services:
  gitea:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
    image: gitea/gitea:latest
    container_name: gitea
    environment:
      - APP_NAME="Gitea"
      - USER=git
      - RUN_MODE=prod
      - DOMAIN=gitea.${PUBLIC_DOMAIN}
      - SSH_DOMAIN=gitea.${PUBLIC_DOMAIN}
      - HTTP_PORT=4002
      - ROOT_URL=https://gitea.${PUBLIC_DOMAIN}
      - SSH_PORT=2001
      - SSH_LISTEN_PORT=22
      # Database postgres
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=postgres
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=${GITEA_DATABASE_PASSWORD}
      # Cache redis
      - GITEA__cache__ENABLED=true
      - GITEA__cache__ADAPTER=redis
      - GITEA__cache__HOST=redis://redis:6379/0?pool_size=100&idle_timeout=180s
      - GITEA__cache__ITEM_TTL=24h
    volumes:
      - ${SERVICE_PATH}/gitea/data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - 2001:22
    expose:
      - 4002
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
      # Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.gitea.rule=Host(`gitea.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.gitea.entrypoints=https"
      - "traefik.http.routers.gitea.tls.certresolver=myresolver"
      - "traefik.http.routers.gitea.tls=true"
      - "traefik.http.routers.gitea.service=gitea-service"
      - "traefik.http.services.gitea-service.loadbalancer.server.port=4002"

      # Middlewares
      - "traefik.http.routers.gitea.middlewares=crowdsec-bouncer@file,authelia@file"