Moving to bind mounts and docker secrets.

2025-08-31 09:01:44 -07:00
parent ba997b3a9d
commit 0bf2a34edd
4 changed files with 76 additions and 25 deletions
--- a/all-apps/nextcloud/docker-compose.yaml
+++ b/all-apps/nextcloud/docker-compose.yaml
@@ -1,21 +1,58 @@
 version: '3'

+secrets:
+  nextcloud_admin_password:
+    file: ./nextcloud/nextcloud_admin_password
+  nextcloud_admin_user:
+    file: ./nextcloud/nextcloud_admin_user
+  postgres_db:
+    file: ./nextcloud/postgres_db
+  postgres_password:
+    file: ./nextcloud/postgres_password
+  postgres_user:
+    file: ./nextcloud/postgres_user
+  redis_password:
+    file: ./nextcloud/redis_password
+
 services:
  db:
    image: postgres
+    env_file:
+      - ./nextcloud/nextcloud.env
    shm_size: 128mb
    restart: always
    volumes:
-      - db:/var/lib/postgresql/data
+      - /nassella/nextcloud/var-lib-postgresql-data:/var/lib/postgresql/data
    environment:
-      - POSTGRES_DB=nextcloud
-      - POSTGRES_USER=nextcloud
-      - POSTGRES_PASSWORD=password
+      - POSTGRES_DB_FILE=/run/secrets/postgres_db
+      - POSTGRES_USER_FILE=/run/secrets/postgres_user
+      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
    networks:
      - internal
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d `cat $$POSTGRES_DB_FILE` -U `cat $$POSTGRES_USER_FILE`"]
+      start_period: 15s
+      interval: 30s
+      retries: 3
+      timeout: 5s
+    secrets:
+      - postgres_db
+      - postgres_password
+      - postgres_user
  redis:
-    image: redis:alpine
+    image: redis
+    env_file:
+      - ./nextcloud/nextcloud.env
+    command: bash -c 'redis-server --requirepass "$$(cat /run/secrets/redis_password)"'
+    secrets:
+      - redis_password
    restart: always
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli --no-auth-warning -a \"$$(cat /run/secrets/redis_password)\" ping | grep PONG"]
+      start_period: 10s
+      interval: 30s
+      retries: 3
+      timeout: 3s
    networks:
      - internal
  nextcloud:
@@ -24,27 +61,35 @@ services:
      - POSTGRES_HOST=db
      - POSTGRES_DB=nextcloud
      - POSTGRES_USER=nextcloud
-      - POSTGRES_PASSWORD=password
+      - POSTGRES_PASSWORD=dbpassword
      - NEXTCLOUD_ADMIN_PASSWORD=password
      - NEXTCLOUD_ADMIN_USER=admin
      - REDIS_HOST=redis
-      - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud1.nassella.cc
+      - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.nassella.cc # TODO generate this?
    ports:
      - "8080:80"
    depends_on:
-      - redis
-      - db
+      redis:
+        condition: service_healthy
+      db:
+        condition: service_healthy
+    env_file:
+      - ./nextcloud/nextcloud.env
+    secrets:
+      - postgres_db
+      - postgres_password
+      - postgres_user
+      - nextcloud_admin_user
+      - nextcloud_admin_password
+      - redis_password
    networks:
      - lb
      - internal
    volumes:
-      - nextcloud:/var/www
+      - /nassella/nextcloud/var-www-html:/var/www/html
    restart: unless-stopped
 networks:
  lb:
  internal:
    driver: bridge
    internal: true
-volumes:
-  db:
-  nextcloud: