services:
  gitea:
    image: docker.gitea.com/gitea:1.26.2@sha256:7d13848af12645600a5f9d93ee2560daa9c6fa6b5b859b7bff3a5e1c0b661031
    container_name: gitea
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__server__DOMAIN=git.kaleschke.info
      - GITEA__server__ROOT_URL=https://git.kaleschke.info/
      - GITEA__database__DB_TYPE=sqlite3
      - GITEA__service__DISABLE_REGISTRATION=true
      - GITEA__service__REGISTER_EMAIL_CONFIRM=true
      - GITEA__openid__ENABLE_OPENID_SIGNIN=false
      - GITEA__openid__ENABLE_OPENID_SIGNUP=false
      - GITEA__migrations__ALLOWED_DOMAINS=github.com
      - GITEA__webhook__ALLOWED_HOST_LIST=komodo-core,localhost,127.0.0.1,192.168.178.0/24
    volumes:
      - /mnt/user/services/gitea/data:/data
    dns:
      - 1.1.1.1
      - 8.8.8.8
    ports:
      - "222:22"
    networks:
      - frontend_net
    healthcheck:
      test: ["CMD-SHELL", "wget -q --spider http://localhost:3000/api/healthz || exit 1"]
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 60s
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=frontend_net"
      - "traefik.http.routers.gitea.rule=Host(`git.kaleschke.info`)"
      - "traefik.http.routers.gitea.entrypoints=websecure"
      - "traefik.http.routers.gitea.tls=true"
      - "traefik.http.routers.gitea.tls.certresolver=le"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
      
networks:
  frontend_net:
    external: true