version: "2"

services:
  server:
    image: codeberg.org/forgejo/forgejo:7.0.2-rootless
    restart: always
    volumes:
      - ./data:/var/lib/gitea
      - ./config:/etc/gitea
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    expose: [ 3000 ]
    ports:
      # - "3000:3000"
      - "2222:2222"
    labels:
      traefik.enable: true
      traefik.http.routers.gitea.rule: Host(`git.tams.tech`, `git.techwork.zone`)
      traefik.http.routers.gitea.tls: true
      traefik.http.routers.gitea.tls.certresolver: letsencrypt
      traefik.http.services.gitea-service.loadbalancer.server.port: 3000
    networks:
      - gitea
      - web
    environment: {}
      # GITEA__database__DB_TYPE: postgres
      # GITEA__database__HOST: database:5432
      # GITEA__database__NAME: gitea
      # GITEA__database__USER: gitea
      # GITEA__database__PASSWD__FILE: /run/secrets/pg_password
      # GITEA__mailer__ENABLED: 'true'
      # GITEA__mailer__FROM: git@tams.tech
      # GITEA__mailer__PROTOCOL: smtps
      # GITEA__mailer__SMTP_ADDR: in-v3.mailjet.com
      # GITEA__mailer__USER__FILE: /run/secrets/mail_api_key
      # GITEA__mailer__PASSWD__FILE: /run/secrets/mail_secret
    depends_on:
      - database
    secrets:
      - mail_api_key
      - mail_secret
      - pg_password

  database:
    image: postgres:14
    restart: always
    environment:
      POSTGRES_USER: gitea
      POSTGRES_PASSWORD_FILE: /run/secrets/pg_password
      POSTGRES_DB: gitea
    volumes:
      - ./db:/var/lib/postgresql/data
    networks: [ gitea ]
    secrets: [ pg_password ]

secrets:
  pg_password:
    file: ./.pg.pw
  mail_api_key:
    file: ./.mailjet.id
  mail_secret:
    file: ./.mailjet.id

networks:
  gitea:
    internal: true
  web:
    external: true