version: '3.5'

networks:
  default:
    external:
      name: traefik_default

services:
  gitea-db:
    image: mariadb:10
    container_name: gitea-db
    restart: unless-stopped
    env_file: live.env
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
    networks:
      - default
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - ${GITEA_ROOT}/db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_DATABASE=gitea

  gitea-app:
    image: gitea/gitea:latest
    container_name: gitea-app
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - ${GITEA_ROOT}/data:/data
      - /home/git/.ssh/:/data/git/.ssh
      
    env_file: live.env
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - DB_TYPE=mysql
      - DB_HOST=gitea-db:3306
      - DB_NAME=gitea
      - DB_USER=${MYSQL_USER}
      - DB_PASSWD=${MYSQL_PASSWORD}
      - DOMAIN=gitea.${DOMAIN}
      - SSH_PORT=2222
      - DISABLE_REGISTRATION=true
      - ROOT_URL=https://gitea.${DOMAIN}/
      - "APP_NAME=Gitea: Git Gud!"
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
      # Routes
      - "traefik.enable=true"
      - "traefik.http.routers.gitea.entrypoints=websecure"
      - "traefik.http.routers.gitea.rule=Host(`gitea.${DOMAIN}`)"
      - "traefik.http.routers.gitea.tls=true"
      - "traefik.http.routers.gitea.tls.certresolver=myresolver"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
      - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.gitea-ssh.entrypoints=ssh"
      - "traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc"
      - "traefik.tcp.services.gitea-ssh-svc.loadbalancer.server.port=2222"
    depends_on:
      - gitea-db
    networks:
      - default