networks:
  gitea:
    external: false
  traefik-public:
    external: true

services:
  server:
    image: docker.gitea.com/gitea:latest
    container_name: gitea
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.git.rule=Host(`git.speerfam.net`)"
      - "traefik.http.routers.git.entrypoints=websecure"
      - "traefik.http.routers.git.tls.certresolver=myresolver"
      
      # Pulling the security rules dynamically from our file provider setup
      - "traefik.http.routers.git.middlewares=geoblock-policy@file,crowdsec-policy@file,secure-headers@file"
      - "traefik.http.services.git.loadbalancer.server.port=3000"
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=db:5432
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=Unwound9-Salaried-Overshoot
    restart: unless-stopped
    networks:
      - gitea
      - traefik-public
    volumes:
      - /srv/docker/gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "222:22"
    depends_on:
      - db

  db:
    image: docker.io/library/postgres:14
    restart: unless-stopped
    environment:
      - POSTGRES_USER=gitea
      - POSTGRES_PASSWORD=Unwound9-Salaried-Overshoot
      - POSTGRES_DB=gitea
    networks:
      - gitea
    volumes:
      - /srv/docker/gitea/postgres:/var/lib/postgresql/data