version: "3"

services:
  gitea:
    image: gitea/gitea:latest
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__service__DISABLE_REGISTRATION=true
      - GITEA__actions__ENABLED=true
      - GITEA__actions__DEFAULT_ACTIONS_URL=self
      - GITEA__packages__ENABLED=true
    container_name: gitea
    restart: unless-stopped
    volumes:
      - {{ server.work_dir }}/gitea/data/:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    networks:
      - proxy
      - interne
    labels:
      - traefik.enable=true
      - traefik.docker.network=proxy
      # HTTP Reverse proxy Gitea
      - traefik.http.routers.gitea-secure.entrypoints=https
      - traefik.http.routers.gitea-secure.rule=Host(`gitea.{{ server.domain }}`)
      - traefik.http.routers.gitea-secure.tls=true
      - traefik.http.routers.gitea-secure.tls.certresolver=sslResolver
      - traefik.http.routers.gitea-secure.service=gitea
      - traefik.http.services.gitea.loadbalancer.server.port=3000
      # TCP SSH Reverse proxy Gitea
      - traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)
      - traefik.tcp.routers.gitea-ssh.entrypoints=ssh
      - traefik.tcp.routers.gitea-ssh.service=gitea-ssh
      - traefik.tcp.services.gitea-ssh.loadbalancer.server.port=22
    logging:
      driver: loki
      options:
        loki-url: "https://lokidoki:vEGH5Z5siWgcDkNknvCVzPCyqhHSBJCBjeBRZJvxUP8SdgfxJ6AqCGutCWugGsx5@loki.mrdev023.fr/loki/api/v1/push"
        mode: non-blocking

  runner:
    image: gitea/act_runner:latest-dind-rootless
    restart: unless-stopped
    privileged: true
    depends_on:
      - gitea
    volumes:
      - {{ server.work_dir }}/gitea/runner/:/data
    environment:
      - DOCKER_HOST=unix:///var/run/user/1000/docker.sock
      - GITEA_INSTANCE_URL=https://gitea.{{ server.domain }}
      - GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea.runner_registration_token }}

networks:
  interne:
  metrics:
    external: true
  proxy:
    external: true