name: gitea

services:
  server:
    image: gitea/gitea:latest
    container_name: gitea
    depends_on:
      - db
    restart: unless-stopped
    volumes:
      - data:/data
      - /srv/gitea/public:/data/gitea/public
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      #- "3005:3000"
      - "2222:22"
    networks:
      - internal
      - proxy
    environment:
      USER_UID: 30003
      USER_GID: 30003
      GITEA__database__DB_TYPE: postgres
      GITEA__database__HOST: db
      GITEA__database__NAME__FILE: /run/secrets/db_name
      GITEA__database__USER__FILE: /run/secrets/db_user
      GITEA__database__PASSWD__FILE: /run/secrets/db_pass
      GITEA__security__SECRET_KEY__FILE: /run/secrets/secret
      GITEA__security__INTERNAL_TOKEN__FILE: /run/secrets/token
      GITEA__server__ROOT_URL__FILE: /run/secrets/root_url
      GITEA__server__DOMAIN__FILE: /run/secrets/domain
      GITEA__server__SSH_DOMAIN__FILE: /run/secrets/ssh_domain
      GITEA__server__SSH_PORT__FILE: /run/secrets/ssh_port
      GITEA__mailer__ENABLED: true
      GITEA__mailer__PROTOCOL: smtp+starttls
      GITEA__mailer__SMTP_PORT: 587
      GITEA__mailer__SMTP_ADDR__FILE: /run/secrets/mail_server
      GITEA__mailer__FROM__FILE: /run/secrets/mail_user
      GITEA__mailer__USER__FILE: /run/secrets/mail_user
      GITEA__mailer__PASSWD__FILE: /run/secrets/mail_pass
      GITEA__oauth2_client__REGISTER_EMAIL_CONFIRM: false
      GITEA__oauth2_client__ENABLE_AUTO_REGISTRATION: true
      GITEA__oauth2_client__ACCOUNT_LINKING: login
      GITEA__oauth2_client__USERNAME: preferred_username
      GITEA__openid__ENABLE_OPENID_SIGNIN: false
      GITEA__service__DISABLE_REGISTRATION: true
      GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: true
      GITEA__ui__THEMES: catppuccin-latte-mauve,catppuccin-frappe-mauve,catppuccin-macchiato-mauve,catppuccin-mocha-mauve,catppuccin-mauve-auto
      GITEA__ui__DEFAULT_THEME: catppuccin-mauve-auto
    secrets:
      - db_user
      - db_pass
      - db_name
      - secret
      - token
      - root_url
      - domain
      - ssh_domain
      - ssh_port
      - mail_server
      - mail_user
      - mail_pass
      - mail_from
      
  db:
    image: postgres:14
    container_name: gitea_db
    restart: unless-stopped
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -d `cat $$POSTGRES_DB_FILE` -U `cat $$POSTGRES_USER_FILE`" ]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    volumes:
      - db:/var/lib/postgresql/data
    networks:
      - internal
    environment:
      POSTGRES_DB_FILE: /run/secrets/db_name
      POSTGRES_USER_FILE: /run/secrets/db_user
      POSTGRES_PASSWORD_FILE: /run/secrets/db_pass
    secrets:
      - db_user
      - db_pass
      - db_name

volumes:
  db:
    name: gitea_db
  data:
    name: gitea_data

networks:
  internal:
    name: gitea-internal
  proxy:
      name: proxy-git
      external: true

secrets:
  db_name:
    file: /srv/docker/secrets/gitea/db/name.txt
  db_user:
    file: /srv/docker/secrets/gitea/db/user.txt
  db_pass:
    file: /srv/docker/secrets/gitea/db/pass.key
  secret:
    file: /srv/docker/secrets/gitea/keys/secret.key
  token:
    file: /srv/docker/secrets/gitea/keys/token.key
  root_url:
    file: /srv/docker/secrets/gitea/root_url.txt
  domain:
    file: /srv/docker/secrets/gitea/domain.txt
  ssh_domain:
    file: /srv/docker/secrets/gitea/ssh_domain.txt
  ssh_port:
    file: /srv/docker/secrets/gitea/ssh_port.txt
  mail_from:
    file: /srv/docker/secrets/gitea/mail_from.txt
  mail_user:
    file: /srv/docker/secrets/mail/user.txt
  mail_pass:
    file: /srv/docker/secrets/mail/pass.txt
  mail_server:
    file: /srv/docker/secrets/mail/host.txt