# gitea requires ssh access from the host machine, which needs special setup
# In order to create the git user and auth keys, you need to run:
#
#     sudo gitea/setup.sh
#
version: "3"

services:
  gitea:
    image: gitea/gitea:1.17.3
    container_name: gitea
    env_file:
      - ./env.production
    environment:
      - USER_UID=2222 # must match git user on host system
      - USER_GID=2222
      - GITEA_CLIENT_SECRET=${GITEA_CLIENT_SECRET}
      - GITEA_ADMIN_PASSWORD=${GITEA_ADMIN_PASSWORD}
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=gitea-db:5432
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=gitea
      - GITEA__oauth2_client__ENABLE_AUTO_REGISTRATION=true
      - GITEA__openid__ENABLE_OPENID_SIGNIN=true
      - GITEA__openid__ENABLE_OPENID_SIGNUP=false
      - GITEA__service__DISABLE_REGISTRATION=true
      - GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=true
      - GITEA__repository__DEFAULT_BRANCH=main
      - GITEA__server__ROOT_URL=https://${GITEA_HOSTNAME}.${DOMAIN_NAME}/
      - GITEA__server__SSH_DOMAIN=${GITEA_HOSTNAME}.${DOMAIN_NAME}
      - GITEA__security__SECRET_KEY=${GITEA_SESSION_SECRET}
      - GITEA__security__INSTALL_LOCK=true
      - GITEA__mailer__ENABLED=true
      - GITEA__mailer__FROM=git@${DOMAIN_NAME}
      - GITEA__mailer__MAILER_TYPE=smtp
      - GITEA__mailer__HOST=${SMTP_SERVER}:${SMTP_PORT}
      - GITEA__mailer__IS_TLS_ENABLED=false
      - GITEA__mailer__USER=${SMTP_USER}
      - GITEA__mailer__PASSWD=${SMTP_PASSWORD}
    entrypoint: ["/setup.sh"]
    volumes:
      - ./gitea/setup.sh:/setup.sh:ro
      - ./data/gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - /home/git/.ssh/:/data/git/.ssh
    ports:
#      - "3030:3000"
      - "2222:22"  # route host port 2222 to container port 22 for inbound ssh
    restart: always
    depends_on:
      - gitea-db
 
  gitea-db:
    image: postgres:13.4-alpine
    container_name: gitea-db
    restart: always
    environment:
      - POSTGRES_USER=gitea
      - POSTGRES_PASSWORD=gitea
      - POSTGRES_DB=gitea
    volumes:
      - ./data/gitea/postgres:/var/lib/postgresql/data

  # add the gitea nginx configuration into the nginx volume
  nginx:
    volumes:
      - ./gitea/nginx.conf:/etc/nginx/templates/gitea.conf.template:ro

  # add the gitea client secrets to the keycloak-setup volume
  keycloak:
    volumes:
      - ./gitea/keycloak.sh:/keycloak-setup/gitea.sh:ro