version: "3"

services:
  app:
    image: gitea/gitea:${GITEA_VERSION}
    restart: unless-stopped
    depends_on:
      - db
    environment:
      - USER_GID=${USER_GID}
      - USER_UID=${USER_UID}
    labels:
      - traefik.docker.network=traefik-proxy
      - traefik.enable=true
      ### Section HTTP
      - traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http
      - traefik.http.services.${TRAEFIK_SERVICE}.loadbalancer.server.port=8080
      # redirect to HTTPS only
      - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https
      - traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_HOST}`)
      ### Section HTTPS
      - traefik.http.routers.https-${TRAEFIK_ROUTER}.entrypoints=https
      - traefik.http.services.${TRAEFIK_SERVICE}.loadbalancer.server.port=3000
      # configure the exposed service
      - traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_HOST}`)
      # of course, enable TLS and it's certificate provider
      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls=true
      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls.certresolver=letsencrypt
    networks:
      - internal
      - traefik-proxy
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - ./data/gitea:/data
      - ${GIT_HOMEDIR}/.ssh:/data/git/.ssh
    ports:
      - ${SSH_PORT}:22
  db:
    image: mariadb:${MYSQL_VERSION}
    restart: unless-stopped
    environment:
      - MYSQL_DATABASE=${MYSQL_DATABASE}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_RANDOM_ROOT_PASSWORD=yes
      - MYSQL_USER=${MYSQL_USER}
    networks:
      - internal
    volumes:
      - ./data/mysql:/var/lib/mysql

networks:
  internal:
  traefik-proxy:
    external: true