version: "3"

networks:
  gitea:
    external: false

volumes:
  gitea-data:
  postgres-data:
  traefik-certs:

services:
  traefik:
    image: traefik:v2.9
    container_name: traefik
    restart: always
    ports:
      - "80:80"      # HTTP
      - "443:443"    # HTTPS
      - "8080:8080"  # Dashboard
    networks:
      - gitea
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-certs:/letsencrypt
    command:
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=gitea-docker_gitea"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencrypt.acme.email=bennett.l.david@gmail.com"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
      - "--api=true"
      - "--api.dashboard=true"
      - "--api.insecure=true"
      - "--log.level=DEBUG"
    
  server:
    image: gitea/gitea:latest
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=db:5432
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=gitea
      # Server Configuration
      - GITEA__server__DOMAIN=bee8333.ddns.net
      - GITEA__server__ROOT_URL=https://bee8333.ddns.net/
      - GITEA__server__PROTOCOL=http
      - GITEA__server__HTTP_PORT=3000
      - GITEA__server__SSH_DOMAIN=bee8333.ddns.net
      - GITEA__server__SSH_PORT=2224
      - GITEA__server__SSH_LISTEN_PORT=22
      - GITEA__server__START_SSH_SERVER=false
      - GITEA__server__OFFLINE_MODE=false
      - GITEA__server__ENABLE_GZIP=true
      # Reverse Proxy Settings
      - GITEA__server__USE_PROXY_PROTOCOL=false
      - GITEA__server__PROXY_PROTOCOL_TLS_BRIDGING=false
    restart: always
    networks:
      - gitea
    volumes:
      - gitea-data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "2224:22"    # SSH: Host port 2224 -> Container port 22
    depends_on:
      - db
    labels:
      - "traefik.enable=true"
      # HTTP Configuration for HTTPS access
      - "traefik.http.routers.gitea.rule=Host(`bee8333.ddns.net`)"
      - "traefik.http.routers.gitea.entrypoints=websecure"
      - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
      - "traefik.http.middlewares.gitea-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.gitea.middlewares=gitea-headers@docker"
      # HTTP Configuration for HTTP -> HTTPS redirection
      - "traefik.http.routers.gitea-http.rule=Host(`bee8333.ddns.net`)"
      - "traefik.http.routers.gitea-http.entrypoints=web"
      - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
      - "traefik.http.routers.gitea-http.middlewares=https-redirect@docker"

  db:
    image: postgres:14
    container_name: gitea-db
    restart: always
    environment:
      - POSTGRES_USER=gitea
      - POSTGRES_PASSWORD=gitea
      - POSTGRES_DB=gitea
    networks:
      - gitea
    volumes:
      - postgres-data:/var/lib/postgresql/data