name: code

services:
  gitea:
    image: ${DOCKER_IMAGE}
    container_name: ${COMPOSE_PROJECT_NAME}_app
    restart: unless-stopped
    environment:
      USER_UID: 1000
      USER_GID: 1000
      GITEA__database__DB_TYPE: postgres
      GITEA__database__HOST: ${DB_HOST}:5432
      GITEA__database__NAME: ${DB_NAME}
      GITEA__database__USER: ${DB_USER}
      GITEA__database__PASSWD: ${DB_PASSWORD}
      GITEA__server__DOMAIN: ${TRAEFIK_HOST}
      GITEA__server__SSH_DOMAIN: ${TRAEFIK_HOST}
      GITEA__server__ROOT_URL: https://${TRAEFIK_HOST}/
      GITEA__server__HTTP_PORT: ${APP_PORT}
      GITEA__server__DISABLE_SSH: ${DISABLE_SSH}
      GITEA__server__SSH_PORT: ${SSH_PORT}
      GITEA__security__INSTALL_LOCK: true
      GITEA__mailer__ENABLED: ${EMAIL_ENABLED}
      GITEA__mailer__SMTP_ADDR: ${EMAIL_SMTP_HOST}
      GITEA__mailer__SMTP_PORT: ${EMAIL_SMTP_PORT}
      GITEA__mailer__FROM: ${EMAIL_FROM}
      GITEA__mailer__USER: ${EMAIL_SMTP_USER}
      GITEA__mailer__PASSWD: ${EMAIL_SMTP_PASSWORD}
    volumes:
      - gitea_data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "${SSH_PORT}:22"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:${APP_PORT}/api/healthz"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 60s
    networks:
      - kompose_network
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.middlewares.${COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https'
      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web.middlewares=${COMPOSE_PROJECT_NAME}-redirect-web-secure'
      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web.rule=Host(`${TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web.entrypoints=web'
      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'
      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'
      - 'traefik.http.middlewares.${COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true'
      - 'traefik.http.routers.${COMPOSE_PROJECT_NAME}-web-secure.middlewares=${COMPOSE_PROJECT_NAME}-web-secure-compress'
      - 'traefik.http.services.${COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=${APP_PORT}'
      - 'traefik.docker.network=${NETWORK_NAME}'

volumes:
  gitea_data:

networks:
  kompose_network:
    name: ${NETWORK_NAME}
    external: true