containers/nextcloud/html:/var/www/html:rw

# General
Environment="TZ=Asia/Seoul"
Environment="NEXTCLOUD_TRUSTED_DOMAINS={{ services['nextcloud']['domain']['public'] }}.{{ domain['public'] }}"
Environment="OVERWRITEHOST={{ services['nextcloud']['domain']['public'] }}.{{ domain['public'] }}"
Environment="OVERWRITEPROTOCOL=https"
Environment="OVERWRITECLIURL=https://{{ services['nextcloud']['domain']['public'] }}.{{ domain['public'] }}"
# Initial admin
Environment="NEXTCLOUD_ADMIN_USER=admin-local"
Environment="NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/ADMIN_PASSWORD"
Secret=NEXTCLOUD_ADMIN_PASSWORD,target=/run/secrets/ADMIN_PASSWORD
# PostgreSQL
Environment="POSTGRES_HOST={{ services['postgresql']['domain'] }}.{{ domain['internal'] }}:{{ services['postgresql']['ports']['tcp'] }}"
Environment="POSTGRES_DB=nextcloud_db"
Environment="POSTGRES_USER=nextcloud"
Environment="POSTGRES_PASSWORD_FILE=/run/secrets/DB_PASSWORD"
Secret=NEXTCLOUD_DB_PASSWORD,target=/run/secrets/DB_PASSWORD
Environment="PGSSLMODE=verify-full"
Environment="PGSSLROOTCERT=/etc/ssl/nextcloud/{{ root_cert_filename }}"
## libpq in Nextcloud automatically tries to use a client certificate for mTLS. Therefore, when only TLS is required, then disable the option explicitly.
Environment="PGSSLCERTMODE=disable"
# Redis
Environment="REDIS_HOST=host.containers.internal"
Environment="REDIS_HOST_PORT={{ services['nextcloud']['ports']['redis'] }}"

[Service]
Restart=always
RestartSec=10s
TimeoutStopSec=120

[Install]
WantedBy=default.target