version: "3.8"

services:
  app:
    image: gitea/gitea:1.20.5-rootless
    depends_on:
      - db
    expose:
      - "3000"
    ports:
      - "${SSH_PORT}:22"
    restart: unless-stopped
    networks:
      - proxy
      - default
    volumes:
      - /etc/timezone/:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - ${DATA_PATH}/app/data:/var/lib/gitea
      - ${GNOUS_WEB_PATH}:/var/lib/apache
      - ${DATA_PATH}/app/config:/etc/gitea
    env_file: secrets/app.secrets
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GNUPGHOME=/var/lib/gitea/git/.gnupg
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.services.gitea-svc.loadbalancer.server.port=3000"
      - "traefik.http.routers.gitea.service=gitea-svc"
      - "traefik.http.routers.gitea.entrypoints=websecure"
      - "traefik.http.routers.gitea.rule=Host(`${CN}`)"

  db:
    image: postgres:13.11-alpine
    env_file: ./secrets/db.secrets
    restart: unless-stopped
    volumes:
      - ${DATA_PATH}/db/data:/var/lib/postgresql/data
      - ${DATA_PATH}/db/.pgpass:/root/.pgpass
    labels:
      - "co.elastic.logs/module=postgresql"
      - "co.elastic.logs/fileset=log"

networks:
  proxy:
    external: true