version: "3.9"

networks:
  traefik_proxy:
    external: true
  forgejo_net:
    external: false

services:
  forgejo_db:
    image: postgres:16
    container_name: forgejo_db
    restart: unless-stopped
    networks:
      - forgejo_net
    environment:
      - POSTGRES_DB=forgejo
      - POSTGRES_USER=forgejo
      - POSTGRES_PASSWORD=change_db_password
    volumes:
      - ./db:/var/lib/postgresql/data

  forgejo_redis:
    image: redis:7-alpine
    container_name: forgejo_redis
    restart: unless-stopped
    networks:
      - forgejo_net
    volumes:
      - ./redis:/data

  forgejo:
    image: codeberg.org/forgejo/forgejo:latest
    container_name: forgejo
    restart: unless-stopped
    networks:
      - traefik_proxy
      - forgejo_net
    depends_on:
      - forgejo_db
      - forgejo_redis
    environment:
      - USER_UID=1000
      - USER_GID=1000

      - FORGEJO__database__DB_TYPE=postgres
      - FORGEJO__database__HOST=forgejo_db:5432
      - FORGEJO__database__NAME=forgejo
      - FORGEJO__database__USER=forgejo
      - FORGEJO__database__PASSWD=change_db_password

      - FORGEJO__cache__ADAPTER=redis
      - FORGEJO__cache__HOST=network=tcp,addr=forgejo_redis:6379,db=0,pool_size=100,idle_timeout=180

      - FORGEJO__server__ROOT_URL=https://git.example.com
      - FORGEJO__server__DOMAIN=git.example.com
    volumes:
      - ./data:/var/lib/gitea
    labels:
      - "traefik.enable=true"

      # HTTP -> HTTPS
      - "traefik.http.routers.forgejo-http.rule=Host(`git.example.com`)"
      - "traefik.http.routers.forgejo-http.entrypoints=web"
      - "traefik.http.routers.forgejo-http.middlewares=forgejo-https-redirect"
      - "traefik.http.middlewares.forgejo-https-redirect.redirectscheme.scheme=https"

      # HTTPS + Authelia
      - "traefik.http.routers.forgejo-https.rule=Host(`git.example.com`)"
      - "traefik.http.routers.forgejo-https.entrypoints=websecure"
      - "traefik.http.routers.forgejo-https.tls.certresolver=letsencrypt"
      - "traefik.http.routers.forgejo-https.middlewares=authelia-auth@file"

  forgejo_runner:
    image: codeberg.org/forgejo/runner:latest
    container_name: forgejo_runner
    restart: unless-stopped
    depends_on:
      - forgejo
    networks:
      - forgejo_net
    volumes:
      - ./runner:/data
    environment:
      - FORGEJO_INSTANCE_URL=https://git.example.com
      - FORGEJO_RUNNER_REGISTRATION_TOKEN=CHANGE_ME
      - FORGEJO_RUNNER_NAME=server-runner
      - FORGEJO_RUNNER_LABELS=ubuntu,server