version: "3.3"

services:

  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    command:
#      - "--log.level=DEBUG"  # disable in prod
      - "--api.insecure=true" # disable in prod
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.file.directory=/etc/traefik/dynamic_conf.d"
      - "--entryPoints.https.address=:443"
      - "--entryPoints.http.address=:80"
      - "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/letsencrypt/acme.json"
      - "--certificatesresolvers.letsencrypt.acme.email=infra@clps.ch"
      - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
    volumes:
      - "/home/cloud/traefik/dynamic_conf.d:/etc/traefik/dynamic_conf.d/"
      - "/home/cloud/traefik/letsencrypt/acme.json:/etc/traefik/letsencrypt/acme.json"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "8069:8080"

  grafana:
    image: "grafana/grafana:latest"
    container_name: "grafana"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.grafana.rule=Host(`grafana.clps.ch`)"
      - "traefik.http.routers.grafana.entrypoints=https"
      - "traefik.http.routers.grafana.tls.certresolver=letsencrypt"
      - "traefik.http.routers.grafana.tls=true"
      - "traefik.http.services.grafana.loadbalancer.server.port=3000"
    depends_on:
      - traefik
    restart: unless-stopped
    environment:
      - GF_SECURITY_ADMIN_USER=admin
      - GF_SECURITY_ADMIN_PASSWORD=grafana
    volumes:
      - ./grafana:/etc/grafana/provisioning/datasources

  prometheus:
    image: "prom/prometheus:latest"
    container_name: "prometheus"
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
    restart: unless-stopped
    volumes:
      - ./prometheus:/etc/prometheus
      - prom_data:/prometheus
    #labels:      # We might want to reserve this interface to a closed network
    #  - "traefik.enable=true"
    #  - "traefik.http.routers.prometheus.rule=Host(`prom.clps.ch`)"
    #  - "traefik.http.routers.prometheus.entrypoints=https"
    #  - "traefik.http.routers.prometheus.tls.certresolver=letsencrypt"
    #  - "traefik.http.routers.prometheus.tls=true"
    #  - "traefik.http.services.prometheus.loadbalancer.server.port=9090"
    depends_on:
      -  traefik

  nextcloud:
    image: "nextcloud/all-in-one:latest"
    container_name: "nextcloud-aio-mastercontainer"
    init: true
    environment:
      - "APACHE_PORT=11000"
      - "APACHE_IP_BINDING=0.0.0.0"
    ports:
      -  "8080:8080" # disable in prod
      -  "8443:8443" # disable in prod
    volumes:
      - "nextcloud_aio_mastercontainer:/mnt/docker-aio-config"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    depends_on:
      -  traefik
    restart: unless-stopped

volumes:
  nextcloud_aio_mastercontainer:
  prom_data: