name: gitea-stack

services:
  db:
    image: postgres:16-alpine
    container_name: gitea-db
    restart: unless-stopped
    environment:
      POSTGRES_DB: gitea
      POSTGRES_USER: gitea
      POSTGRES_PASSWORD: ${GITEA_POSTGRES_PASSWORD}
      TZ: Europe/Paris
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
      interval: 10s
      timeout: 5s
      retries: 5
    volumes:
      - ~/Applications/data/gitea/db_data:/var/lib/postgresql/data
    networks:
      - gitea-net

  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    restart: unless-stopped
    depends_on:
      db:
        condition: service_healthy
    environment:
      USER_UID: 1000
      USER_GID: 1000
      # ---- URLs / proxy (Traefik) ----
      GITEA__server__DOMAIN: git.goutailler-olivier.com
      GITEA__server__ROOT_URL: https://git.goutailler-olivier.com/
      GITEA__server__HTTP_PORT: "3000"

      # ---- SSH (optionnel) ----
      # Laisse l’SSH intégré de Gitea activé et expose un port hôte 2222 (voir plus bas)
      GITEA__server__SSH_DOMAIN: git.goutailler-olivier.com
      GITEA__server__START_SSH_SERVER: "true"
      GITEA__server__SSH_PORT: "2222"
      GITEA__server__SSH_LISTEN_PORT: "2222"

      # ---- Base de données ----
      GITEA__database__DB_TYPE: postgres
      GITEA__database__HOST: db:5432
      GITEA__database__NAME: gitea
      GITEA__database__USER: gitea
      GITEA__database__PASSWD: ${GITEA_POSTGRES_PASSWORD}

      TZ: Europe/Paris
    volumes:
      - ~/Applications/data/gitea:/data
      # (facultatif) pour horloge locale dans les logs :
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro

    # Pas d'exposition du port HTTP: Traefik s'en charge
    # On expose seulement l'SSH si tu veux cloner/pusher en SSH
    networks:
      - gitea-net
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.gitea.rule=Host(`git.goutailler-olivier.com`)
      - traefik.http.routers.gitea.entrypoints=websecure
      - traefik.http.routers.gitea.tls.certresolver=le
      - traefik.http.services.gitea.loadbalancer.server.port=3000
      - traefik.docker.network=proxy

      # SSH (TCP router)
      - traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)
      - traefik.tcp.routers.gitea-ssh.tls=false
      - traefik.tcp.routers.gitea-ssh.entrypoints=ssh
      - traefik.tcp.routers.gitea-ssh.service=gitea-ssh
      - traefik.tcp.services.gitea-ssh.loadbalancer.server.port=2222

  act_runner:
    build:
      context: .
      dockerfile: Dockerfile.runner
    extra_hosts:
      - "git.goutailler-olivier.com:host-gateway"
    container_name: gitea-runner
    restart: unless-stopped
    depends_on:
      - gitea
    environment:
      GITEA_INSTANCE_URL: http://gitea:3000
      GITEA_RUNNER_REGISTRATION_TOKEN: ${GITEA_RUNNER_REGISTRATION_TOKEN}
      GITEA_RUNNER_NAME: docker-runner
      GITEA_RUNNER_LABELS: ubuntu-latest:host
      CONFIG_FILE: /config.yaml
      GITEA__actions__ENABLED: "true"
      GITEA__actions__DEFAULT_ACTIONS_URL: http://gitea:3000
    volumes:
      - ~/Applications/data/gitea/runner_data:/data
      - ./runner-config.yaml:/config.yaml:ro
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - gitea-net

networks:
  gitea-net:
    driver: bridge
  proxy:
    external: true
    name: proxy