[Unit]
Description=Nextcloud Nginx Reverse Proxy
Documentation=https://hub.docker.com/r/nginxinc/nginx-unprivileged/
After=network.target nextcloud-app.service var-lib-virtiofs-data.mount
Requires=nextcloud-app.service var-lib-virtiofs-data.mount

# Only start if Nextcloud has been configured
ConditionPathExists=/etc/quadlets/nextcloud/config.env

# Start/stop this unit when the target is started/stopped
PartOf=nextcloud.target

[Container]
ContainerName=nextcloud-nginx
Image=docker.io/nginxinc/nginx-unprivileged:${NGINX_MAJOR}-alpine

# Network configuration
Network=host
AddCapability=CAP_NET_BIND_SERVICE

# No need for root privileges
User=nginx
Group=nginx

# UID/GID mapping to map the nginx (101) user inside the container to arbitrary user 10008 / group 10000 on the host
UIDMap=0:1000000:65535
UIDMap=+101:10008:1
GIDMap=0:1000000:65535
GIDMap=+101:10000:1

# Volume mounts
Volume=/var/lib/virtiofs/data/nextcloud:/var/www/html:z
Volume=/etc/quadlets/nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro

# Health check (equivalent to readiness probe)
HealthCmd=curl -sSfL http://localhost/status.php
HealthInterval=30s
HealthTimeout=10s
HealthStartPeriod=10s
HealthRetries=3

[Service]
Restart=always
RestartSec=5
TimeoutStartSec=300
TimeoutStopSec=30

# These environment variables are sourced to be used by systemd in the Exec* commands
EnvironmentFile=/etc/quadlets/nextcloud/config.env

[Install]
WantedBy=nextcloud.target