version: '3.8'

services:
  gitea:
    image: gitea/gitea:1.21
    container_name: gitea
    restart: unless-stopped
    depends_on:
      - postgres
      - redis
    networks:
      - traefik-public
      - gitea-internal
    environment:
      - TZ=Europe/Berlin
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=postgres:5432
      - GITEA__database__NAME=${POSTGRES_DB:-gitea}
      - GITEA__database__USER=${POSTGRES_USER:-gitea}
      - GITEA__database__PASSWD=${POSTGRES_PASSWORD:-gitea_password}
      - GITEA__cache__ENABLED=true
      - GITEA__cache__ADAPTER=redis
      - GITEA__cache__HOST=redis://:${REDIS_PASSWORD:-gitea_redis}@redis:6379/0
      - GITEA__session__PROVIDER=redis
      - GITEA__session__PROVIDER_CONFIG=redis://:${REDIS_PASSWORD:-gitea_redis}@redis:6379/1
      - GITEA__queue__TYPE=redis
      - GITEA__queue__CONN_STR=redis://:${REDIS_PASSWORD:-gitea_redis}@redis:6379/2
      - GITEA__server__DOMAIN=${GITEA_DOMAIN:-git.michaelschiemer.de}
      - GITEA__server__ROOT_URL=https://${GITEA_DOMAIN:-git.michaelschiemer.de}/
      - GITEA__server__SSH_DOMAIN=${GITEA_DOMAIN:-git.michaelschiemer.de}
      - GITEA__server__SSH_PORT=2222
      - GITEA__service__DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-true}
      - GITEA__actions__ENABLED=true
    volumes:
      - gitea-data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "2222:22"  # SSH for Git operations
    labels:
      - "traefik.enable=true"

      # HTTP Router
      - "traefik.http.routers.gitea.rule=Host(`${GITEA_DOMAIN:-git.michaelschiemer.de}`)"
      - "traefik.http.routers.gitea.entrypoints=websecure"
      - "traefik.http.routers.gitea.tls=true"
      - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"

      # Service
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"

      # Middleware
      - "traefik.http.routers.gitea.middlewares=default-chain@file"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/api/healthz"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s

  postgres:
    image: postgres:16-alpine
    container_name: gitea-postgres
    restart: unless-stopped
    networks:
      - gitea-internal
    environment:
      - TZ=Europe/Berlin
      - POSTGRES_DB=${POSTGRES_DB:-gitea}
      - POSTGRES_USER=${POSTGRES_USER:-gitea}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-gitea_password}
    volumes:
      - postgres-data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-gitea} -d ${POSTGRES_DB:-gitea}"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s

  redis:
    image: redis:7-alpine
    container_name: gitea-redis
    restart: unless-stopped
    networks:
      - gitea-internal
    environment:
      - TZ=Europe/Berlin
    volumes:
      - redis-data:/data
    command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD:-gitea_redis}
    healthcheck:
      test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 10s

volumes:
  gitea-data:
    name: gitea-data
  postgres-data:
    name: gitea-postgres-data
  redis-data:
    name: gitea-redis-data

networks:
  traefik-public:
    external: true
  gitea-internal:
    name: gitea-internal
    driver: bridge