---
version: '3.9'

services:
  gitea:
    image: gitea/gitea:1
    container_name: gitea
    environment:
      - "USER_UID=1000"
      - "USER_GID=1000"
      - "GITEA__database__DB_TYPE=postgres"
      - "GITEA__database__HOST=db:5432"
      - "GITEA__database__NAME={{ gitea.db.name }}"
      - "GITEA__database__USER={{ gitea.db.user }}"
      - "GITEA__database__PASSWD={{ gitea.db.password }}"
      - "GITEA__webhook__ALLOWED_HOST_LIST=*.tobiasmanske.de"
      - "GITEA__oauth2_client__ENABLE_AUTO_REGISTRATION=true"
      - "GITEA__service__DISABLE_REGISTRATION=true"
    restart: always
    networks:
      - default # mirror service needs internet
      - backend
    volumes:
      - gitea_data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitea.rule=Host(`git.tobiasmanske.de`)"
      - "traefik.http.routers.gitea.entryPoints=websecure"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
    ports:
      - "7779:22"
    depends_on:
      db:
        condition: service_healthy

  db:
    image: postgres:14
    restart: always
    environment:
      - "POSTGRES_USER={{ gitea.db.user }}"
      - "POSTGRES_PASSWORD={{ gitea.db.password }}"
      - "POSTGRES_DB={{ gitea.db.name }}"
    networks:
      - backend
    volumes:
      - pg_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready"]
      interval: 10s
      timeout: 5s
      retries: 5

  drone:
    image: drone/drone:2
    restart: always
    environment:
      - "DRONE_GITEA_SERVER=https://git.tobiasmanske.de"
      - "DRONEC_COOKIE_SECRET={{ gitea.drone.cookie_secret }}"
      - "DRONE_GITEA_CLIENT_ID={{ gitea.drone.client_id }}"
      - "DRONE_GIT_ALWAYS_AUTH=true"
      - "DRONE_GITEA_CLIENT_SECRET={{ gitea.drone.client_secret }}"
      - "DRONE_RPC_SECRET={{ gitea.drone.rpc_secret }}"
      - "DRONE_SERVER_HOST=drone.tobiasmanske.de"
      - "DRONE_SERVER_PROTO=https"
      - "DRONE_IMAGE_CLONE=openjdk:17-bullseye"
      - "DRONE_USER_CREATE=username:tobias,admin:true"
    networks:
      - backend
    volumes:
      - drone_data:/data
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.drone.rule=Host(`drone.tobiasmanske.de`)"
      - "traefik.http.routers.drone.entryPoints=websecure"
      - "traefik.http.services.drone.loadbalancer.server.port=80"
    depends_on:
      - gitea

networks:
  backend:
    internal: true

volumes:
  gitea_data:
  drone_data:
  pg_data:
...