version: '3'
volumes:
  # data directory: here are the files stored (/var/lib/egroupware by default)
  data:
    driver_opts:
      type: none
      o: bind
      # to upgrade an existing non-docker installation most easy is to use the existing
      # data directory /var/lib/egroupware AND the host database see below
      #device: /var/lib/egroupware
      # otherwise data is stored in data subdirectory of the current directory
      device: $PWD/data
  # sources directory or document root mounted as /var/www inside the container
  sources:
    driver_opts:
      type: none
      o: bind
      # use this if you have an existing document root with an egroupware directory inside
      #device: /var/www
      # otherwise sources/document is stored in sources subdirectory of current directory
      device: $PWD/sources
  # sources for push server, swoolpush subdirectory of egroupware
  sources-push:
    driver_opts:
      type: none
      o: bind
      device: $PWD/sources/egroupware/swoolepush
  # volume to store config.inc.php file / token shared between egroupware and push container
  push-config:
  # collabora-config
  collabora-config:
    driver_opts:
      type: none
      o: bind
      # to upgrade an existing non-docker installation most easy is to use the existing
      # data directory /var/lib/egroupware AND the host database see below
      #device: /var/lib/egroupware/default/loolwsd
      # otherwise data is stored in data subdirectory of the current directory
      device: $PWD/data/default/loolwsd
  # for Mac and Windows, do NOT use a directory for the DB, as the Docker host is in a VM!
  db:
  sessions:
  # cache files from compose, npm and yarn (actually /root inside the container)
  cache:
  # store Rocket.Chat MongoDB on an (internal) Volume
  mongo:
  # directory to store MongoDB dumps
  rocketchat-dumps:
    driver_opts:
      type: none
      o: bind
      device: $PWD/data/default/rocketchat/dump
  rocketchat-uploads:
    driver_opts:
      type: none
      o: bind
      device: $PWD/data/default/rocketchat/uploads

services:
  egroupware:
    # you can also use tags like: 7.4, 8.0 or 8.1 depending on the PHP version you want to use
    image: egroupware/development:latest
    # setting a default language for a new installation
    #environment:
    #- LANG=de
    volumes:
    - sources:/var/www
    - data:/var/lib/egroupware
    - sessions:/var/lib/php/sessions
    - cache:/root
    - push-config:/var/lib/egroupware-push
    # if you want to use the host database:
    # 1. comment out the whole db service below AND
    # 2. set EGW_DB_HOST=localhost AND
    # 3. uncomment the next line and modify the host path (first one), it depends on your distro:
    #    - RHEL/CentOS   /var/lib/mysql/mysql.sock:/var/run/mysqld/mysqld.sock
    #    - openSUSE/SLE  /var/run/mysql/mysql.sock:/var/run/mysqld/mysqld.sock
    #    - Debian/Ubuntu /var/run/mysqld:/var/run/mysqld
    #- /var/run/mysqld:/var/run/mysqld
    # private CA so egroupware can validate your certificate to talk to Collabora or Rocket.Chat
    # multiple certificates (eg. a chain) have to be single files in a directory, with one named private-ca.crt!
    #- /etc/egroupware-docker/private-ca.crt:/usr/local/share/ca-certificates/private-ca.crt:ro
    environment:
    #
    # MariaDB/MySQL host to use: for internal service use "db", for host database (socket bind-mounted into container) use "localhost"
    - EGW_DB_HOST=db
    # grant host is needed for NOT using localhost / unix domain socket for MySQL/MariaDB
    - EGW_DB_GRANT_HOST=172.%
    # for internal db service you should to specify a root password here AND in db service
    # a database "egroupware" with a random password is created for you on installation (password is stored in header.inc.php in data directory)
    #- EGW_DB_ROOT=root
    - EGW_DB_ROOT_PW=secret
    # alternativly you can specify an already existing database with full right by the given user!
    #- EGW_DB_NAME=egroupware
    #- EGW_DB_USER=egroupware
    #- EGW_DB_PASS=
    #
    # further post_install.php arguments can be passed as a single enviroment variable with space separated assignments
    # "<name1>=<value1> <name2>=<value2>" see https://github.com/EGroupware/egroupware/blob/master/doc/rpm-build/post_install.php#L17
    # to configure eg. LDAP for authentication and account storage use
    #- EGW_POST_INSTALL='account-auth=ldap,ldap ldap_base=ou=egroupware,dc=example,dc=org ldap_host=tls://ldap.example.org ldap_admin=cn=admin,$base ldap_admin_pw=secret ldap_context=cn=users,$base ldap_group_context=cn=groups,$base'
    #
    # extra non-default apps (need to start with EGW_EXTRA_APP!)
    #
    # new push server not yet in composer.json
    - EGW_EXTRA_APP_PUSH=https://github.com/EGroupware/swoolepush.git
    # EPL apps (need extra credentials!)
    #- EGW_EXTRA_APPS_EPL=https://github.com/EGroupwareGmbH/epl.git https://github.com/EGroupwareGmbH/esyncpro.git https://github.com/EGroupwareGmbH/policy.git https://github.com/EGroupwareGmbH/webauthn.git
    # old Wiki
    - EGW_EXTRA_APP_WIKI=https://github.com/EGroupware/wiki.git
    # old API and eTemplate(1)
    - EGW_EXTRA_APP_OLDAPI=https://github.com/EGroupware/phpgwapi.git https://github.com/EGroupware/etemplate.git
    #
    # XDEBUG_REMOTE_HOST need to be set, if the host running the IDE is different from 172.17.0.1 (Mac can use docker.for.mac.localhost)
    - XDEBUG_REMOTE_HOST=docker.for.mac.localhost
    restart: always
    depends_on:
    - db
    container_name: egroupware
    # set the ip-address of your docker host AND your official DNS name so EGroupware
    # can access Rocket.Chat or Collabora without the need to go over your firewall
    #extra_hosts:
    #- "my.host.name:ip-address"

