services:
  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    env_file:
      - .env
    environment:
      GITEA__DATABASE__PASSWD__FILE: /run/secrets/GITEA__DATABASE__PASSWD
      GITEA__MAILER__USER__FILE: /run/secrets/GITEA__MAILER__USER
      GITEA__MAILER__PASSWD__FILE: /run/secrets/GITEA__MAILER__PASSWD
    restart: unless-stopped
    networks:
      - caddy_internal
      - gitea_db_net
    volumes:
      - /srv/rundata/gitea/data:/data
    # `authorized_keys` file is shared between the host git user and the container git user
      - /home/git/.ssh:/data/git/.ssh
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      # SSHing Shim (with authorized_keys)
      - "127.0.0.1:2222:22"
    depends_on:
      - gitea_db
    secrets:
      - GITEA__DATABASE__PASSWD
      - GITEA__MAILER__USER
      - GITEA__MAILER__PASSWD

  gitea_db:
    image: postgres:14
    container_name: gitea_pg_db
    restart: unless-stopped
    environment:
      USER_UID: ${USER_UID}
      USER_GID: ${USER_GID}
      POSTGRES_USER: ${GITEA__DATABASE__USER}
      POSTGRES_DB: ${GITEA__DATABASE__NAME}
      POSTGRES_PASSWORD_FILE: /run/secrets/GITEA__DATABASE__PASSWD
    networks:
      - gitea_db_net
    volumes:
      - /srv/rundata/gitea/postgres:/var/lib/postgresql/data
    secrets:
       - GITEA__DATABASE__PASSWD

networks:
  caddy_internal:
    name: caddy_internal
    external: true
  gitea_db_net:
    internal: true

secrets:
  GITEA__DATABASE__PASSWD:
    file: /run/secrets/gitea/GITEA__DATABASE__PASSWD
  GITEA__MAILER__USER:
    file: /run/secrets/gitea/GITEA__MAILER__USER
  GITEA__MAILER__PASSWD:
    file: /run/secrets/gitea/GITEA__MAILER__PASSWD