services:
  forgejo:
    image: codeberg.org/forgejo/forgejo:8-rootless
    container_name: forgejo
    secrets:
      - forgejo_internal_token
      - forgejo_root_password
      - forgejo_secret_key
      - lfs_jwt_secret
      - oauth_jwt_secret
      - postgres_user_password
    env_file:
      - ./.secrets/forgejo.env
      - ./config/forgejo/forgejo.env
    environment: 
      USER_UID: 1000
      USER_GID: 1000
 #     FORGEJO__database__NAME: forgejodb
  #    FORGEJO__database__USER: forgejo
   #   FORGEJO__database__HOST: postgres:5432
#      FORGEJO__database__PASSWD_FILE: /run/secrets/postgres_user_password
#      FORGEJO__database__PASSWD: "${FORGEJO__database__PASSWD}"
 #     FORGEJO__server__LFS_JWT_SECRET: "${FORGEJO__server__LFS_JWT_SECRET}"
  #    FORGEJO__security__SECRET_KEY: "${FORGEJO__security__SECRET_KEY}"
   #   FORGEJO__security__INTERNAL_TOKEN: "${FORGEJO__security__INTERNAL_TOKEN}"
    #  FORGEJO__oauth2__JWT_SECRET: "${FORGEJO__oauth2__JWT_SECRET}" 
      ROOT_PASSWORD_FILE: /run/secrets/forgejo_root_password    
    restart: always
    networks:
      forgejo:
        aliases:
          - forgejoever  
    volumes:
      - ./data/forgejo:/var/lib/gitea:Z
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports: 
      - "3000:3000"
      - "30022:30022"
    depends_on:
      - postgres
  reverse-proxy:
    image: ghcr.io/nginxinc/nginx-unprivileged:mainline-alpine-slim
    container_name: reverse_proxy
    restart: always
    ports:
      - "443:8443"
    volumes: 
     - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
     - ./config/nginx/tls.conf:/etc/nginx/conf.d/tls.conf:ro
     - ./data/certs:/etc/nginx/ssl:ro
    networks:
     - forgejo
     - frontend
  acme.sh:
    command:
      - daemon
    container_name: acme.sh
    env_file:
      - ./.secrets/acme.env
#    environment:
#      DEDYN_TOKEN: "${DEDYN_TOKEN}"
    image: 'ghcr.io/polarix-containers/acme.sh:latest'
    restart: always
    volumes:
      - ./data/acme.sh:/acme.sh:Z
      - ./data/certs:/certs:z
  postgres:
    container_name: postgres
    image: cgr.dev/chainguard/postgres:latest
    volumes:
      - ./data/postgres:/var/lib/postgresql/data:Z
    restart: unless-stopped 
    ports:
      - 5432:5432 
    env_file:
      - ./.secrets/acme.env
#    environment:
#      POSTGRES_USER: "forgejo"
#      POSTGRES_DB: "forgejodb"
#      POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
    networks:
      forgejo:
        aliases:  
        - db
networks:
  forgejo:
      external: false
  frontend:
      driver: bridge
secrets:
  forgejo_internal_token:
    file: ./.secrets/forgejo_internal_token
  forgejo_root_password:
    file: ./.secrets/forgejo_root_password
  forgejo_secret_key:
    file: ./.secrets/forgejo_secret_key
  lfs_jwt_secret:
    file: ./.secrets/lfs_jwt_secret
  oauth_jwt_secret:
    file: ./.secrets/oauth_jwt_secret
  postgres_user_password:
    file: ./.secrets/postgres_user_password