  nginx:
    image: nginx:stable-alpine
    volumes:
    - sources:/var/www:ro
    # to add a certificate create a certificate.pem containing (in that order)
    # 1. private key
    # 2. public key
    # 3. (optional) chain certificates
    # uncomment to the next line
    # ./certificate.pem:/etc/ssl/private/certificate.pem
    # AND uncomment the three lines starting with "listen 443", "ssl_certificate", "ssl_certificate_key" in nginx.conf
    - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
    ports:
    # if no webserver is running on the host, change (first) number to 80 and 443
    - "8080:80"
    - "4443:443"
    depends_on:
    - egroupware
    - push
    - collabora-key
    - rocketchat
    container_name: egroupware-nginx
    restart: always

  # run an own MariaDB:10.5 (you can use EGroupware's database backup and restore to add your existing database)
  db:
    image: mariadb:10.5
    environment:
    #- MYSQL_ROOT=root
    - MYSQL_ROOT_PASSWORD=secret
    volumes:
    - db:/var/lib/mysql
    # to add an own persistent configuration
    #- ./mariadb.cnf:/etc/mysql/mariadb.conf.d/egroupware.cnf
    container_name: egroupware-db
    restart: always
    # make mysql also available on the host
    #ports:
    #- "3306:3306"

  # push server using phpswoole
  push:
    image: phpswoole/swoole:latest-alpine
    command:
      - /var/www/server.php
    volumes:
    - sources-push:/var/www
    - sessions:/var/lib/php/sessions
    - push-config:/var/lib/egroupware-push
    container_name: egroupware-push
    restart: always
    depends_on:
      - egroupware

  # automatic updates of all containers daily at 4am
  # see https://containrrr.github.io/watchtower for more information
  watchtower:
    image: containrrr/watchtower
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    # For automatic EPL Updates (not necessary for CE!) you need to pass docker
    # credentials into watchtower after running: docker login download.egroupware.org
    #- /root/.docker/config.json:/config.json:ro
    environment:
    - WATCHTOWER_CLEANUP=true # delete old image after update to not fill up the disk
    # for email notifications add your email and mail-server here
    #- WATCHTOWER_NOTIFICATIONS=email
    #- WATCHTOWER_NOTIFICATIONS_LEVEL=info # possible values: panic, fatal, error, warn, info or debug
    #- WATCHTOWER_NOTIFICATION_EMAIL_FROM="watchtower@my-domain.com"
    #- WATCHTOWER_NOTIFICATION_EMAIL_TO="me@my-domain.com"
    #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER="mail.my-domain.com" # if you give your MX here, you need no user/password
    #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=25
    #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER="watchtower@my-domain.com"
    #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD="secret"
    command: --schedule "0 0 4 * * *"
    container_name: egroupware-watchtower
    restart: always

