version: '3.8'

services:
  npm:
    image: 'jc21/nginx-proxy-manager:latest'
    container_name: 'nginx-proxy-manager'
    restart: unless-stopped
    ports:
      - "80:80"
      - "81:81"
      - "443:443"
    volumes:
      - ../data/npm:/data
      - ../data/npm_letsencrypt:/etc/letsencrypt
    networks:
      - automate-network

  paperless:
    image: 'ghcr.io/paperless-ngx/paperless-ngx:latest'
    container_name: 'paperless'
    restart: unless-stopped
    environment:
      - PAPERLESS_DB_HOST=${PAPERLESS_DB_HOST}
      - PAPERLESS_DB_NAME=${PAPERLESS_DB_NAME}
      - PAPERLESS_DB_USER=${PAPERLESS_DB_USER}
      - PAPERLESS_DB_PASSWORD=${PAPERLESS_DB_PASSWORD}
      - PAPERLESS_REDIS=redis://paperless-redis:6379
    ports:
      - "8000:8000"
    volumes:
      - ../data/paperless:/usr/src/paperless/data
    depends_on:
      - paperless-db
      - paperless-redis
    networks:
      - automate-network

  paperless-db:
    image: 'postgres:13'
    container_name: 'paperless-db'
    restart: unless-stopped
    environment:
      - POSTGRES_DB=${PAPERLESS_DB_NAME}
      - POSTGRES_USER=${PAPERLESS_DB_USER}
      - POSTGRES_PASSWORD=${PAPERLESS_DB_PASSWORD}
    ports:
      - "5432:5432"  # Expose PostgreSQL on host port 5432
    volumes:
      - ../data/paperless_db:/var/lib/postgresql/data
    networks:
      - automate-network

  paperless-redis:
    image: 'redis:alpine'
    container_name: 'paperless-redis'
    ports:
      - "6379:6379"
    restart: unless-stopped
    volumes:
      - ../data/paperless_redis:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - automate-network

  nextcloud:
    image: 'nextcloud:latest'
    container_name: 'nextcloud'
    restart: unless-stopped
    environment:
      - MYSQL_HOST=${NEXTCLOUD_DB_HOST}
      - MYSQL_DATABASE=${NEXTCLOUD_DB_NAME}
      - MYSQL_USER=${NEXTCLOUD_DB_USER}
      - MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
      - OVERWRITEPROTOCOL=https   # Setze das Protokoll auf HTTPS
      - TRUSTED_PROXIES=172.18.0.5  # Setze die trusted_proxies
      - OVERWRITE_CLI_URL=https://cloud.mrx8086.com  # Setze die CLI-URL auf HTTPS      
    ports:
      - "9080:80"    # HTTP Port für Nextcloud
      - "9443:443"   # HTTPS Port für Nextcloud
    volumes:
      - ../data/nextcloud:/var/www/html
      - ../configs/certs/mrx8086.com:/etc/ssl/certs/mrx8086.com
      - ../configs/nextcloud/nextcloud-ssl.conf:/etc/apache2/sites-available/nextcloud-ssl.conf
      - ../configs/nextcloud/hsts.conf:/etc/apache2/conf-available/hsts.conf  # HSTS Konfiguration hinzufügen
      - ../configs/nextcloud/config.php:/var/www/html/config/config.php  # Überschreibe config.php
    depends_on:
      - nextcloud-db
    networks:
      automate-network:
        ipv4_address: 172.18.0.11
    extra_hosts:
      - "auth.mrx8086.com:172.18.0.6"
      - "cloud.mrx8086.com:172.18.0.11"
    command:  >
      bash -c "
      a2enmod ssl &&
      a2ensite nextcloud-ssl &&
      a2enconf hsts &&
      apache2-foreground"
  
  nextcloud-db:
    image: 'mariadb:latest'
    container_name: 'nextcloud-db'
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_DB_ROOT_PASSWORD}
      - MYSQL_DATABASE=${NEXTCLOUD_DB_NAME}
      - MYSQL_USER=${NEXTCLOUD_DB_USER}
      - MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
    ports:
      - "3306:3306"
    volumes:
      - ../data/nextcloud_db:/var/lib/mysql
    networks:
      - automate-network

