---
version: '3.9'

services:
  gitea:
    image: gitea/gitea:1
    container_name: gitea
    environment:
      - "USER_UID=1000"
      - "USER_GID=1000"
      - "GITEA__database__DB_TYPE=postgres"
      - "GITEA__database__HOST=db:5432"
      - "GITEA__database__NAME={{ gitea.db.name }}"
      - "GITEA__database__USER={{ gitea.db.user }}"
      - "GITEA__database__PASSWD={{ gitea.db.password }}"
      - "GITEA__webhook__ALLOWED_HOST_LIST=*.tobiasmanske.de"
    restart: always
    networks:
      - backend
      - gateway
    volumes:
      - gitea_data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitea.rule=Host(`git.tobiasmanske.de`)"
      - "traefik.http.routers.gitea.entryPoints=websecure"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
      - "com.centurylinklabs.watchtower.scope=update"
    ports:
      - "7779:22"
    depends_on:
      - db

  db:
    image: postgres:14
    restart: always
    labels:
      - "com.centurylinklabs.watchtower.scope=update"
    environment:
      - POSTGRES_USER="{{ gitea.db.user }}"
      - POSTGRES_PASSWORD="{{ gitea.db.password }}"
      - POSTGRES_DB="{{ gitea.db.name }}"
    networks:
      - backend
    volumes:
      - pg_data:/var/lib/postgresql/data

  drone:
    image: drone/drone:2
    restart: always
    environment:
      - "DRONE_GITEA_SERVER=https://git.tobiasmanske.de"
      - "DRONE_GITEA_CLIENT_ID={{ gitea.drone.client_id }}"
      - "DRONE_GIT_ALWAYS_AUTH=true"
      - "DRONE_GITEA_CLIENT_SECRET={{ gitea.drone.client_secret }}"
      - "DRONE_RPC_SECRET={{ gitea.drone.rpc_secret }}"
      - "DRONE_SERVER_HOST=drone.tobiasmanske.de"
      - "DRONE_SERVER_PROTO=https"
      - "DRONE_IMAGE_CLONE=openjdk:17-bullseye"
    networks:
      - backend
      - gateway
    volumes:
      - drone_data:/data
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.drone.rule=Host(`drone.tobiasmanske.de`)"
      - "traefik.http.routers.drone.entryPoints=websecure"
      - "traefik.http.services.drone.loadbalancer.server.port=80"
      - "com.centurylinklabs.watchtower.scope=update"
    depends_on:
      - gitea

  drone_runner:
    image: drone/drone-runner-docker:1.8
    restart: always
    privileged: true
    labels:
      - "com.centurylinklabs.watchtower.scope=update"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - "DRONE_RPC_SECRET={{ gitea.drone.rpc_secret }}"
      - "DRONE_RPC_HOST=drone.tobiasmanske.de"
      - "DRONE_RPC_PROTO=https"
      - "DRONE_RUNNER_CAPACITY=2"
      - "DRONE_RUNNER_NAME=docker-01"
      - "DRONE_RUNNER_CLONE_IMAGE=drone/git:linux-amd64"
      - "DRONE_RUNNER_VOLUMES=/etc/hosts:/etc/hosts"
    networks:
      - backend
      - default

networks:
  backend:
    internal: true
  gateway:
    external: true

volumes:
  gitea_data:
  drone_data:
  pg_data:
...