services:
  gitea-runner:
    image: gitea/act_runner:latest
    container_name: gitea-runner
    restart: unless-stopped
    volumes:
      - ./data:/data
      - /var/run/docker.sock:/var/run/docker.sock
      - ./config.yaml:/config.yaml:ro
    environment:
      - GITEA_INSTANCE_URL=${GITEA_INSTANCE_URL}
      - GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_REGISTRATION_TOKEN}
      - GITEA_RUNNER_NAME=${GITEA_RUNNER_NAME:-dev-runner}
      - GITEA_RUNNER_LABELS=${GITEA_RUNNER_LABELS:-ubuntu-latest:docker://node:16-bullseye,ubuntu-22.04:docker://node:16-bullseye}
    networks:
      - gitea-runner
    depends_on:
      - docker-dind

  # Docker-in-Docker for isolated job execution
  docker-dind:
    image: docker:dind
    container_name: gitea-runner-dind
    restart: unless-stopped
    privileged: true
    volumes:
      - docker-data:/var/lib/docker
    networks:
      - gitea-runner
      - traefik-public  # Zugriff auf Registry und andere Services
    command: ["dockerd", "--host=unix:///var/run/docker.sock", "--host=tcp://0.0.0.0:2375", "--insecure-registry=94.16.110.151:5000", "--insecure-registry=172.25.0.1:5000", "--insecure-registry=registry:5000", "--insecure-registry=host.docker.internal:5000"]
    # HINWEIS: registry.michaelschiemer.de wird ?ber HTTPS (via Traefik) verwendet - KEINE insecure-registry n?tig!
    # Die insecure-registry Flags sind nur f?r HTTP-Fallbacks (Port 5000) gedacht

networks:
  gitea-runner:
    name: gitea-runner
    driver: bridge
  traefik-public:
    external: true
    name: traefik-public

volumes:
  docker-data:
    name: gitea-runner-docker-data