  # Collabora Online Office
  collabora-key:
    image: "quay.io/egroupware/collabora-key:stable"
    #image: collabora/code:latest
    volumes:
    - collabora-config:/etc/loolwsd
      # support for Collabora/CODE 21.11+
    - collabora-config:/etc/coolwsd
    # don't try to regenerate the (not used certificate) as volume is readonly
    environment:
    - DONT_GEN_SSL_CERT=1
    restart: always
    container_name: collabora-key
    # set the ip-address of your docker host AND your official DNS name so Collabora
    # can access EGroupware without the need to go over your firewall
    #extra_hosts:
    #- "my.host.name:ip-address"
    depends_on:
      - collabora-init

  # initialise the collabora-config volume
  collabora-init:
    image: "quay.io/egroupware/collabora-key:latest"
    command:  bash -c "test -f /tmp/coolwsd/coolwsd.xml || (cp -p /etc/coolwsd/* /tmp/coolwsd && cd /tmp/coolwsd && ln -s coolwsd.conf loolwsd.conf)"
    volumes:
      - collabora-config:/tmp/coolwsd

  # Rocket.Chat server
  rocketchat:
    image: rocketchat/rocket.chat:latest
    command: bash -c 'for i in `seq 1 30`; do node main.js && s=$$? && break || s=$$?; echo "Tried $$i times. Waiting 5 secs..."; sleep 5; done; (exit $$s)'
    restart: unless-stopped
    volumes:
      - rocketchat-uploads:/app/uploads
    # if EGroupware uses a certificate from a private CA, OAuth authentication will fail, you need to:
    # - have the CA certificate stored at /etc/egroupware-docker/private-ca.crt
    # - uncomment the next 2 lines about the private CA:
    # - /etc/egroupware-docker/private-ca.crt:/usr/local/share/ca-certificates/private-ca.crt:ro
    environment:
      # - NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/private-ca.crt
      # IMPORTANT: change ROOT_URL to your actual url eg. https://domain.com/rocketchat
      - ROOT_URL=http://localhost/rocketchat
      - PORT=3000
      - MONGO_URL=mongodb://mongo:27017/rocketchat
      - MONGO_OPLOG_URL=mongodb://mongo:27017/local
    #     - HTTP_PROXY=http://proxy.domain.com
    #     - HTTPS_PROXY=http://proxy.domain.com
    depends_on:
      - mongo
    container_name: rocketchat
    # set the ip-address of your docker host AND your official DNS name so Rocket.Chat
    # can access EGroupware without the need to go over your firewall
    #extra_hosts:
    #- "my.host.name:ip-address"

  # MongoDB for Rocket.Chat
  mongo:
    image: mongo:4.2
    restart: unless-stopped
    volumes:
      - mongo:/data/db
      - rocketchat-dumps:/dump
    command: mongod --smallfiles --oplogSize 128 --replSet rs0 --storageEngine=mmapv1
    container_name: rocketchat-mongo
  # this container's job is just run the command to initialize the replica set.
  # it will run the command and remove himself (it will not stay running)
  mongo-init-replica:
    image: mongo:4.2
    command: 'bash -c "for i in `seq 1 30`; do mongo mongo/rocketchat --eval \"rs.initiate({ _id: ''rs0'', members: [ { _id: 0, host: ''localhost:27017'' } ]})\" && s=$$? && break || s=$$?; echo \"Tried $$i times. Waiting 5 secs...\"; sleep 5; done; (exit $$s)"'
    depends_on:
      - mongo

  # Portainer: Docker GUI (needs to be enabled in nginx.conf too!)
#   portainer:
#    image: portainer/portainer
#    command: -H unix:///var/run/docker.sock
#    restart: always
#    ports:
#      - 9000:9000
#      - 8000:8000
#    volumes:
#      - /var/run/docker.sock:/var/run/docker.sock
#      - portainer_data:/data
#    container_name: portainer