version: "3.8"

services:
  app:
    image: gitea/gitea:1.15.2-rootless
    depends_on:
      - db
    expose:
      - "3000"
    ports:
      - "${SSH_PORT}:22"
    restart: unless-stopped
    networks:
      - proxy
      - default
    volumes:
      - /etc/timezone/:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - ${DATA_PATH}/app/data:/var/lib/gitea
      - ${DATA_PATH}/app/config:/etc/gitea
    env_file: secrets/app.secrets
    environment:
      - USER_UID=1000
      - USER_GID=1000
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.services.gitea-web-svc.loadbalancer.server.port=3000"
      - "traefik.http.routers.git-https.service=gitea-web-svc"
      - "traefik.http.middlewares.git-redirect-websecure.redirectscheme.scheme=https"
      - "traefik.http.routers.git-http.middlewares=git-redirect-websecure"
      - "traefik.http.routers.git-http.rule=Host(`${CN}`)"
      - "traefik.http.routers.git-http.entrypoints=web"
      - "traefik.http.routers.git-https.rule=Host(`${CN}`)"
      - "traefik.http.routers.git-https.entrypoints=websecure"
      - "traefik.http.routers.git-https.tls=true"
      - "traefik.http.routers.git-https.tls.certresolver=myhttpchallenge"

  db:
    image: postgres:13.4
    env_file: ./secrets/db.secrets
    restart: unless-stopped
    command: ["postgres", "-c", "log_statement=all", "-c", "logging_collector=on"]
    volumes:
      - ${DATA_PATH}/db/data:/var/lib/postgresql/data
      - ${DATA_PATH}/db/.pgpass:/root/.pgpass

networks:
  proxy:
    external: true