services:
  forgejo:
    image: codeberg.org/forgejo/forgejo:9-rootless
    container_name: forgejo
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000"]
    environment:
      ROOT_PASSWORD_FILE: /run/secrets/forgejo_root_password
    restart: always
    networks:
      forgejo:
        ipv4_address: 172.20.0.5
    volumes:
      - ./data/forgejo:/var/lib/gitea:Z
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    depends_on:
      - postgres
  reverse_proxy:
    image: ghcr.io/nginxinc/nginx-unprivileged:mainline-alpine-slim
    container_name: reverse_proxy
    restart: always
    ports:
      - "443:8443"
      - "8444:8444"
      - "80:8080"
      - "30022:30022"
    volumes:
     - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
     - ./config/nginx/tls.conf:/etc/nginx/conf.d/tls.conf:ro
     - ./data/certs:/etc/nginx/ssl:ro
     - /home/static_site/public:/usr/share/nginx/html:ro
    networks:
     - forgejo
     - frontend
    depends_on:
     forgejo:
       condition: service_healthy
       restart: true
  acme.sh:
    command:
      - daemon
    container_name: acme.sh
    env_file:
      - ./.secrets/acme.env
    image: ghcr.io/polarix-containers/acme.sh:latest
    restart: always
    volumes:
      - ./data/acme.sh:/acme.sh:Z
      - ./data/certs:/certs:z
  postgres:
    container_name: postgres
    image: ghcr.io/polarix-containers/postgres:16
    volumes:
      - ./data/postgres:/var/lib/postgresql/data:Z
    restart: always
    env_file:
      - ./.secrets/acme.env
    networks:
      forgejo:
        ipv4_address: 172.20.0.6
networks:
  forgejo:
      ipam:
        config:
          - subnet: 172.20.0.0/24
      external: false
  frontend:
      driver: bridge