services:
  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_started
    networks:
      - traefik-public
      - infrastructure
    environment:
      - TZ=Europe/Berlin
      - USER_UID=1000
      - USER_GID=1000
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
    volumes:
      - gitea-data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    secrets:
      - postgres_password
    labels:
      - "traefik.enable=true"
      
      # HTTP Router configuration
      - "traefik.http.routers.gitea.rule=Host(`git.michaelschiemer.de`)"
      - "traefik.http.routers.gitea.entrypoints=websecure"
      - "traefik.http.routers.gitea.tls=true"
      - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
      - "traefik.http.routers.gitea.priority=100"
      
      # Service configuration
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
      
      # X-Forwarded-Proto header
      - "traefik.http.middlewares.gitea-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.gitea.middlewares=gitea-headers@docker"
      - "traefik.http.routers.gitea.service=gitea"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/api/healthz"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s

  postgres:
    image: postgres:16-alpine
    container_name: gitea-postgres
    restart: unless-stopped
    networks:
      - infrastructure
    environment:
      - TZ=Europe/Berlin
      - POSTGRES_DB=gitea
      - POSTGRES_USER=gitea
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
    command: >
      postgres
      -c max_connections=300
      -c authentication_timeout=180
      -c statement_timeout=30000
      -c idle_in_transaction_session_timeout=30000
    volumes:
      - gitea-postgres-data:/var/lib/postgresql/data
    secrets:
      - postgres_password
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U gitea -d gitea"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s

  redis:
    image: redis:7-alpine
    container_name: gitea-redis
    restart: unless-stopped
    networks:
      - infrastructure
    environment:
      - TZ=Europe/Berlin
    command: >
      redis-server
      --appendonly yes
      --maxmemory 512mb
      --maxmemory-policy allkeys-lru
    volumes:
      - gitea-redis-data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 10s

networks:
  traefik-public:
    external: true
    name: traefik-public
  infrastructure:
    external: true
    name: infrastructure

volumes:
  gitea-data:
    name: gitea-data
  gitea-postgres-data:
    name: gitea-postgres-data
  gitea-redis-data:
    name: gitea-redis-data

secrets:
  postgres_password:
    file: ./secrets/postgres_password.txt
  redis_password:
    file: ./secrets/redis_password.txt