---
version: "3.8"

services:
  gitea:
    image: "gitea/gitea:1.12.5"
    configs:
      - source: app_ini
        target: /data/gitea/conf/app.ini
    secrets:
      - db_passwd
      - internal_token
      - jwt_secret
      - secret_key
      - smtp_passwd
    environment:
      - GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION=true
      - GITEA_APP_NAME=Git with solidaritea
      - GITEA_AUTO_WATCH_NEW_REPOS=false
      - GITEA_DB_HOST=mariadb:3306
      - GITEA_DB_NAME=gitea
      - GITEA_DB_TYPE=mysql
      - GITEA_DB_USER=gitea
      - GITEA_DISABLE_REGISTRATION=false
      - GITEA_DOMAIN=git.autonomic.zone
      - GITEA_ENABLE_NOTIFY_MAIL=true
      - GITEA_ENABLE_OPENID_SIGNIN=true
      - GITEA_ENABLE_OPENID_SIGNUP=true
      - GITEA_SSH_PORT=2222
    volumes:
      - "git:/data"
      - "/etc/timezone:/etc/timezone:ro"
      - "/etc/localtime:/etc/localtime:ro"
    networks:
      - proxy
      - internal
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000"]
      interval: 15s
      timeout: 10s
      retries: 10
      start_period: 30s
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.gitea.rule=Host(`git.autonomic.zone`)"
        - "traefik.http.routers.gitea.entrypoints=web-secure"
        - "traefik.http.services.gitea.loadbalancer.server.port=3000"
        - "traefik.http.routers.gitea.tls.certresolver=production"
        - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)"
        - "traefik.tcp.routers.gitea-ssh.entrypoints=gitea-ssh"
        - "traefik.tcp.services.gitea-ssh.loadbalancer.server.port=2222"

  mariadb:
    image: "mariadb:10.5"
    command: |
      mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
    environment:
      - MYSQL_DATABASE=gitea
      - MYSQL_USER=gitea
      - MYSQL_PASSWORD_FILE=/run/secrets/db_passwd
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_passwd
    secrets:
      - db_passwd
      - db_root_passwd
    volumes:
      - "mariadb:/var/lib/mysql"
    networks:
      - internal

networks:
  internal:
  proxy:
    external: true

configs:
  app_ini:
    name: gitea_app_ini_v3
    file: app.ini.tmpl
    template_driver: golang

secrets:
  db_passwd:
    name: gitea_db_passwd_v1
    external: true
  db_root_passwd:
    name: gitea_db_root_passwd_v1
    external: true
  internal_token:
    name: gitea_internal_token_v1
    external: true
  jwt_secret:
    name: gitea_jwt_secret_v1
    external: true
  secret_key:
    name: gitea_secret_key_v1
    external: true
  smtp_passwd:
    name: gitea_smtp_passwd_v1
    external: true

volumes:
  git:
  mariadb: