services:
  gitea:
    image: docker.gitea.com/gitea:1.23.8
    container_name: gitea
    restart: always
    environment:
      - GITEA_CUSTOM=/etc/gitea
    volumes:
      - ./hdd0/gitea:/data
      - ./config/gitea:/etc/gitea
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
      - traefik.enable=true
      # HTTP/S
      - traefik.http.routers.gitea.rule=Host(`git.bouvais.lu`)
      - traefik.http.routers.gitea.entrypoints=websecure
      - traefik.http.routers.gitea.tls.certresolver=myresolver
      - traefik.http.services.gitea.loadbalancer.server.port=3000
      # SSH
      - traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)
      - traefik.tcp.routers.gitea-ssh.entrypoints=ssh
      - traefik.tcp.services.gitea-ssh.loadbalancer.server.port=22
    deploy:
      resources:
        limits:
          memory: 4G
          cpus: 2
        reservations:
          memory: 512M
          cpus: 1

  gitea-runner:
    image: docker.io/gitea/act_runner:latest
    container_name: gitea-runner
    restart: unless-stopped
    environment:
      CONFIG_FILE: /config.yaml
      GITEA_INSTANCE_URL: https://git.bouvais.lu/
      GITEA_RUNNER_REGISTRATION_TOKEN: jBEK4cLzDp2wqv1Ru3SHyzC0xzl1FV94IcsGe5kd
    volumes:
      - ./config/gitea-runner/config.yaml:/config.yaml
      - ./hdd0/gitea-runner:/data
      - /var/run/docker.sock:/var/run/docker.sock
      - ./hdd0/mkdocs-sites:/sites

  registry:
    image: registry:2
    container_name: registry
    restart: unless-stopped
    environment:
      - REGISTRY_AUTH_HTPASSWD_REALM=Bouvais Registry
      - REGISTRY_AUTH_HTPASSWD_PATH=/etc/docker/registry/htpasswd
      - REGISTRY_HTTP_SECRET=${MASTER_PASSWORD}
      - REGISTRY_HEALTH_STORAGEDRIVER_ENABLED=true
      - REGISTRY_STORAGE_DELETE_ENABLED=true
    volumes:
      - ./hdd0/registry/data:/var/lib/registry
      - ./hdd0/registry/htpasswd:/etc/docker/registry/htpasswd:ro
    labels:
      - traefik.enable=true
      - traefik.http.routers.registry.rule=Host(`registry.bouvais.lu`)
      - traefik.http.routers.registry.entrypoints=websecure
      - traefik.http.routers.registry.tls.certresolver=myresolver 
      - traefik.http.services.registry.loadbalancer.server.port=5000 

  registry-ui:
    image: joxit/docker-registry-ui:latest
    container_name: registry-ui
    depends_on: [registry]
    restart: unless-stopped
    environment:
      - DELETE_IMAGES=true
      - REGISTRY_TITLE=Bouvais Docker Registry
      - NGINX_PROXY_PASS_URL=http://registry:5000
      - SINGLE_REGISTRY=true
    labels:
      - traefik.enable=true
      - traefik.http.routers.registry_ui.rule=Host(`registry-ui.bouvais.lu`)
      - traefik.http.routers.registry_ui.entrypoints=websecure
      - traefik.http.routers.registry_ui.tls.certresolver=myresolver 
      - traefik.http.services.registry_ui.loadbalancer.server.port=80

  garage:
    image: dxflrs/garage:v2.1.0
    container_name: garage
    restart: unless-stopped
    volumes:
      - ./config/garage/garage.toml:/etc/garage.toml
      - ./hdd0/garage/meta:/var/lib/garage/meta
      - ./hdd0/garage/data:/var/lib/garage/data
    environment:
      - RUST_LOG=garage=info
    labels:
      - traefik.enable=true

      # S3 API
      - traefik.http.routers.garages3.rule=Host(`s3.garage.bouvais.lu`)
      - traefik.http.routers.garages3.entrypoints=websecure
      - traefik.http.routers.garages3.tls.certresolver=myresolver
      - traefik.http.routers.garages3.service=garages3
      - traefik.http.services.garages3.loadbalancer.server.port=3900

      # Admin API
      - traefik.http.routers.garageadmin.rule=Host(`admin.garage.bouvais.lu`)
      - traefik.http.routers.garageadmin.entrypoints=websecure
      - traefik.http.routers.garageadmin.tls.certresolver=myresolver
      - traefik.http.routers.garageadmin.service=garageadmin
      - traefik.http.services.garageadmin.loadbalancer.server.port=3903

      # Web (Garage's internal web endpoint)
      - traefik.http.routers.garageweb.rule=Host(`web.garage.bouvais.lu`)
      - traefik.http.routers.garageweb.entrypoints=websecure
      - traefik.http.routers.garageweb.tls.certresolver=myresolver
      - traefik.http.routers.garageweb.service=garageweb_svc
      - traefik.http.services.garageweb_svc.loadbalancer.server.port=3902
      
      - traefik.http.routers.mystaticsite.rule=Host(`zig-dimal.bouvais.lu`)
      - traefik.http.routers.mystaticsite.entrypoints=websecure
      - traefik.http.routers.mystaticsite.tls.certresolver=myresolver
      - traefik.http.routers.mystaticsite.service=garageweb_svc
      
      - traefik.http.routers.mystaticsite.rule=Host(`zigma.bouvais.lu`)
      - traefik.http.routers.mystaticsite.entrypoints=websecure
      - traefik.http.routers.mystaticsite.tls.certresolver=myresolver
      - traefik.http.routers.mystaticsite.service=garageweb_svc