# vi: ft=yaml
version: "3"

networks:
  traefik:
    external: true

configs:
  config:
    external: true
    name: "{{ config.config_name }}"

volumes:
  forgejo:
    driver_opts:
      type: "nfs"
      o: "addr=lewis.dmz,nolock,soft,rw"
      device: ":/mnt/data/nfs/forgejo"

services:
  forgejo:
    image: codeberg.org/forgejo/forgejo:1.20
    environment:
      - USER_UID=1000
      - USER_GID=1000
    networks:
      - traefik
    ports:
      - "{{ git_ssh_port }}:22"
    volumes:
      - type: volume
        source: forgejo
        target: /data
        volume:
          nocopy: true
      # TODO: fix this
      # - /etc/timezone:/etc/timezone:ro
      # - /etc/localtime:/etc/localtime:ro
    deploy:
      placement:
        constraints:
          - node.role == manager
      labels:
        - traefik.port=443
        - traefik.enable=true
        - traefik.http.routers.forgejo.entrypoints=websecure
        - traefik.http.routers.forgejo.rule=Host(`{{ git_domain }}`)
        - traefik.http.routers.forgejo.tls=true
        - traefik.http.routers.forgejo.tls.certresolver=letsencrypt
        - traefik.http.routers.forgejo.service=forgejo
        - traefik.http.services.forgejo.loadbalancer.server.port=3000
        - traefik.docker.network=traefik
        - traefik.http.middlewares.set-forwarded-for.headers.hostsProxyHeaders=X-Forwarded-For
        - traefik.http.routers.forgejo.middlewares=set-forwarded-for
    configs:
      - source: config
        target: /data/gitea/conf/app.ini