Refactor: Reorganize services into standalone structure

services/standalone/Productivity/docker-compose.yml

@@ -0,0 +1,83 @@
+version: '3.8'
+
+networks:
+  traefik-public:
+    external: true
+  productivity-backend:
+    driver: bridge
+
+volumes:
+  nextcloud_data:
+  nextcloud_db:
+  nextcloud_redis:
+
+services:
+  nextcloud-db:
+    image: postgres:15-alpine
+    container_name: nextcloud-db
+    restart: unless-stopped
+    volumes:
+      - nextcloud_db:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_DB=nextcloud
+      - POSTGRES_USER=nextcloud
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} # Set in .env
+    networks:
+      - productivity-backend
+
+  nextcloud-redis:
+    image: redis:7-alpine
+    container_name: nextcloud-redis
+    restart: unless-stopped
+    volumes:
+      - nextcloud_redis:/data
+    networks:
+      - productivity-backend
+
+  nextcloud:
+    image: nextcloud:latest
+    container_name: nextcloud
+    restart: unless-stopped
+    volumes:
+      - nextcloud_data:/var/www/html
+    environment:
+      - POSTGRES_HOST=nextcloud-db
+      - POSTGRES_DB=nextcloud
+      - POSTGRES_USER=nextcloud
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - REDIS_HOST=nextcloud-redis
+      - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
+      - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
+      - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.sterl.xyz
+      - OVERWRITEPROTOCOL=https
+      - OVERWRITEHOST=nextcloud.sterl.xyz
+      - TRUSTED_PROXIES=172.16.0.0/12
+    depends_on:
+      - nextcloud-db
+      - nextcloud-redis
+    networks:
+      - traefik-public
+      - productivity-backend
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.sterl.xyz`)"
+      - "traefik.http.routers.nextcloud.entrypoints=websecure"
+      - "traefik.http.routers.nextcloud.tls.certresolver=cfresolver"
+      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
+      # Nextcloud-specific middlewares
+      - "traefik.http.routers.nextcloud.middlewares=nextcloud-chain"
+      - "traefik.http.middlewares.nextcloud-chain.chain.middlewares=nextcloud-caldav,nextcloud-headers"
+      # CalDAV/CardDAV redirect
+      - "traefik.http.middlewares.nextcloud-caldav.redirectregex.regex=^https://(.*)/.well-known/(card|cal)dav"
+      - "traefik.http.middlewares.nextcloud-caldav.redirectregex.replacement=https://$$1/remote.php/dav/"
+      - "traefik.http.middlewares.nextcloud-caldav.redirectregex.permanent=true"
+      # Security headers
+      - "traefik.http.middlewares.nextcloud-headers.headers.stsSeconds=31536000"
+      - "traefik.http.middlewares.nextcloud-headers.headers.stsIncludeSubdomains=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.stsPreload=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.forceSTSHeader=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.customFrameOptionsValue=SAMEORIGIN"
+      - "traefik.http.middlewares.nextcloud-headers.headers.customResponseHeaders.X-Robots-Tag=noindex,nofollow"
+      - "docktail.enable=true"
+      - "docktail.name=nextcloud"
+      - "docktail.container_port=80"