---
version: "3.8"

services:
  gitea:
    image: "gitea/gitea:1.11.5"
    configs:
      - source: app_ini
        target: /data/gitea/conf/app.ini
    secrets:
      - db_passwd
      - internal_token
      - jwt_secret
      - secret_key
    environment:
      - GITEA_APP_NAME=${APP_NAME}
      - GITEA_DB_HOST=${DB_HOST}
      - GITEA_DB_NAME=${DB_NAME}
      - GITEA_DB_TYPE=${DB_TYPE}
      - GITEA_DB_USER=${DB_USER}
      - GITEA_DOMAIN=${DOMAIN}
      - GITEA_SSH_PORT=${SSH_HOST_PORT}
    volumes:
      - "git:/data"
    networks:
      - proxy
      - internal
    deploy:
      update_config:
        failure_action: rollback
      labels:
        - "traefik.enable=true"

        - "traefik.http.routers.gitea.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.gitea.entrypoints=web-secure"
        - "traefik.http.services.gitea.loadbalancer.server.port=3000"
        - "traefik.http.routers.gitea.tls.certresolver=${LETS_ENCRYPT_ENV}"

        - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)"
        - "traefik.tcp.routers.gitea-ssh.entrypoints=gitea-ssh"
        - "traefik.tcp.services.gitea-ssh.loadbalancer.server.port=2222"

  postgres:
    image: "postgres:12"
    secrets:
      - db_passwd
    environment:
      - POSTGRES_USER=gitea
      - POSTGRES_DB=gitea
      - POSTGRES_PASSWORD_FILE=/run/secrets/db_passwd
    networks:
      - internal
    volumes:
      - "db:/var/lib/postgresql/data"

networks:
  internal:
  proxy:
    external: true

configs:
  app_ini:
    name: ${STACK_NAME}_app_ini_${APP_INI_VERSION}
    file: app.ini.tmpl
    template_driver: golang

secrets:
  db_passwd:
    name: ${STACK_NAME}_db_passwd_${DB_PASSWD_VERSION}
    external: true
  internal_token:
    name: ${STACK_NAME}_internal_token_${INTERNAL_TOKEN_VERSION}
    external: true
  jwt_secret:
    name: ${STACK_NAME}_jwt_secret_${JWT_SECRET_VERSION}
    external: true
  secret_key:
    name: ${STACK_NAME}_secret_key_${SECRET_KEY_VERSION}
    external: true

volumes:
  git:
  db: