version: "3.9"

services:
  nginx:
    image: nginx:alpine
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
    configs:
      - source: nginx
        target: /etc/nginx/nginx.conf
    secrets:
      - source: cakey
        target: /etc/nginx/certs/ca.key
        mode: 0440
      - source: cacer
        target: /etc/nginx/certs/ca.cer
        mode: 0440
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - /data/nginx/conf.d:/etc/nginx/conf.d
      - /data/nginx/html:/usr/share/nginx/html:ro
      - /data/nginx/www_root:/usr/share/nginx/www_root:ro
    networks:
      - inline
    depends_on:
      - gitea
      - registry

  gitea:
    image: gitea/gitea:1.23.7
    ports:
      - target: 22
        published: 22
        mode: host
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - APP_NAME=Where the world builds software
      - RUN_MODE=prod
      - RUN_USER=git
      - DB_TYPE=sqlite3
      - DISABLE_SSH=false
      - LFS_START_SERVER=true
      - REQUIRE_SIGNIN_VIEW=false
      - DISABLE_REGISTRATION=true
      - DEFAULT_ACTIONS_URL=self
      - DOMAIN=git.guzal.cc
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - /data/gitea:/data
    networks:
      - inline

  registry:
    image: registry:latest
    environment:
      - REGISTRY_HTTP_SECRET=HnpapIhqHs6V4fv/lT4iIg==
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - /data/registry:/var/lib/registry
    networks:
      - inline

networks:
  host:
    external: true
    name: "host"
  inline:
    external: false

configs:
  nginx:
    file: ./nginx.conf

secrets:
  cakey:
    file: /root/.acme.sh/guzal.cc_ecc/guzal.cc.key
  cacer:
    file: /root/.acme.sh/guzal.cc_ecc/fullchain.cer