  kimai:
    image: 'kimai/kimai2:apache'
    container_name: 'kimai'
    restart: unless-stopped
    environment:
      - APP_ENV=prod
      - DATABASE_URL=mysql://${KIMAI_DB_USER}:${KIMAI_DB_PASSWORD}@${KIMAI_DB_HOST}/${KIMAI_DB_NAME}
      - TRUSTED_PROXIES=nginx,localhost,127.0.0.1  # Vertrauenswürdige Proxies für Reverse Proxy Setup
      - ADMINMAIL=${KIMAI_ADMIN_EMAIL}            # E-Mail für den Admin
      - ADMINPASS=${KIMAI_ADMIN_PASSWORD}         # Passwort für den Admin
      - TIMEZONE=Europe/Berlin                    # Zeitzone für Kimai
      - APP_SECRET=${KIMAI_APP_SECRET}            # Sicherer Secret Key für die Anwendung
    ports:
      - "8001:8001"
    volumes:
      - data:/opt/kimai/var/data
      - plugins:/opt/kimai/var/plugins
    depends_on:
      - kimai-db
    networks:
      - automate-network

  kimai-db:
    image: 'mariadb:10.5'
    container_name: 'kimai-db'
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=${KIMAI_DB_ROOT_PASSWORD}
      - MYSQL_DATABASE=${KIMAI_DB_NAME}
      - MYSQL_USER=${KIMAI_DB_USER}
      - MYSQL_PASSWORD=${KIMAI_DB_PASSWORD}
    ports:
      - "3307:3306"
    volumes:
      - ../data/kimai_db:/var/lib/mysql
    networks:
      - automate-network

  n8n:
    image: 'n8nio/n8n:latest'
    container_name: 'n8n'
    restart: unless-stopped
    environment:
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER=${N8N_USER}
      - N8N_BASIC_AUTH_PASSWORD=${N8N_PASSWORD}
      - N8N_PORT=5678
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_HOST=n8n-db
      - DB_POSTGRESDB_DATABASE=${N8N_DB_NAME}
      - DB_POSTGRESDB_USER=${N8N_DB_USER}
      - DB_POSTGRESDB_PASSWORD=${N8N_DB_PASSWORD}
    ports:
      - "5678:5678"
    volumes:
      - ../data/n8n:/home/node/.n8n
    depends_on:
      - n8n-db
    networks:
      - automate-network

  n8n-db:
    image: 'postgres:13'
    container_name: 'n8n-db'
    restart: unless-stopped
    environment:
      - POSTGRES_DB=${N8N_DB_NAME}
      - POSTGRES_USER=${N8N_DB_USER}
      - POSTGRES_PASSWORD=${N8N_DB_PASSWORD}
    volumes:
      - ../data/n8n_db:/var/lib/postgresql/data
    networks:
      - automate-network

  keycloak:
    image: 'quay.io/keycloak/keycloak:latest'
    container_name: 'keycloak'
    restart: unless-stopped
    environment:
      - KC_DB=postgres
      - KC_DB_URL=jdbc:postgresql://keycloak-db:5432/${KEYCLOAK_DB_NAME}
      - KC_DB_USERNAME=${KEYCLOAK_DB_USER}
      - KC_DB_PASSWORD=${KEYCLOAK_DB_PASSWORD}
      - KC_HOSTNAME=auth.mrx8086.com
      - KC_HTTPS_CERTIFICATE_FILE=/etc/x509/https/fullchain.pem
      - KC_HTTPS_CERTIFICATE_KEY_FILE=/etc/x509/https/privkey.pem
      - KC_BOOTSTRAP_ADMIN_USERNAME=${KEYCLOAK_ADMIN_USER}
      - KC_BOOTSTRAP_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
    ports:
      - "8443:8443"
    volumes:
      - ../configs/certs/mrx8086.com:/etc/x509/https
      - ../data/keycloak_data:/opt/keycloak/data
      - ../data/keycloak_transaction_logs:/opt/keycloak/data/transaction-logs
      - ../data/keycloak_conf:/opt/keycloak/conf
      - ../data/keycloak_logs:/opt/keycloak/log
      - ../data/keycloak_tmp:/opt/keycloak/data/tmp   # <--- Neu hinzugefügt
    command:
      - start-dev
    depends_on:
      - keycloak-db
    networks:
      automate-network:
        ipv4_address: 172.18.0.6
    extra_hosts:
      - "auth.mrx8086.com:172.18.0.6"
      - "cloud.mrx8086.com:172.18.0.11"

  keycloak-db:
    image: 'postgres:13'
    container_name: 'keycloak-db'
    restart: unless-stopped
    environment:
      - POSTGRES_DB=${KEYCLOAK_DB_NAME}
      - POSTGRES_USER=${KEYCLOAK_DB_USER}
      - POSTGRES_PASSWORD=${KEYCLOAK_DB_PASSWORD}
    ports:
      - "5433:5432" # Port für PostgreSQL erreichbar machen
    volumes:
      - ../data/keycloak_db:/var/lib/postgresql/data
    networks:
      - automate-network

networks:
  automate-network:
    ipam:
      config:
        - subnet: 172.18.0.0/16

volumes:
  data:
  plugins: